White House threatens to veto House's CISPA cybersecurity bill

The White House threatened to veto a controversial House cybersecurity bill on Wednesday, saying the measure would fail to protect critical infrastructure systems and would undermine Internet privacy.

The House is expected to approve the Cyber Intelligence Sharing and Protection Act (CISPA) on Friday. 

ADVERTISEMENT
"Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security," the White House said.

The goal of CISPA is to help companies beef up their defenses against hackers who steal business secrets, rob customers' financial information and wreak havoc on computer systems. The bill would tear down legal barriers that discourage companies from sharing information about cyber threats. 

The administration said it supports increasing information-sharing but that CISPA lacks adequate privacy protections.

Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), the authors of CISPA, announced amendments on Tuesday to address the concerns of privacy advocates, but the changes were apparently not enough to appease the White House.

In a statement, Rogers and Ruppersberger said their amendments "address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans."

The administration criticized CISPA for not requiring that companies strip out personally identifiable information, such as names or birthdays, from the data they turn over to the government. The administration also said the bill should be amended to ensure that the data is only used for appropriate purposes.

"Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately," the White House said.

The administration emphasized that a civilian agency such as the Homeland Security Department — not military spy agencies — should have a central role in handling the cyber threat information.

The statement also argued that CISPA would grant overly broad liability protection to companies that share cyber threat information.

"This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests," the White House said.

Unlike a cybersecurity bill in the Senate, CISPA would not set mandatory security standards for critical infrastructure systems such as electrical grids or chemical plants.

The White House and backers of the Senate cybersecurity bill argue that mandatory standards are necessary to prevent a catastrophic cyberattack.

"The Congress must also include authorities to ensure our Nation's most vital critical infrastructure assets are properly protected by meeting minimum cybersecurity performance standards," the White House said on Wednesday.

But GOP House leaders have indicated they will not allow a vote on any bill that creates new regulations for cybersecurity. Critics of the mandates say they are unnecessary and would be burdensome for businesses.

The White House argued that "voluntary measures alone are insufficient responses to the growing danger of cyber threats."

In the statement, the White House said "looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation," but that if Congress passed the current version of CISPA, the president's senior advisers would recommend that he veto it.

More in In The Know

'Full House' star goes to the White House

Read more »