White House threatens CISPA veto
The White House says it'll veto the Cyber Intelligence Sharing and Protection Act if Congress approves it in its current form.
The House is set to consider the controversial cybersecurity bill (H.R. 3523) April 26. In a statement of administration policy (.pdf) issued the day before, the Obama administration said CISPA treats domestic cybersecurity as an intelligence activity whereas it should be a civilian one. It also repeals "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards," and does not address the protection of critical infrastructure systems, administration officials wrote.
A rebuttal quickly issued by the bill's two main sponsors, House Intelligence Committee Chairman Mike Rogers (R--Mich.) and Ranking Member Dutch Ruppersberger (D-Md.), took issue with the administration's points. Critical infrastructure, they said, is outside their committee's purview, and the statement doesn't address proposed amendments taken in response to privacy and civil liberties concerns the two say they'll support.
But even those amendments aren't enough to satisfy privacy and civil liberties concerns, wrote Center for Democracy & Technology Senior Counsel Greg Nojeim in an April 25 blog post. They leave unaddressed two key issues: cyber threat information sharing from the private sector to the National Security Agency, and the still-too broad purposes for which that information can be utilized by federal agencies, he wrote.
In a statement to reporters issued late on April 25, the CDT said it now opposes the bill after having spent earlier days attempting to work with Congress to introduce additional language narrowing the bill's scope.
The House Rules Committee approved 16 amendments (.pdf) (including those also endorsed by Rogers and Ruppersberger) for consideration by the floor--and not included in those 16 are two that would have restricted defense and intelligence agencies from the CISPA cyber threat sharing program, and one that would have required probable cause before shared information were to be used besides for cybersecurity purposes.
"Now that the House leadership has decided to block amendments addressing two of our core issues, CDT cannot stand silent. We must oppose CISPA," the statement says.
Debate on the bill is set to commence at noon. Also set for consideration April 26 is a less controversial bill (H.R. 4257) that would modify the Federal Information Security Amendments Act to mandate continuous monitoring security programs at federal agencies. The Congressional Budget Office says the bill, sponsored by Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.) would cost $710 million to implement over 5 years.
CISPA sponsors say they'll further amend bill to address privacy concerns
CISPA sponsors narrow bill
White House emphasizes need for privacy protection in cybersecurity bills
Cybersecurity legislation roundup, 2012 edition - UPDATED