But the Obama administration finally responded Tuesday to the more than 100,000 people who signed a We The People petition against the Cyber Information Sharing and Protection Act (CISPA).
From the start—since before the first version of the bill passed the House in 2012—CISPA has faced intense scrutiny from critics who claim it doesn’t do enough to protect Internet users’ privacy. A cybersecurity bill, it’s designed to remove red tape that would otherwise keep private companies from sharing what they know with government agencies in the event of a cyberattack.
Among the biggest differences between the 2012 and 2013 versions of CISPA—and there aren’t many—is the popular outrage against the bill. The We The People petition highlighted that, gathering 117,576 signatures in the 30 days after its Feb. 13 creation. In January, We The People responded to growing popularity and began requiring petitions to acquire 100,000 signatures to warrant an official response, rather than 25,000.
But they were heard loud and clear by the White House, which made privacy the highlight of its response, titling it “Cybersecurity Legislation Must Not Violate Americans’ Right to Privacy.”
Of course, rejecting CISPA raises the question of what kind of cybersecurity bill, if any, will eventually pass. Unlike some of CISPA’s enemies in the Senate, the White House response does support the “information-sharing” crux of the bill—removing some red tape in order for private networks to more efficiently show government agencies what hackers are doing so they can help fight back.
But, it stresses, such a bill needs some of the proposed privacy amendments that didn’t make it into this year’s final draft of CISPA, like:
[A]ny information shared under a new cybersecurity law must be limited to what’s relevant and necessary for cybersecurity purposes. That also means minimizing information that can be used to identify specific individuals. For example, if a utility company is looking for government assistance to respond to a cyber attack, it is unlikely that it needs to share the personal information of its customers, like contact information or energy-use history, with the government.
The next cybersecurity bill will likely come from the Senate, though any such bill is still merely rumored.
Photo via Wikimedia Commons