House Intel leaders move to avoid new cybersecurity fight with White House

The leaders of the House Intelligence Committee are seeking to avoid another fight with the White House on cybersecurity this year.

The House Intelligence panel will mark up the Cyber Intelligence Sharing and Protection Act, known as CISPA, by House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) on Wednesday.  The two lawmakers argue the bill is desperately needed to give companies the ability to receive valuable threat intelligence from the government so they can thwart the rising number of cyberattacks against their computer systems in real time.

ADVERTISEMENT
Heading into next week’s markup, the two Intelligence committee leaders are expected to propose changes to the bill that are aimed at tamping down the concerns that civil liberties and privacy advocates have raised in recent weeks. In doing so, the two are also likely aiming to avoid another repeat of last year, when the White House issued a veto threat against CISPA a day before the bill went to the House floor for a vote.

The Obama administration issued the threat against CISPA, in part, because it said the measure lacked sufficient privacy measures that would prevent companies from inadvertently sharing people’s private information with the government.

The bill safely passed the House on a bipartisan vote last April. But in the hours leading up to the vote, the veto threat raised fears about whether Rogers and Ruppersberger would be able to round up enough votes from Democrats and libertarian Republicans to clear the bill through the House.

CISPA died last year in the Senate.

To avoid a scramble to gin up enough Democratic votes and ensure the bill gels with whatever cyber proposal comes out of the Senate, the Intelligence Committee leaders will need to avert another veto threat, observers say.

“A bill that was approved last year provoked a veto threat. Clearly they're going to have to make additional changes to give the administration a reason to stop short of issuing a veto, tempering it down, even saying this is an improvement from last year,” a tech lobbyist said, adding that the combination of outcry from privacy groups and the veto threat “took a lot of support away from the bill last year.”

CISPA will be the anchor bill in a legislative package of cybersecurity-focused measures that the House is expected to vote on in the middle of this month.

Spokesmen for the two House Intelligence Committee leaders did not respond to requests for comment on the upcoming markup and possible amendments.

Both lawmakers, however, have expressed confidence that the bill will strike the right balance on protecting people’s privacy rights and boosting the nation’s cybersecurity defenses.

"We want to make sure we meet the level of privacy concerns and we think we can do that," Rogers said at an event last month.

The Intelligence Chairman also said the committee leaders' discussions with the White House have been more encouraging than last year’s talks.

“I don't want to overstate where we are, but I think we've got them to a point where they're interested in working with us to get something that we can get signed into law," Rogers said.

For its part, the White House has stayed silent on its thinking about the bill this year, noting that it only weighs in on legislation when its ready for a floor vote.  In a statement, White House spokeswoman Caitlin Hayden reiterated the administration’s commitment to ensuring that cybersecurity legislation includes strong protections for privacy and civil liberties, as well as a clear outline of the cyber responsibilities divided between civilian agencies and the intelligence community.

“Our belief continues to be that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections,” Hayden said.

The White House is, however, seeking to include a change to the bill so companies would be required to minimize the sharing of information that would identify individuals when they pass cyber threat data to the government, according to a Democratic aide involved in negotiations with the administration.

Privacy groups have banded together to rally opposition to CISPA in recent weeks and raise public awareness about their concerns with the measure. Among their top concerns, privacy advocates warn that the bill would allow companies to share cyber threat data from people’s electronic communications directly with the secretive National Security Agency without being handled by a civilian agency, like the Homeland Security Department, first.

They also argue that the bill authors need to sharpen the definition of what type of cyber threat data companies can share with the government.

A pair of House Democrats on the Intelligence Committee are planning to offer amendments during the markup next week that are aimed at boosting the privacy protections in CISPA.

Rep. Adam Schiff (D-Calif.) plans to introduce an amendment that would require companies to remove any information “that can be used to identify a specific person unrelated to a cyber threat” prior to sharing threat data with the government or its other peers in the private sector.

It would allow companies to “make use of automated processes” to digitally remove personal information from cyber threat data before it's shared.

Schiff said earlier this week that he could not vote for the bill to move out of the Intelligence Committee unless it included language that accomplish the same intent as his amendment.

Austin Vevurka, a spokesman for Rep. Mike Thompson (D-Calif.), said the lawmaker will offer a “few amendments that speak to privacy concerns.” He declined to discuss which privacy issues the amendments would address because the text is still being finalized, but said they will be focused on oversight.