The White House issued a statement today that it “strongly opposes” the Cyber Intelligence Sharing and Protection Act (CISPA) in its current form in the House of Representatives over consumer privacy concerns. CISPA is a controversial bill in Congress designed to facilitate sharing of information between private companies and the U.S. government over supposed cybersecurity threats, such as malicious hacking and denial of services attacks. The bill has been supported by some of the major technology companies in the U.S., including Facebook, Microsoft, IBM and Intel.
Recommended: What You Need to Know About CISPA
The White House stated that CISPA, “fails to provide authorities to ensure that the Nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.”
The White House says the bill would allow for broad sharing of information with governmental entities without establishing requirements for both private industry and federal agencies to minimize and protect personally identifiable information. It also believes the bill does not have sufficient limitations on how personally identifiable information is shared between private industry and the government.
“Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately. The Government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes,” the statement says.
The White House says that CISPA gives companies shields from any suits where a company’s actions are based on cyber threat information shared, obtained or identified under the bill. That means that a corporation could gain data under the bill’s premises and use it for reasons other than cybersecurity and still be protected under CISPA guidelines. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests.”
The White House believes that the Internet and “cyberspace” are products of the “civilian sphere” and hence should be handled by civilian agencies, such as the Department of Homeland Security. The concern is that treating cyber threats as an “intelligence activity” unduly brings control of the Internet under government authority.
“The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections,” the White House stated.
While it opposes CISPA, the White House did say that there needs to be legislation to address critical infrastructure vulnerabilities (such as water and the electric grid). Yet, the White House would like to achieve that, “without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security.”
"The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill."Photo courtesy of Shutterstock.