The U.S. House of Representative passed the Cyber Intelligence Sharing and Protection Act (CISPA) today after spending two days amending and debating it.

CISPA intends to open up the lines of communication between the private and government sectors to share information about breaches on private companies’ computer systems and other security problems. Many privacy and advocacy groups, however, have opposed the bill saying it doesn’t protect personal information.

The bill will now head to the Senate for its approval. If approved, it will go on to the White House, where President Barack Obama has already expressed grave concerns over the bill. Prior to the two days of amendment approvals CISPA faced, the White House threatened to veto the bill if it arrived on Obama’s desk in its current state. It is unclear whether the White House stands by this comment now that a few amendments have passed.

“Now that CISPA has passed  the House, the real battle will be in the Senate. I think we’ve got a stronger position in the Senate to defend online privacy, but there’s a lot of political will to move cybersecurity legislation this year,” said Electronic Frontier Foundation Activism Director Rainey Reitman in an email to VentureBeat. “We also have enough time now for concerned citizens to actually reach out to staffers and set up meetings with Senate offices, either in DC or when they next visit their home districts.  Every letter, phone call, and meeting makes a difference.”

But some legislators are still unconvinced. Minority Leader Rep. Nancy Pelosi (D-Calif.) expressed her worry on the House floor today saying the bill still didn’t meet the standards that uphold American’s civil liberties and gives companies too much immunity when providing attack information.

“They can just ship the whole kit and caboodle, and we are saying minimize what is relevant to our national security,” said Pelosi before the vote today. “The rest is none of the government’s business.”

Pelosi went on to say that the bill doesn’t touch on what she called the nation’s biggest cybersecurity issue: our infrastructure. The Rules Committee, which determines what jurisdictions you can and cannot touch in your bill, could have come together with the Homeland Security committee to allow CISPA’s writers to include infrastructure needs, according to Pelosi. But that didn’t happen.

“It’s just that curtail balance between security and liberty that I do not think has been struck in that bill. So for my own part, it will not have my support,” she concluded.

A second representative, Ed Perlmutter (D-Colo.) introduced a last-minute, slightly off-topic amendment that dictates government can never create an Internet firewall similar to China’s that disrupts the public’s access to the Internet. The amendment also made asking prospective employees for social media passwords during the interview process illegal. The amendment was not passed.

Rep. Mike Rogers (R-Mich.) image via CSPAN

The U.K. launched the Cyber Security Information Sharing Partnership today to build trust between the private and public sectors when it comes to sharing information about cyber attacks. Alongside that launch, the government has introduced the “fusion cell,” a cyber security center at a secret location in London.

The CISP unites U.K. government entities, law enforcement, and the private sector in a veritable social network for security information sharing. The BBC refered to it as a “secure Facebook,” where companies can choose when and with whom to share information about an attack they are experiencing — sometimes in real-time.

“No one has full visibility on cyberspace threats. We see volumes of attack increase and we expect it to continue to rise,” a government official told the BBC.

The pilot program that came before CISP, called Project Auburn, brought in 80 different companies. Today, at the launch of the program, 160 companies are participating. Of course, more companies are encouraged to join.

The “fusion cell” will act as a technical center to monitor and act on any attacks in progress.

Of course, the intent here is to build trust between the government and private sector — an issue being faced all around the world, especially in the United States. The U.S. government has made its own attempts to spur information sharing, although no one has brought a real, workable solution to the table just yet.

Photo of London via Shutterstock

We focus too much on finding out who hacked us and not enough on using big data to protect ourselves from the hack in the first place, Arthur Coviello, security firm RSA’s executive chairman, said on stage today at the RSA conference in San Francisco. One of the main ways we can use data is sharing information about our hacks with other companies.

“Do we really need to see a smoking gun to know there’s a dead body on the floor?” Coviello asked the conference crowd. “Sure we should continue to work to out the perpetrators, but for the most part, we know who they are.”

In 2012, Coviello said, we collected one zettabyte of data. That’s the equivalent of 4.9 quadrillion books. But, according to IDC, only one percent of that is actually analyzed, and not all of that one percent can be used for security purposes. So much of a hacked company’s time and attention is spent on naming the attackers, and it makes sense. Everyone who has ever watched a cop show knows we want the culprit caught red-handed. But this can become a distraction from actually preventing attacks.

The way to start on the path to using this data, Coviello said, is for companies to share attack information with each other so that we can use big data and an understanding of attacks in our environments to prepare for the next ones. It’s a controversial idea, however. Companies don’t exactly jump to explain how people got into their systems. In fact, if customer information isn’t involved, an attack on a company may never be revealed.

There’s a movement, however, in that direction. Facebook, Apple, Microsoft, and Twitter all revealed they were hacked in the last two weeks alone. Facebook and Twitter lead the pack, saying they know they weren’t the only ones and they wanted others to be aware of the attack. Whether these companies share information about the attack, however, is unknown. It’s those kinds of conversation that Coviello hopes we’ll start to see more of.

Arthur Coviello image via Meghan Kelly/VentureBeat