Skip to main content

White House Threatens to Veto CISPA

The Obama Administration Wednesday came out against H.R. 3523, the Cyber Intelligence Sharing and Protection Act, which is strongly backed by cable operators and phone companies.

In a statement of policy on the bill, which has been scheduled for House floor consideration Thursday (April 26), the Executive Office of the President (EOP) said that it would recommend the president veto the bill if it got to his desk in the present form.

The administration says that the bill provides too much liability protection for ISPs for sharing cyber threat info with the government -- telecom companies have argued such liability protection is crucial to info sharing -- and does too little to protect personally identifiable information (PII). The White House also wants the Department of Homeland Security to oversee minimum cybersecurity performance standards -- which is part of Democrat-backed cybersecurity legislation. Cable operators and phone companies favor the CISPA approach of self-reg over government standards.

The EOP statement makes clear the White House wants government enforcement of industry cybersecurity. "Voluntary measures alone are insufficient responses to the growing danger of cyber threats," it said.

"H.R. 3523 would inappropriately shield companies from any suits where a company's actions are based on cyberthreat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life," said EOP. "This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests."

The bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information," added EOP. "The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes."

The bill's sponsors have reportedly amended it to address some of the concerns of privacy groups, but apparently not enough to satisfy the White House.