Obama administration pushes for privacy safeguards in cybersecurity legislation

Senior administration officials on Monday stressed the importance of including strong privacy protections in cybersecurity legislation.

Without adequate protections, "the companies that run the Internet would no longer be accountable to the laws that protect privacy" and could "disclose very broadly, private sensitive information to the government," one official said.

ADVERTISEMENT
The call for strong privacy protections came ahead of a House vote scheduled this week on the Cyber Intelligence Sharing and Protection Act (CISPA).

The officials declined to discuss specific legislation during the call, but the House bill has drawn heated opposition from civil liberties groups worried about how it would affect privacy.

The goal of CISPA is to help companies beef up their defenses against hackers who steal business secrets, rob customers' financial information and wreak havoc on computer systems. The measure would tear down legal barriers that discourage companies from sharing information about cyber threats.

But civil liberties groups, including the Center for Democracy and Technology, the American Civil Liberties Union and the Electronic Frontier Foundation, are campaigning against the bill, warning it would encourage companies to hand over private information to government spy agencies.

The White House supports provisions that would encourage information sharing about cyber threats, but the officials emphasized that any bill should include "robust" privacy protections

The White House has endorsed a cybersecurity bill from Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan CollinsThe Trail 2016: Words matter Lobbyists bolting Trump convention early GOP sen at convention: I'm not ruling out voting for Clinton MORE (R-Maine) that would also encourage information sharing.

But the Senate bill includes privacy protections such as a requirement that companies strip personally identifiable information whenever possible from the data they turn over to the government. The Senate bill would also empower the Homeland Security Department to regulate critical infrastructure systems, an important difference with the House bill.

The administration officials said cybersecurity legislation should limit the types of information companies can share with the government and should include procedures for how the government can use the information it collects.

The officials said the legislation should have "narrowly tailored" liability protections. CISPA would give companies immunity for sharing information related to cyber threats with the government.

But the administration officials warned that a "blanket limitation on liability" would create a "huge hole through this carefully worked-out framework" of privacy and electronic surveillance laws.

The officials also emphasized the importance of mandatory standards to protect critical infrastructure systems, such as electrical grids of chemical plants.

"[Cybersecurity] cannot be fully addressed by information-sharing measures alone," one official said.

But GOP House leaders have indicated they will not allow a vote on any bill that includes new mandates for cybersecurity.

When asked whether the president would sign a cybersecurity bill if it did not include the critical infrastructure protections or stringent privacy protections, one official said, "We'll cross that bridge when we get there."