Want CNET to notify you of price drops and the latest stories?

Obama threatens veto of CISPA database-sharing bill

White House veto threat says CISPA does not protect Americans' privacy adequately, raising the chances that the bill is doomed this year.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
President Obama has threatened to veto CISPA because it may not "safeguard personal information adequately."
President Obama has threatened to veto CISPA because it may not "safeguard personal information adequately." Getty Images

The White House today delivered a formal veto threat against a controversial data-sharing bill called CISPA that would allow intelligence agencies to collect personal information about Americans from private companies.

In a statement this afternoon, President Obama's aides said they "would recommend that he veto the bill," which is scheduled for a House of Representatives floor vote this week.

A House committee approved CISPA last week without four key privacy amendments. Sought by CISPA opponents, the amendments would have curbed the National Security Agency's ability to collect confidential data. (See CNET's CISPA FAQ.)

The White House had threatened a CISPA veto last year, but its backers had hoped that some changes they made, coupled with a related presidential executive order in January, meant the veto threat would not be renewed. Today's statement says:

The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable -- and not granted immunity -- for failing to safeguard personal information adequately... .

The Administration supports incentivizing industry to share appropriate cybersecurity information by providing the private sector with targeted liability protections. However, the Administration is concerned about the broad scope of liability limitations in H.R. 624. Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals.

House Intelligence Chairman Mike Rogers (R-Mich.), CISPA's primary author, described the veto threat as "flabbergasting."

"I do not believe the administration knows how to work with a legislative body," Rogers said during a meeting of the House Rules Committee. "We have come a long way on some of their points."

CISPA's advocates say it's needed to encourage companies to share more information with the federal government and, to a lesser extent, among themselves. A "Myth v. Fact" paper (PDF) prepared by the House Intelligence Committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.

Critics of CISPA are hoping for a second chance during this week's floor debate to offer their privacy-protective amendments.

Rep. Adam Schiff (D-Calif.), who voted against the bill during last week's House Intelligence meeting, said at the time he was "disappointed" that his colleagues overwhelmingly rejected his proposal.

"It is not too much to ask that companies make sure they aren't sending private information about their customers, their clients, and their employees to intelligence agencies," Schiff said.

Unlike last year's Stop Online Piracy Act outcry, in which Internet users and civil liberties groups allied with technology companies against Hollywood, no broad alliance exists this time. Companies -- including AT&T, Comcast, EMC, IBM, Intel, McAfee, Oracle, Time Warner Cable, and Verizon -- have instead signed on as supporters.

There are some exceptions. As CNET reported last month, Facebook has been one of the few companies to rescind its support. Microsoft has also backed away. Google has not taken a public position.

CISPA is controversial because it overrules all existing federal and state laws by saying: "Notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government." It would not, however, require them to do so.

That language has alarmed dozens of advocacy groups, including the American Library Association, the American Civil Liberties Union, the Electronic Frontier Foundation, and Reporters Without Borders, which sent a letter (PDF) to Congress last month opposing CISPA. It says: "CISPA's information sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records or the content of e-mails, to any agency in the government."

A similar coalition mounted an attempt to defeat CISPA last year, but failed to do so. Despite a presidential veto threat and criticism from Rep. Jared Polis (D-Colo.) and Ron Paul (R-Texas), the House of Representatives approved the measure by a largely party-line vote of 248 to 168. The bill, however, did not receive a vote in the Senate and it never became law.