Despite a top counterterrorism official’s warning that it still contains serious flaws, the White House has endorsed controversial cybersecurity bill CISA.
“While there are still areas of concern that we hope to address, the bill’s sponsors have made a good-faith effort to address some of our biggest concerns,” a senior administration official told the Daily Dot Wednesday, referring to late-stage work on the Cybersecurity Information Sharing Act.
CISA authorizes private companies and government agencies to share information about indicators of online threats. The goal of the bill is to make the public and private sectors better at recognizing and responding to early signs of cyberattacks, high-profile examples of which have caught the government off-guard in numerous cases over the past few years.
But the legislation also lets private companies deploy vaguely defined “defensive measures” to fight back against such attacks, and civil liberties groups attacked its privacy protections—which require some personal information to be scrubbed from shared data—as being insufficiently robust.
Alejandro Mayorkas, the deputy secretary at the Department of Homeland Security, echoed those concerns Friday in a letter to Sen. Al Franken (D-Minn.). In it, he wrote that CISA should give DHS, not the attorney general, the responsibility for drafting specific cyber-data-sharing guidelines, because DHS already operates an office devoted to that information-sharing. Mayorkas also wrote that the way CISA authorized sharing “could sweep away important privacy protections.”
The White House declined to comment on whether it shared Mayorkas’ specific concerns or whether President Obama would ultimately veto CISA if the administration’s “areas of concern” were not addressed. A DHS spokesman declined to comment on the record about the White House’s decision to endorse CISA.
The Senate was set to hold a preliminary vote on taking up CISA at 2pm Wednesday, though final passage could be delayed until after the August recess if senators objected to moving forward by unanimous consent. Senate Democrats have not yet agreed to a Republican plan that would allow them to introduce a limited number of amendments in exchange for speeding up the process.
Following Mayorkas’s letter and a massive grassroots campaign spearheaded by privacy groups, Senate leaders tried to address CISA critics’ concerns by introducing a “manager’s amendment” with minor changes. But that amendment only chipped away at the bill’s issues and did not quell opposition.
“What we’ve not seen is fact-based explanation of why CISA’s massive increase in information sharing is useful from a marginal or incremental benefit perspective—even if we put privacy and civil liberties concerns to the side,” Lee Tien of the Electronic Frontier Foundation wrote on the group’s blog Wednesday. “It’s just assumed and incanted.”
The senior administration official told the Daily Dot that the White House wanted to “work with Congress to ensure that cybersecurity legislation preserves the long-standing, respective roles and missions of civilian and intelligence agencies and contains appropriate privacy protections.”
“Cybersecurity is an important national security issue,” the official said, “and the Senate should take up this bill as soon as possible and pass it.”
Photo via Michael Mol/Flickr (CC BY 2.0) | Remix by Max Fleishman