In what's quickly turning out to be a replay of events from last year, the White House today signaled that it would not support the recently reintroduced Cyber Intelligence Sharing and Protection Act (CISPA) in its present form.
A statement from the White House National Security Council expressed support for CISPA's broad goals but stressed the importance of having adequate privacy protections built into the legislation.
"We continue to believe that information-sharing improvements are essential to effective legislation," NSC spokeswoman Caitlin Hayden said in an emailed statement on Thursday afternoon. "But they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections."
The Obama Administration will continue to work with the bill's authors and build upon the ongoing dialogue that it has had with them over the past several months, Hayden said. However, she made it clear that the bill in its present form does not incorporate the changes that the Administration has been seeking.
"We believe the adopted committee amendments reflect a good faith-effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities," Hayden said.
Similar concerns prompted the White House to issue a veto threat last year after the House approved CISPA amid a maelstrom of protests from digital rights groups.
Hayden's statement comes less than a day after the U.S. House Intelligence Committee voted 18-2 to pass CISPA through committee despite mounting opposition from privacy and rights groups, which see the bill as eviscerating existing privacy laws.
In comments made after the bill was voted to the House floor, the authors of CISPA, House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member C.A. Dutch Ruppersberger (D-MD), pointed to six amendments that have been made to the bill to accommodate privacy concerns.
The amendments included one that would require the government to strip away any private information they receive from companies participating in information sharing, another that would prohibit companies from hacking back at attackers and a third that would strictly limit the use of threat information, gathered via information sharing arrangements, to cybersecurity purposes. The government will also no longer be permitted to use threat information for broader "national security" purposes as provided for under the original bill.
The changes appear to have done little to change attitudes among those opposed to the bill.
CISPA is designed to bolster national cybersecurity by enabling companies and federal agencies to share threat information with others more freely and without fear of legal or liability issues.
Supporters of the measure, which include the U.S. Chamber of Commerce, nearly every major Internet service provider, and scores of technology companies, say that such threat-information sharing is vital to improving security. Many security practitioners insist that the only information they are interested in sharing pertains to non-personal data like IP addresses involved in targeted attacks, the addresses of command-and-control servers used to direct botnets, and breach and vulnerability indicators.
Sign up for Computerworld eNewsletters.