The author of the Cyber Intelligence Sharing & Protection Act says Congress is "well past" the 218 votes that will be necessary to pass the bill through the House of Representatives. That vote is expected to occur Friday.
Michigan Congressman Mike Rogers says that a series of last-minute amendments written with the help of civil liberties organizations and concerned representatives has given the bill, which will allow the government to share classified cybersecurity information with private companies, enough support to pass.
Members of Congress will introduce a series of new amendments Thursday that Rogers says should diminish the fears of the public who say that the bill could be used to spy on ordinary citizens. A draft circulated last week would have allowed private companies to share any and all "cyber threat" information with the federal government, provided there was a national security threat. There were also few limits on what information the government would be able to collect and retain.
According to Rogers, the new amendments will only allow companies to share information with the government if it pertains to one or more "cyber security purposes": the investigation of cyber security crimes, imminent danger of death or serious bodily harm, child pornography or the national security of the United States. If the government receives information it believes to be outside of one of those areas, they must require the company who provided it to take corrective action.
A separate amendment will allow companies to use the information only if they believe their networks are under attack, not if a customer solely violates "terms of service" agreements.
Rogers says that with the new changes, the bill should pass easily on Friday.
"We feel confident we have the votes for the bill," he said. The additional amendments are "about making sure people have a comfort level—not just members, but the public at large—about what we're trying to accomplish here ... once we [show] how narrow it is, we're getting a lot of support."
Despite wide support in the House, civil liberties organizations still have concerns. Rogers said the Center for Democracy and Technology, one of the more vocal critics of the bill, was happy with the changes.
"I don't think they're supporting the bill, but they're no longer opposing it in the House," he said.
Gregory Nojeim, Senior Counsel of the organization, says that's not accurate. While "significant progress" has been made, they are still "actively fighting for amendments to address [CDT's] remaining concerns."
"Two large issues remain: It is imperative that amendments be adopted to resolve them. The bill permits Internet data to flow directly to the National Security Administration, and the bill permits the NSA and other agencies to use the information for national security purposes completely unrelated to cybersecurity," he says.
Members of the House Homeland Security Committee expressed similar concerns. Mississippi Rep. Bennie Thompson said that America needs a cybersecurity bill that can protect the country from cyber threats to critical infrastructure while addressing privacy concerns, and CISPA doesn't do that. Thompson said that "none of the bills being voted on by the House this week accomplish these goals."
In a letter to Rogers and Maryland Rep. Dutch Ruppersberger, a cosponsor of the bill, Thompson and 17 other members wrote that CISPA still goes too far.
"Without specific limitations, CISPA would for the first time, grant non-civilian federal agencies, such as the National Security Agency, unfettered access to information about Americans' Internet activities and allow those agencies to use that information for virtually any purpose," he wrote.
A more encompassing cybersecurity bill authored by California Rep. Dan Lungren—one that is supported by several civil liberty organizations, including the CDT—hasn't made it out of committee.