Lawmakers also approved an amendment prohibiting companies that receive cyberthreat information from others from using the data for marketing purposes. The House also approved another amendment that strictly prohibits government agencies from using the shared data to conduct surveillance on U.S. residents.
Still, some Democrats said the bill did not include enough privacy protections. CISPA does not require private companies to scrub unnecessary customer information from the data they share with each other and with government agencies, and it includes overly broad protections from lawsuits for companies that share information, said Representative Nancy Pelosi of California, the Democratic leader in the House.
Private companies can "just ship the whole kit and caboodle," Pelosi said.
Companies should ship only information that is relevant to national security, she said. "The rest is none of the government's business," Pelosi added.
A broad range of tech companies and trade groups voiced support for CISPA. "Every day, Internet service providers see and respond to a growing number of cyber threats that could cause significant economic damage and personal privacy breaches," the National Cable and Telecommunications Association said in a statement. "[CISPA] enables private companies and the government to share information that will enhance protection of our Internet infrastructure, consumers and America's economy."
Digital rights group Free Press said it was disappointed in the vote.
"CISPA would still obliterate our privacy laws and chill free expression online," policy director Matt Wood said in an email. "We need to make sure companies remove irrelevant personal information when they share our data, and that companies can be held accountable for ignoring and abusing Internet users' civil liberties."
Sign up for Computerworld eNewsletters.