House passes cybersecurity bill after companies suffer data breaches
WASHINGTON — Responding to a series of computer security breaches in government and the private sector, the House of Representatives passed an expansive measure Wednesday that would push companies to share access to their computer networks and records with federal investigators.
The bill, which came after years of false starts and bitter disappointment for the Obama administration, is similar to a measure approved by the Senate Intelligence Committee and headed for that chamber’s floor this spring. The House measure, already largely embraced by the White House, passed 307-116.
The issue split the Massachusetts delegation, with Bill Keating, Joseph Kennedy III, Seth Moulton, and Richard Neal supporting it, and Michael Capuano, Katherine Clark, Stephen Lynch, James McGovern, and Niki Tsongas voting against it.
Should the House and Senate come together on final legislation, it would be the federal government’s most aggressive response yet to a spate of computer attacks that helped sink a major motion picture release by Sony Pictures Entertainment, exposed the credit card numbers of tens of thousands of customers of Target stores, and compromised the personal records of millions of people who did business with the health insurer Anthem.
“The gravity of the emergency we have in cyberspace is setting in with lawmakers,” said Paul Kurtz, who worked on the issue in the Clinton, Bush, and Obama administrations and is chief executive of TruStar, which helps companies with information sharing. “They now understand that companies can no longer fight the bad guys individually.”
The House bill would provide legal liability protections for companies that share cyberthreat information with each other or with the government. But negotiators also added what they see as critical privacy protections.
If a company shares information with the government, it would receive liability protection only if its data undergo two rounds of washing out of personal information — once by the company before it gives the data to the government and another round by the government agency that receives the data, which many experts believe is critical in getting companies to comply.