The White House said recently it would suggest President Obama veto the proposed Cyber Intelligence Sharing and Protection Act (CISPA) in its current form because it violates a number of privacy, confidentiality and civil liberties safeguards, especially considering personally identifiable information.
In a Statement of Administration Policy, the White House said CISPA (H.R. 3523) “fails to…ensure that the nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards.” The White House said the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.
The statement said the bill “also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure the data is used only for appropriate purposes.”
The statement also said the bill would “inappropriately shield companies from any lawsuits where a company’s actions are based on cyber threat information identified, obtained or shared under this bill, regardless of whether that action otherwise violated federal criminal law or results in damage or loss of life.”
The statement lastly said the White House wants a civilian agency, the Department of Homeland Security (DHS), to have a central role in domestic cyber security. The White House claims CISPA treats domestic cyber security as an intelligence activity and, thus, “significantly departs from longstanding efforts to treat the Internet and cyber space as civilian spheres.”
Both the Electronic Frontier Foundation and Information Technology Information Council issued statements condemning CISPA.
The co-authors of CISPA, House Permanent Select Committee on Intelligence Chairman Mike Rogers (R-Mich.) and Ranking Member Dutch Ruppersberger (D-Md.), said recently in a statement:
“The basis for the Administration’s view is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction. We would also draw the White House’s attention to the substantial package of privacy and civil liberties improvement announced recently which will be added to the bill on the floor. The Statement of Administration Policy was limited to the bill in ‘its current form,’ however, as the bipartisan managers of the bill announced, they have agreed to a package of amendments that address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans.”