"The White House believes the government ought to control the Internet, government ought to set standards, and government ought to take care of everything that's needed for cybersecurity," House Speaker John Boehner told reporters at his weekly news conference. "They're in a camp all by themselves."
The bill now goes, somewhat weakened, into a conference committee, there to be meshed with a new Senate cybersecurity bill, which is expected to be voted on next month. A final bill for the president to sign – or veto – could possibly emerge from Congress sometime this summer, several legislative watchers say.
Core functions of CISPA are supposed to help drain the Internet of malicious cyberthreats now sluicing through it via telecom pipelines controlled by Internet backbone firms like Verizon and AT&T.
Under CISPA, the Internet providers and other private companies would:
- Receive classified digital signatures and other data from the US government agencies, including intelligence agencies like the National Security Agency, to help identify malicious Internet traffic.
- Give private Internet providers and others the right to defend their own networks and their corporate customers – and share cyberthreat information with others in the private sector and with the federal government on a voluntary basis.
- Encourage, but not require, private companies to “anonymize” information that they voluntarily share with government and nongovernment entities.
- Grant to Internet providers immunity from privacy lawsuits in which customer information was voluntarily disclosed as a possible security threat.
- Grant Internet companies antitrust protection that immunizes them against allegations of colluding on cybersecurity issues.
- Require an independent audit of information shared with the government.