The White House on Tuesday threatened to veto a House bill that would allow private companies to share information about computer security threats with government agencies, signaling once again how difficult it is to balance civil liberties and security interests in the digital era.
A similar bill, the Cyberintelligence Sharing and Protection Act, known as Cispa, passed the Republican-controlled House of Representatives last year. It too faced a veto threat from the Obama Administration, along with outcry from civil liberties groups that feared that the government would use it to snoop on private citizens. This year, sponsors of the bill, House Intelligence Committee chairman Mike Rogers, a Republican from Michigan, and C.A. Dutch Ruppersberger, a Democrat from Maryland, tweaked the language in a bid to satisfy critics. The House is expected to vote on the bill this week.
A National Security Council spokeswoman, Caitlin Hayden, on Tuesday described those as “a good faith effort,†but insufficient. Specifically, the administration said private firms should be required to try to “remove irrelevant personal information†when sharing cyber threat information with each other or with government agencies. “Citizens have a right to know that corporations will be held accountable - and not granted immunity - for failing to safeguard personal information adequately,†the White House said in a statement.
Some technology industry groups, most recently TechNet, have backed the bill, while civil liberties advocates rallied against it. The Center for Democracy and Technology said it could cede too much control to a military intelligence agency, while the American Civil Liberties Union organized a petition drive warning that the law could allow government surveillance over e-mail communications and location data of ordinary Internet users.
The administration passed an executive order last February compelling government agencies to tell private firms about cyber risks, but not vice-versa. The president, in his State of the Union address, explicitly cited the need to protect both “national security†and “privacy.â€
