Without CISPA, Internet users may lose confidence in the safety of their information, he said. "People were stealing their identities, their accounts, their intellectual property, and subsequent to that, their jobs," he said. "[Web users] began to question the value of getting on Internet and using [it] for commercial purposes. Their trust in the free and open Internet ... was at risk."
But several House Democrats argued the bill does not contain enough privacy protections.
The language in CISPA leaves it "wide open" for abuse, Polis argued on the House floor. The bill allows companies to share information with government agencies for a handful of reasons unrelated to cybersecurity, including the prevention of bodily harm, he noted. Bodily harm, as defined in U.S. statute, could mean minor cuts or dog bites, he said.
The bill does not require companies to scrub personal data from the information they share with government agencies, instead requiring the agencies to minimize the personal information after they receive the data. But if companies share cyberthreat information with each other, there are no protections for personal data, said Representative Adam Schiff, a California Democrat.
The bill gives private companies "broad immunity without any responsibility" to protect personal information, he said. Although sponsors pointed to support from a number of tech companies and trade groups, that "doesn't mean it's good policy," he added.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.