White House takes aim at CISPA with formal veto threat

Obama administration breaks with some House Democrats by saying controversial bill could "undermine" privacy and civil liberties.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read

The White House today escalated its opposition to a cybersecurity-related surveillance bill with a formal veto threat.

In a new statement, the White House's Office of Management and Budget said that the CISPA bill endangered Americans' privacy and inappropriately shielded private companies from liability.

The statement suggests that CISPA -- also known as the Cyber Intelligence Sharing and Protection Act -- goes too far by giving the National Security Agency too much power:

H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. The Administration believes that a civilian agency -- the Department of Homeland Security -- must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sector-specific Federal agencies.

The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections. The Administration's draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board.

The House Rules committee is meeting this afternoon to discuss which amendments will be permitted during a floor discussion scheduled to begin tomorrow, with a floor vote to follow on Friday. (See CNET's article on one of the amendments, proposed by Rep. Sheila Jackson Lee (D-Texas), that would hand Homeland Security more power to "intercept" some Internet traffic.)

CISPA hasn't been, or at least didn't start off as, an especially partisan bill. The senior Democrat on the House Intelligence committee, Maryland's Dutch Ruppersberger, has been just as enthusiastic about the measure as his Republican counterpart. Rep. Anna Eshoo, a pointedly partisan Democrat whose district includes much of Silicon Valley, is a CISPA sponsor.

But the Obama administration has made it clear, starting with a statement last week and again with a State Department official speaking speaking on Monday, that it prefers a cybersecurity bill that's more akin to its own proposal published last year.

For their part, the House Republican leadership has been pushing forward with a number of cybersecurity bills, including CISPA, the Cybersecurity Enhancement Act of 2011 (H.R. 2096), and the Federal Information Security Amendments Act of 2012 (H.R. 4257). By contrast, Senate Majority Leader Harry Reid has been much slower. One unspoken calculation among the House GOP: if there is a devastating "cyberattack," at least they can say they tried to do something.

What sparked the recent privacy outcry over CISPA -- including a petition signed by nearly 800,000 Internet users -- are portions of the law that would allow Internet companies to open their networks and customer databases to the Feds for cybersecurity purposes.

Probably the most controversial section of CISPA says that "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, or the National Security Agency. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more.