White House threatens veto of CISPA cyber security bill

Cyber Intelligence Sharing and Protection Act bill fails to provide adequate privacy protections, Executive Office says

The White House today threatened a veto of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) if the bill reaches President Obama's desk in its present form.

In a statement issued Wednesday afternoon, the Executive Office of the President expressed concern over the lack of privacy safeguards in the CISPA bill and said it "strongly opposes" H.R. 3523 as written.

[ InfoWorld's Robert X. Cringely says the CISPA cyber security bill is even worse than SOPA. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

"H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres," the statement read. If the bill was presented to the President, "his senior advisors would recommend that he veto the bill."

The White House veto threat comes on the eve of a scheduled vote on the bill in the House on Thursday. The threat is not entirely unexpected. Last week, a spokeswoman from the White House National Security Council had already expressed the Executive Office's concerns over it.

Rep. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md.) introduced CISPA in the U.S. House of Representatives last November.

Backers say the bill aims to improve Internet security by making it easier for Internet Service Providers (ISPs) and Internet companies such as Google and Facebook to collect and share a wide range of threat-related data with government security agencies.

CISPA would let Internet companies monitor and collect any user information they think poses a threat to their networks or systems. The bill would also let these companies share the collected information with the NSA and other federal agencies. Companies that share such information would enjoy a high degree of legal immunity for their actions.

Privacy advocates, rights groups and several lawmakers have expressed considerable alarm over the information sharing bill, and have said it would enable unprecedented surveillance of online activities under the pretext of cybersecurity.

Groups such as the Electronic Frontier Foundation and the American Civil Liberties Union have noted that the bill would allow companies to collect and share all kinds of personal information with the government, without any judicial oversight. They have claimed the bill will allow government and law enforcement agencies to do an end-run around the privacy protections offered by statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.

One aspect of the bill that has raised particular alarm is a provision that would allow information collected for cybersecurity reasons to be also used by the NSA and others agencies for a wide range of unrelated national security purposes.

The mounting outcry against the bill has prompted some proposed revisions by members of the House Intelligence Committee. The proposed amendments include one that would narrow the definition of the information that can be collected and shared with the government. Another prohibits the bill to be used for monitoring copyright and intellectual property violations. A third one would require an annual review of how shared information is used by the NSA and other agencies.

Opponents, however, have contended the proposed changes don't go far enough, especially because CISPA would still allow private companies to share Internet user data with the NSA.

The White House statement today focused in on those same concerns. "The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information," the statement said.

The bill fails to limit the sharing of personal information and does not have any restrictions on how collected data can be used. It also inappropriately shields private companies in situations where they might improperly collect and share information on a user's legal Internet activities, the statement cautioned. "This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests."

"Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections," the White House said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His email address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about privacy in Computerworld's Privacy Topic Center.

This story, "White House threatens veto of CISPA cyber security bill" was originally published by Computerworld.


Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform