The White House threatened Wednesday afternoon to veto a controversial information sharing bill (HR 3523) from the House Intelligence Committee scheduled for debate on the House floor Thursday. The Cyber Intelligence Sharing and Protection Act (CISPA) is designed to eliminate legal barriers to information sharing on cybersecurity between the government the private sector, but the legislation has been criticized by privacy advocates for giving the government too much leeway on how it uses information handed over by companies.
A statement of policy (PDF) from the White House issued Wednesday afternoon emphasizes that the administration is strongly opposed to the bill in its current form, and will recommend a veto if it reaches the president's desk. The threat comes after chief sponsors Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., agreed on Tuesday to a series of amendments designed to address some of the privacy concerns. Those changes appeased some critics like the Center for Democracy and Technology, but not the White House or the ACLU. The administration's statement argues the bill would repeal provisions of digital surveillance law and lacks protections against the sharing of personally identifiable information. The administration also attacks the bill's liability provision as overly broad, and notes the bill fails to cover critical infrastructure, a key tenant of the White House's cybersecurity proposal.
Finally and most notably, the administration criticizes CISPA for treating domestic cybersecurity as an intelligence activity, arguing the bill departs from longstanding efforts to treat the Internet and cyberspace as civilian territory. The White House re-iterates that a civilian agency - the Department of Homeland Security - must have a central role in domestic cybersecurity, including overseeing information sharing with the private sector. This ideological divide has also cropped up in the Senate, where Sen. John McCain, R-Ariz., and other senior Republicans would prefer to see the military and intelligence community play a larger role in securing our nation's networks. But Democrats and civil liberties advocates are adamant that domestic cybersecurity should be a civilian enterprise, with NSA providing only support and guidance.
Quotable: “The basis for the Administration's view is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction. We would also draw the White House's attention to the substantial package of privacy and civil liberties improvement announced yesterday which will be added to the bill on the floor. The SAP was limited to the bill in "its current form" - however, as the bipartisan managers of the bill announced yesterday - they have agreed to a package of amendments that address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans. Congress must lead on this critical issue and we hope the White House will join us.” --Joint statement from Reps. Mike Rogers and Dutch Ruppersberger, sponsors of CISPAWhether the White House's veto threat will have an impact on the House vote remains to be seen, since the bill has attracted significant bipartisan support. But the legislation was unlikely to pass the Senate in its current form anyhow, so the president probably won't have to make good on the threat. As you can see from the statement above, the bill's sponsors are already trying to put some distance between the White House's threat and the legislation that will ultimately be voted on.
Considering that many lobbying groups for the tech industry and other sectors have thrown their weight behind CISPA, it will be interesting to see whether they turn their ire at the Senate bill (S 2105), which already includes regulations for critical infrastructure providers. Much of industry finds the prospect of such regulations intolerable, and cybersecurity experts fret that the Senate bill is already so overloaded with loopholes that it will be largely ineffective. But don't expect House Republicans to cave on the issue of new cybersecurity regulations, no matter how pliant.