The American Civil Liberties Union, Electronic Frontier Foundation, and Center for Democracy and Technology, raised concerns the broad language used in the CISPA could threaten people's privacy. The House Permanent Select Committee on Intelligence responded to some of the pressing concerns by approving several amendments proposed by Rogers and Ruppersberger.

The House of Representatives is expected to begin debate on cyber-security legislation today, despite claims from privacy groups and technology experts that there are serious problems with the bill.

Introduced by Rep. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) in November, the Cyber Intelligence Sharing and Protection Act (CISPA) defines a new framework that would allow companies and governments to share information collected online with one another in order to fight cyber-attacks. CISPA is just one of several pieces of cyber-security legislation currently making its way through Congress.

Rogers said the bill would "help the private sector defend itself from advanced cyber threats."

Many privacy watchers, including the American Civil Liberties Union, Electronic Frontier Foundation, and Center for Democracy and Technology, were concerned the broad language used in the CISPA could threaten people's privacy in unacceptable ways. On Apr. 24, the House Permanent Select Committee on Intelligence responded to those concerns by approving several amendments proposed by Rogers and Ruppersberger.

While two of the core issues remain unresolved, the amendments addressed some of the others.

Definitions

There were concerns that CISPA, if passed, would allow businesses to monitor employee activity online. Under existing wiretapping laws and electronic privacy communications laws, sharing email messages and Facebook posts would require a court order. With CISPA, companies would be able to hand over the data to the government and "bypass all existing laws, as long as they claim a vague 'cybersecurity' purpose," the EFF said.

The Definitions Amendment proposed by Rogers and Ruppersberger narrow what types of data may be identified, obtained, and shared, as well as the purposes for which it may be used. Under the amendment, only information that directly pertained to a network or system vulnerability, a threat to the integrity, confidentiality or availability of such system or network, efforts to destroy such a system, or efforts to gain unauthorized access to such systems, could be shared.

Minimization, Retention, and Notification

Another criticism focused on the fact that there were no restrictions in place on why the data could be shared. It should be made clear that "information shared for cyber-security should be used for cyber-security purposes, not unrelated national security purposes or criminal investigations," said CDT senior counsel Greg Nojeim in a statement.

Rogers and Ruppersberger announced the Minimization, Retention, and Notification Amendment to prohibit the government from retaining or using information for purposes other than what is specified in the law. The Use Amendment further clarified that the government would only be able to use the information to protect against a cyber attack, investigate cyber crime, protect national security, protect against theft or bodily harm, or to protect minors from explicit content featuring children.

Not Good Enough

"In sum, good progress has been made," CDT said in a statement. However, "The bill falls short because of the remaining concerns - the flow of Internet data directly to the NSA and the use of information for purposes unrelated to cybersecurity," added the group.

Under the original terms of CISPA, companies could also share any information with the Department of Homeland Security (DHS). The DHS would also then be able to share the information with other government agencies, including the National Security Agency. As the bill currently stands, there's nothing stopping the agencies from sharing data and there's little oversight.

CDT also advocated a more restrictive amendment restricting the government to using the data for only cyber-security purposes, as opposed to the five categories listed in the Use Amendment.

CDT's Nojeim noted that other representatives had proposed amendments to address the remaining issues. Reps. Bennie G. Thompson (D-Miss.) and Jan Schakowsky (D-IL) had proposed amendments to "fix" the NSA problem, and Rep. Zoe Lofgren (D-Calif.) would fix the "use for national security" problem, Nojeim wrote.

"We worked very hard to improve this bill. Now that the House leadership has decided to block amendments addressing two of our core issues, CDT cannot stand silent. We must oppose CISPA," the group concluded.