The White House on Tuesday threatened a veto against a House bill intended to improve cybersecurity through information-sharing, warning lawmakers that the president won't sign the measure unless changes are made to protect privacy and civil liberties.
The bill would free companies and the federal government to swap data about cyberthreats, giving the federal government a broader role in helping banks, manufacturers and other businesses protect themselves. But the White House, echoing privacy advocates, said the bill fails to require irrelevant personal information to be removed before data is sent to the government or other companies.
"We have long said that information sharing improvements are essential to effective legislation," said Caitlin Hayden, a spokeswoman for the National Security Council. "But they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections."
Still, the White House praised the Republican and Democrat who worked together to craft the bill, and said it's committed to working to improve the legislation so Obama can sign it into law.
It was the second time in a year that the White House threatened a veto against the bill, which lawmakers say they have already altered to respond to privacy concerns raised last year. This year's iteration was approved by a House committee last week and is set for a full House vote this week.
The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe. Businesses say the House version, which doesn't include any mandates or stipulations, is the only way they would feel comfortable sharing information with the government about the vulnerability of their networks.
But privacy groups and civil liberties experts say the bill would open up Americans to spying by the military. While the legislation does not identify the National Security Agency specifically, it's widely expected that the military intelligence agency would take a lead role in analyzing threat data because of its expertise in the matter.
Another issue is that companies won't be required to strip personal data like health or credit records from the information they share with the government. Democratic Rep. Adam Schiff of California tried to amend the bill to hold companies responsible for not sharing personal data, a restriction the White House supported. Republicans, however, on Tuesday blocked Schiff's proposal from this week's floor debate.
"Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately," the White House said in its veto threat.
Another proposal, by Democratic Rep. Jan Schakowsky of Illinois, would specifically bar the military from taking a central role in data collection. Republicans blocked her amendment, too.
Rep. Mike Rogers, R-Mich., and Rep. Dutch Ruppersberger, D-Md., who cosponsored the bill, have said that such changes aren't practical and would discourage businesses from participating.