CDT, White House Oppose CISPA Cyberthreat Sharing Bill
As the U.S. House of Representatives prepares to debate a controversial cyberthreat information-sharing bill, a key deal with a vocal digital rights group has fallen apart.
The Center for Democracy and Technology, which has raised privacy concerns about the Cyber Intelligence Sharing and Protection Act, or CISPA, renewed its opposition to the bill. Earlier this week, CDT had said it would not oppose the bill, but the group reversed its stand after the House Rules Committee on Wednesday threw out two amendments that CDT had pushed for.
President Barack Obama's administration on Wednesday also repeated its earlier opposition to the bill, with the White House Office of Management and Budget (OMB) saying it will recommend that Obama veto the bill if it passes through the House and Senate.
The House is scheduled to vote on CISPA on Friday, after debate Thursday.
The House Rules Committee, which decides what amendments will be allowed on the House floor, voted to exclude amendments that would limit private companies such as broadband providers from sharing cyberthreat information with the U.S. National Security Agency and limit agencies from using the shared information for purposes unrelated to cybersecurity, CDT said.
CDT had earlier removed its opposition to the bill with the understanding that the amendments would be considered by the House, the group said.
By striking down those amendments, "the House leadership has squandered an opportunity to achieve balanced cybersecurity legislation," CDT said in a statement. "We worked very hard to improve this bill. Now that the House leadership has decided to block amendments addressing two of our core issues, CDT cannot stand silent. We must oppose CISPA."
OMB on Wednesday said it opposes CISPA because the bill would fail to protect U.S. critical infrastructure "while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards."
The bill would allow broad sharing of cyberthreat information between private companies and government agencies "without establishing requirements for both industry and the Government to minimize and protect personally identifiable information," OMB said in a statement.
CISPA would also "inappropriately shield" companies that share information from customer lawsuits, even if the companies shared information in violation of U.S. law or the sharing cased damage or loss of life, OMB said. OMB urged Congress to consider more comprehensive cybersecurity legislation.
CISPA would allow private companies to share customer communications related to cyberthreats with a wide range of government agencies. The bill exempts private companies that share cyberthreat information in "good faith" customer lawsuits.
CISPA has support from several tech companies and trade groups, including TechAmerica, CTIA and the United States Telecom Association. For years, tech companies have complained about legal hurdles to sharing cyberthreat information with each other and with the government.
The bill would allow U.S. agencies to use information shared by private companies for a broad range of law enforcement uses beyond cybersecurity, CDT and other critics have said.
Bill sponsors Representatives Mike Rogers, a Michigan Republican, and C.A. "Dutch" Ruppersberger, a Maryland Democrat, said Wednesday that protection of critical infrastructure falls outside the jurisdiction of the House Intelligence Committee, where their bill originated. Rogers is the chairman and Ruppersberger is the senior Democrat on that committee.
Rogers and Ruppersberger also pointed to a "substantial package of privacy and civil liberties" improvements they agreed to Tuesday. The House Rules Committee has "agreed to a package of amendments that address nearly every single one of the criticisms leveled by the administration, particularly those regarding privacy and civil liberties of Americans," the two lawmakers said in a statement.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.