This afternoon – the Obama administration sent an email warning that President Obama could veto the existing bill in the House  without important modifications to ensure privacy protections and civil liberties.  Critics of CISPA (Cyber Intelligence and Sharing and Protection Act) contend that the bill will give government the right to snoop into people’s private lives, personal computers etc and share that information with any person or organization that it wants to legally.  The way the President’s release reads – it sounds more like he’s looking for modifications to the bill which is concerning.  President Obama has accomplished many great things in the past 3 years; unfortunately – his record on civil rights is weak at best.

Perhaps he feels boxed in politically and feels the need to establish his national security credentials; after all – the Republicans constantly attack Democrats on national security and self-described independent voters seem to drift towards Republicans for that very reason i.e. “strong on defense”.  But at the end of the day – this takes political courage and President Obama is trying to needle a thread through a very, very small hole instead of challenging it.  But – as a Senator – he voted for the Patriot Act and then signed an extension of the Patriot Act (with some modifications) as President.  So – consider me not sold on his veto threat.

One last reason I don’t think he’s going to veto it.  Unlike SOPA which shaped up to be a Battle Royale between major corporations lobbying efforts with tech companies like Google, Facebook, Wikipedia and others squarely against SOPA….those companies support CISPA.  And that means there is no campaign contributions coming in to remove it.  And money is what talks in Washington.  So – you’ll see some revisions…it will eventually pass unless Obama surprises me and I suspect he’ll fight for just enough in terms of so called “protections of civil liberties” to not lose complete confidence with a growing virulent opposition among voters.

You can read the full House bill HERE.

Politico reports on the potential threat of an Obama veto of CISPA:

In its statement, the administration expressed concern that CISPA, as written now, would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.”

“Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the government without undue restrictions imposed by private sector companies that share information,” the statement continues.

The administration further notes CISPA, as it stands, lacks “sufficient limitations” with respect to the sharing of personal information between entities, and inadequate protections on the use of that data. And the administration raises issues with its tact on liability protections.

“H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres,” the statement notes.

The ACLU doesn’t like the bill – full article HERE:

Think for a minute about all the things in your life that are kept on computers, but you would like to keep private. How about your medical records? Your banking and financial records? What about your education or library records? How about the things you bought on Amazon last year? Or those love letters you emailed? Or the political opinions you share with close friends? Do you think the bureaucrats and spies at the National Security Agency have any right to gather that information on you, when you’ve done absolutely nothing wrong? What if we tell you that once the NSA has the information, it can keep it forever, share it with whomever it deems necessary, and that no court will be able to look over the NSA’s shoulder and keep it in check? Yet that is exactly the scheme envisioned by the champions of CISPA. Does Congress really think our Founding Fathers would support this?

Forbes says CISPA can’t be fixed:

CISPA, however, goes farther, making it much easier for private entities and private cybersecurity providers to share “cyber threat information” with each other and with the federal government.

The core problem with this and other cybersecurity legislation is what happens when information starts flowing in the other direction—from ISPs and Internet security firms to the government.  That’s the direction that worries civil liberties groups including the ACLU and the Electronic Frontier Foundation, as well as advocates that are particularly focused on information privacy, such as the Center for Democracy and Technology.

“Under CISPA,” according to CDT’s website, “cyber threat information collected by private ISPs could go directly to the National Security Agency, a military agency that operates secretly and with little public accountability. The government could store and search this information not only for cybersecurity, but also for other national security purposes.

Ron Paul warns Americans against CISPA HERE.

Talking Points Memo reports on the response to veto threat:

Indeed, Rogers and Ruppersberger on Tuesday announced that they had agreed to five separate amendments to CISPA that would seek to define more narrowly the kind of information that could be collected under the proposed law — excluding information pertaining to “violations of consumer terms of service,” and other more benign infractions by Web users.

The ACLU, though, has criticized these amendments as window dressing.

The White House’s threatened veto didn’t seem to outwardly concern Rogers, who earlier told TPM he was confident of the bill’s passage through the House. “This is just, I think, them kicking up some dust,” Rogers told POLITICO on Wednesday after the White House announced its opposition.

Privately, House staffers told TPM that the threatened veto wasn’t a total surprise, given the White House’s earlier, not-so-subtleattacks on CISPA.

Here is the complete email that the Obama administration sent out last this afternoon:

The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation’s vital information systems and critical infrastructure.  The sharing of information must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace.  Cybersecurity and privacy are not mutually exclusive.  Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation’s core critical infrastructure from cyber threats.  Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.

H.R. 3523 fails to provide authorities to ensure that the Nation’s core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.  For example, the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information.  Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the Government without undue restrictions imposed by private sector companies that share information.

The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes.  Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately.  The Government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes.

In addition, H.R. 3523 would inappropriately shield companies from any suits where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life.  This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation’s economic, national security, and public safety interests.

H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.  The Administration believes that a civilian agency – the Department of Homeland Security – must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sector-specific Federal agencies.

The American people expect their Government to enhance security without undermining their privacy and civil liberties.  Without clear legal protections and independent oversight, information sharing legislation will undermine the public’s trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections.  The Administration’s draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board.

The Administration’s proposal also provided authority for the Federal Government to ensure that the Nation’s critical infrastructure operators are taking the steps necessary to protect the American people.  The Congress must also include authorities to ensure our Nation’s most vital critical infrastructure assets are properly protected by meeting minimum cybersecurity performance standards.  Industry would develop these standards collaboratively with the Department of Homeland Security.  Voluntary measures alone are insufficient responses to the growing danger of cyber threats.

Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security.  The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues.  However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill.

The Young Turks talks about it:

Comments

comments