Want CNET to notify you of price drops and the latest stories?

White House questions CISPA cybersecurity bill

The Obama administration didn't threaten a veto. But it did say information-sharing bills must preserve "privacy and civil liberties" -- something that critics say CISPA does not do.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read

The White House today expressed concerns about a controversial cybersecurity bill that would authorize Internet companies to divulge confidential customer records and communications.

Opposition from the Obama administration -- which stopped short of a veto threat -- could imperil the Cyber Intelligence Sharing and Protection Act, which is scheduled for a House of Representatives floor vote next week. CISPA is intended to improve computer security by allowing companies and government agencies to share sensitive information.

In a statement provided to The Hill newspaper, National Security Council spokeswoman Caitlin Hayden said:

While information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation's critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs.

Three months ago, the Stop Online Piracy Act, or SOPA, was defeated by a broad alliance of companies and civil liberties groups. But no such coalition exists here: the House Intelligence committee proudly lists letters of support from Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T, and Intel (which today called CISPA an "important step forward"). And over two dozen trade associations sent a letter to Congress today (PDF) applauding "greater sharing of information."

Civil liberties groups, on the other hand, remain steadfastly opposed to legal authorization for such broad information-sharing. The American Library Association, the Electronic Frontier Foundation, the libertarian-leaning TechFreedom, and other groups launched a "Stop Cyber Spying" campaign yesterday -- complete with a write-your-congresscritter-via-Twitter app -- and over 670,000 people have signed an anti-CISPA Web petition.

What sparked the privacy worries is the section of CISPA that says "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government." That would trump state and federal wiretap and other privacy laws. (CISPA doesn't, however, require companies to turn over that data.)

The White House's National Security Council previously endorsed a different proposal -- known as the Lieberman/Collins/Rockefeller/Feinstein cybersecurity bill -- that would be more regulatory. And it, too, has been criticized for overly broad language.

CISPA authors House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), the panel's senior Democrat, today said they "formally filed" the version of CISPA that their committee approved in December. That's the last step before a House floor vote.