Another amendment approved by the committee would limit the private sector's use of any cybersecurity information received to only cybersecurity uses. Some digital rights and privacy groups had questioned whether the bill would allow companies to use the cyberthreat information they receive for other purposes.
The committee also removed language from the bill would allow the government to use data collected under CISPA "for national security purposes," in an attempt to narrow the government's use of the information.
But Greer questioned whether that was a substantial improvement. The change is "not a real fix," he said. "The term 'cybersecurity' is so poorly defined within the bill that it does not provide meaningful limitations on what can be done with the data that's collected."
Sponsors of the bill said it contains several privacy protections. CISPA prohibits the government from forcing private sector entities to provide information to the government, and encourages the private companies to "anonymize" or "minimize" the information they voluntarily shares with the government, sponsors said.
The bill also allows individuals to sue the federal government for privacy damages, costs and attorney's fees in federal court, and it requires an annual review of the information-sharing program by the intelligence community inspector general. CISPA will sunset in five years.
Still, Representative Adam Schiff, a California Democrat , said he was disappointed that the committee rejected his amendment that would have required companies to make reasonable efforts to remove unrelated private information from the cyberthreat information they share.
"It is not too much to ask that companies make sure they aren't sending private information about their customers, their clients, and their employees to intelligence agencies, along with genuine cyber security information," he said in a statement.
Among the groups voicing support for the bill were the BSA and the Software and Information Industry Association, both software trade groups. CISPA would "provide the critical necessary framework for early detection and notification of cybersecurity threats," the SIIA said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.
Sign up for Computerworld eNewsletters.