No fewer than five amendments to the bill will be spearheaded by Committee Chairman Mike Rogers (R-Mich.) and C.A. “Dutch” Ruppersberger (D- Md.). These include ensuring that any cybersecurity information gathered by companies can be used for threat mitigation and protection measures, not for marketing. And, most notably, firms’ legal immunity is being minimized.
Whereas the bill as written gives corporations protection from lawsuits should the information they turn over to the government be harmful to individuals, the amended measure would deny that legal protection should they use cyber threat information to hack each other. There will also be an oversight component, with the creation of new roles for the government’s privacy and civil liberties board and federal privacy officers to review how any gathered information is used and shared.
“The improvements that we plan to make to the bill at the markup will address several of the administration’s concerns,” Rogers told reporters. “And we plan to keep talking and moving toward a consensus that will allow us to get the bill signed into law.”
The Intelligence Committee will vote on the amendments on April 10.
The Committee is hopeful that it will get an iteration of the bill passed, and soon. Obama threatened to veto the bill last year partly over privacy concerns, but CISPA was recently reintroduced in the House of Representatives by Rogers and Ruppersberger. Obama also passed an executive order earlier in the year mandating more information sharing between the private and public sectors.
CISPA calls for more information sharing between the private and public sectors, and offers legal protections for companies delivering personal information about customers to defense entities for the purpose of preventing or mitigating attacks on critical infrastructure. The details as to the extent of that personal information and the exact role of the government entities involved, like the Department of Homeland Security, have been called into question.