Supporters of the controversial cyber-security legislation CISPA have already spent $605 million to lobby for the bill's passage, according to a watchdog group.

That's the amount supporters of the Cyber Intelligence Sharing and Protection Act (CISPA) spent from 2011 to the fall of 2012, according to non-partisan research group MapLight. While the bill languished last summer, CISPA was re-introduced in nearly the same form this February and resoundingly passed the House of Representatives in a 288-127 vote last week.

If passed and signed into law, CISPA would allow private sector organizations to share cyber-threat related information with the federal government and other private organizations. The goal is to improve information sharing so that organizations would be aware of threats and be proactive about defending themselves.

While MapLight's figures didn't break out how much of the funds were specifically spent to get CISPA passed, it does show that CISPA supporters far out-spent their opponents.

According to MapLight's figures, AT&T has already spent $34 million, Comcast nearly $32 million, and Verizon over $27 million as part of its lobbying efforts. These three companies are on the record supporting CISPA. Interest groups supporting CISPA have donated nearly $68 million to members of the House, compared to $4 million by CISPA opponents. Among the key tech companies actively opposing the bill, Mozilla has contributed $2,000, according to MapLight.

Tech Companies Supporting CISPA

A significant number of tech giants opposed last year's ill-fated Stop Online Piracy Act (SOPA). In contrast, a number of technology companies have indicated they supported CISPA. While several early supporters, such as Facebook, Microsoft, and the Business Software Alliance, have dialed back their support recently, plenty of tech companies appear to still be in favor of the bill.

"Both bills have had bipartisan support in Congress, but there is one key difference in the landscape of political influence around them: several high-contributing companies that were vocal opponents of SOPA have not expressed opposition to CISPA, and, in fact, some of these companies belong to trade associations that publicly support the latter bill," MapLight told SecurityWatch.

Privacy and Internet rights groups such as the American Civil Liberties Union and the Electronic Frontier Foundation are concerned about the fact that customer and client data will not be protected during the data exchange and thus expose private data. Some groups have declared a blackout today in order to drum up the kind of grass-root support that helped shut down SOPA last year.

Pro-CISPA Spending

CISPA proponents argue that legal immunity was necessary to encourage companies to freely share data. The bill's main sponsors, Reps. Mike Rogers (R-Mich) and Dutch Ruppersberger (D-Md) have noted that technology companies, or "those in the business of prosperity on the Internet," support the bill. Supporters include IBM, Intel and AT&T.

In fact, nearly 200 senior IBM executives flew to Washington, DC earlier this month to press for CISPA's passage. Immediately after the IBM visit, the number of CISPA's cosponsors jumped from two (Rogers and Ruppersberger) to 36, Donny Shaw, a political writer with MapLight, wrote on the group's site.

"New co-sponsors have received 38 times as much money ($7,626,081) from interests supporting CISPA than from interests opposing ($200,362)," Shaw wrote.

Financial services institutions and pharmaceutical companies have led the pack in pro-CISPA lobbying, but telecommunications companies and electric utilities have combined spent over $1.1 million, thus far, according to MapLight's figures.

What Next for CISPA?

Even though CISPA passed the House by a comfortable majority, the future of the legislation is still unclear. The Senate has to introduce its version and pass it. The Senate and House versions then need to be reconciled before it goes to the White House for the president's signature.

The White House last week threatened a veto of the bill in its current form, as there was no way to hold companies accountable for "failing to safeguard personal information adequately," according to a memo from the Office of Management and Budget.

Further Reading

Security Reviews