White House threatens veto of CISPA bill

Cyber Intelligence Sharing and Protection Act bill fails to provide adequate privacy protections, Executive Office says

The White House today threatened a veto of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) if the bill reaches President Obama's desk in its present form.

In a statement issued Wednesday afternoon, the Executive Office of the President expressed concern over the lack of privacy safeguards in the CISPA bill and said it "strongly opposes" H.R. 3523 as written.

"H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres," the statement read. If the bill was presented to the President, "his senior advisors would recommend that he veto the bill."

The White House veto threat comes on the eve of a scheduled vote on the bill in the House on Thursday. The threat is not entirely unexpected. Last week, a spokeswoman from the White House National Security Council had already expressed the Executive Office's concerns over it.

Rep. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md.) introduced CISPA in the U.S. House of Representatives last November.

Backers say the bill aims to improve Internet security by making it easier for Internet Service Providers (ISPs) and Internet companies such as Google and Facebook to collect and share a wide range of threat-related data with government security agencies.

CISPA would let Internet companies monitor and collect any user information they think poses a threat to their networks or systems. The bill would also let these companies share the collected information with the NSA and other federal agencies. Companies that share such information would enjoy a high degree of legal immunity for their actions.

Privacy advocates, rights groups and several lawmakers have expressed considerable alarm over the information sharing bill, and have said it would enable unprecedented surveillance of online activities under the pretext of cybersecurity.

Groups such as the Electronic Frontier Foundation and the American Civil Liberties Union have noted that the bill would allow companies to collect and share all kinds of personal information with the government, without any judicial oversight. They have claimed the bill will allow government and law enforcement agencies to do an end-run around the privacy protections offered by statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.

One aspect of the bill that has raised particular alarm is a provision that would allow information collected for cybersecurity reasons to be also used by the NSA and others agencies for a wide range of unrelated national security purposes.

The mounting outcry against the bill has prompted some proposed revisions by members of the House Intelligence Committee. The proposed amendments include one that would narrow the definition of the information that can be collected and shared with the government. Another prohibits the bill to be used for monitoring copyright and intellectual property violations. A third one would require an annual review of how shared information is used by the NSA and other agencies.

Opponents, however, have contended the proposed changes don't go far enough, especially because CISPA would still allow private companies to share Internet user data with the NSA.

The White House statement today focused in on those same concerns. "The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information," the statement said.

The bill fails to limit the sharing of personal information and does not have any restrictions on how collected data can be used. It also inappropriately shields private companies in situations where they might improperly collect and share information on a user's legal Internet activities, the statement cautioned. "This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests."

"Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections," the White House said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about privacy in Computerworld's Privacy Topic Center.

Copyright © 2012 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon