White House warns of CISPA flaws


Following a briefing with lawmakers and high-ranking security officials late Tuesday, the White House implicitly criticized the controversial Cyber Intelligence Sharing and Protection Act (CISPA), insinuating that the House cybersecurity bill fails to adequately protect critical national infrastructure, such as electrical grids and water supplies, and could threaten individual privacy and civil liberties.

CISPA would allow companies and the federal government to more easily share “cyber threat intelligence” with each other. But according to National Security Council spokeswoman Caitlin Hayden, the sharing of information is not enough to combat potential cyberattacks. Moreover, Hayden said that any cybersecurity legislation must also include “robust” protections for civil liberties, something a multitude of rights advocates say CISPA does not do.

“The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone,” Hayden told The Hill in a statement.

“Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs.”

While the White House did not threaten to veto CISPA, which is scheduled to go up for a vote before the full House sometime next week, its criticism of the bill provides the growing anti-CISPA movement with a much-needed governmental ally.

Earlier this week, a broad faction of privacy and civil liberty advocates, including the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), the Center for Democracy & Technology (CDT), and others, launched a week-long “Stop Cyber Spying” campaign to combat CISPA. These critics assert that CISPA’s broad language would allow companies to hand over private information about their customers and users to the federal government without sufficient oversight or consequences for mishandling the data. They also warn that the shared information could potentially be handed over to spy agencies, like the National Security Agency (NSA), a military organization with little public oversight. Furthermore, these critics echo the White House’s sentiment that CISPA would do little to protect against cyberattacks.

CISPA supporters in Congress dismiss the criticisms of the bill as unfounded, and argue that greater sharing between the government and the private sector would provide needed protections for the government, businesses, and citizens alike. CISPA currently enjoys broad bi-partisan support from 106 112 co-sponsors in the House, and wide support from many business, including Facebook, Microsoft, IBM, AT&T, Verizon, and Intel.

Congress is currently considering a number of cybersecurity bills in addition to CISPA. The Obama administration has backed the Cybersecurity Act of 2012, a Senate bill introduced by Sen. Joe Lieberman (I-CT) and Sen. Susan Collins (R-ME), which gives the Department of Homeland Security the power to enforce cybersecurity standards. The Lieberman-Collins bill also includes a requirement that companies strip all shared data of any personally identifiable information, a key privacy protection that CISPA lacks.

Rep. Mike Rogers (R-MI), co-author of CISPA, said in a speech Tuesday that the Lieberman bill imposes unnecessary governmental regulations that Republicans in the House will oppose, making its passage unlikely.