White House Endorses Cyberse­cur­ity Bill, Bucking Privacy Groups

The Obama ad­min­is­tra­tion on Thursday en­dorsed a cy­ber­se­cur­ity bill that will get a vote next week in the Sen­ate.

Laud­ing the Sen­ate In­tel­li­gence Com­mit­tee’s re­cent work that tweaked the bill to bol­ster its pri­vacy pro­tec­tions, the White House said it sup­ports pas­sage of the Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act, or CISA, but laid out a few out­stand­ing con­cerns.

The bill over­came a key pro­ced­ur­al hurdle Thursday when the Sen­ate over­whelm­ingly voted to move CISA for­ward. Next week, a hand­ful of amend­ments will re­ceive a vote be­fore the Sen­ate votes on fi­nal pas­sage of the bill.

CISA of­fers in­cent­ives to private com­pan­ies to share in­form­a­tion about cy­ber­threats with the gov­ern­ment and oth­er busi­nesses, with the goal of boost­ing the cy­ber­se­cur­ity of all in­volved.

The bill, which passed out of the Sen­ate In­tel­li­gence Com­mit­tee nearly un­an­im­ously earli­er this year, is backed by busi­ness, fin­an­cial, and re­tail as­so­ci­ations, but has come un­der heavy fire from civil-rights and pri­vacy groups that con­sider the bill’s pri­vacy pro­tec­tions too weak. In re­cent weeks, a grow­ing num­ber of tech com­pan­ies and the as­so­ci­ations that rep­res­ent them have also dis­tanced them­selves from the bill.

The White House’s state­ment re­leased Thursday night is a re­jec­tion of the groups’ at­tempts to or­gan­ize a grass­roots back­lash against CISA. A num­ber of or­gan­iz­a­tions ban­ded to­geth­er this week to en­cour­age con­stitu­ents to call their sen­at­ors, and planned an anti-CISA rally in front of the Cap­it­ol Thursday night.

In the state­ment, the ad­min­is­tra­tion said it was “en­cour­aged” by the ef­fort from co­spon­sors Richard Burr and Di­anne Fein­stein to work in amend­ments and changes to their bill, which it said “strengthened the le­gis­la­tion and in­cor­por­ated im­port­ant modi­fic­a­tions to bet­ter pro­tect pri­vacy.”

But the White House also ar­gued that the De­part­ment of Home­land Se­cur­ity should be the cent­ral clear­ing­house for in­com­ing data, and cri­ti­cized the bill for al­low­ing com­pan­ies to share data with any agency, in­clud­ing mil­it­ary agen­cies like the Na­tion­al Se­cur­ity Agency. The state­ment urged sen­at­ors to re­ject amend­ments that would of­fer li­ab­il­ity pro­tec­tions to com­pan­ies for shar­ing with gov­ern­ment en­tit­ies oth­er than DHS. The ad­min­is­tra­tion was likely re­fer­ring to an amend­ment offered by Sen. Tom Cot­ton that would ex­tend pro­tec­tion for com­pan­ies that share in­form­a­tion with the FBI or the Secret Ser­vice.

The ad­min­is­tra­tion said it also op­poses CISA’s au­thor­iz­a­tion of cer­tain de­fens­ive meas­ures, which it said could res­ult in “a dir­ect de­le­ter­i­ous im­pact on for­eign policy, the in­teg­rity of in­form­a­tion sys­tems, and cy­ber­se­cur­ity” if used im­prop­erly.

The White House had pre­vi­ously in­dic­ated its sup­port for the Sen­ate in­form­a­tion-shar­ing le­gis­la­tion, but the of­fi­cial state­ment of ad­min­is­tra­tion policy re­leased Thursday is the most de­tailed out­line it has shared of its sup­port and re­ser­va­tions. In 2012 and 2013, the White House threatened to veto a re­lated bill, the Cy­ber In­tel­li­gence Shar­ing and Pro­tec­tion Act, or CISPA, say­ing it lacked ad­equate pri­vacy pro­tec­tions.

Even if CISA passes on Tues­day, there are sev­er­al hurdles left for it to clear be­fore it ar­rives at the pres­id­ent’s desk. Two sep­ar­ate House ver­sions of the bill would still need to be aligned with the Sen­ate bill in a con­fer­ence, and both cham­bers would need to pass a fi­nal, uni­fied ver­sion of the le­gis­la­tion.