White House says it will veto the current version of CISPA

Today, the White House once again threatened to veto the Cyber Intelligence Sharing and Protection act, CISPA, unless the bill incorporates additional privacy protections. "The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 [CISPA] in an effort to incorporate the Administration’s important substantive concerns. ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

Today, the White House once again threatened to veto the Cyber Intelligence Sharing and Protection act, CISPA, unless the bill incorporates additional privacy protections.

"The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 [CISPA] in an effort to incorporate the Administration's important substantive concerns. However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill." (Underlines by the White House.)

"We have long said that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections," said National Security Staff spokeswoman Caitlin Hayden today.

Today, the White House once again threatened to veto the Cyber Intelligence Sharing and Protection act, CISPA, unless the bill incorporates additional privacy protections.

"The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 [CISPA] in an effort to incorporate the Administration’s important substantive concerns. However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill." (Underlines by the White House.)

"We have long said that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections," said National Security Staff spokeswoman Caitlin Hayden today.

CISPA — set for a vote on the House floor tomorrow and Thursday — allows private businesses to share information on cyber threats with each other and government agencies including the military. The bill died last year after the White House issued a veto threat, citing concerns that it would infringe on citizens’ privacy rights.

Despite the veto threat, the White House said it looks forward to working with the committee to refine the information-sharing bill. Remember, the White House called for such legislation after it released its cyber-security executive order in February that allows the government to share information on cyber-security threats with businesses. But the executive order could only permit government-to-industry info- sharing, it couldn’t mandate industry to share information, nor could it protect businesses that share such information from lawsuits.

Last week, the intelligence committee struck language from CISPA that would have allowed private companies to collect and share information for "national security" purposes — a statement that was too vague for privacy advocates, who claimed this would allow the government to spy on people’s online lives without a warrant. The committee also added language to the bill requiring that information shared with the government be scrubbed of all personal information.

Still, these steps don’t go far enough for the White House, which wants the bill to do more to protect personal information and to place a civilian government agency — namely the Department of Homeland Security — in charge of receiving information from businesses instead of allowing the info to be sent directly to a military organization, such as the National Security Agency.

The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities.  Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately.  The Administration is committed to working with all stakeholders to find a workable solution to this challenge.  Moreover, the Administration is confident that such measures can be crafted in a way that is not overly onerous or cost prohibitive on the businesses sending the information.  Further, the legislation should also explicitly ensure that cyber crime victims continue to report such crimes directly to Federal law enforcement agencies, and continue to receive the same protections that they do today.

The White House is also calling for the bill to reduce the amount of protection it affords companies from lawsuits if they improperly share private information or violate antitrust laws while sharing info on cyber threats with one another or the government.

The Administration agrees with the need to clarify the application of existing laws to remove legal barriers to the private sector sharing appropriate, well-defined, cybersecurity information.  Further, the Administration supports incentivizing industry to share appropriate cybersecurity information by providing the private sector with targeted liability protections.  However, the Administration is concerned about the broad scope of liability limitations in H.R. 624.  Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals. 

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.