A cybersecurity bill that received pushback from privacy advocates and the White House last year will be re-introduced on Wednesday, setting up a potential battle between Congress and the administration over cybersecurity legislation.
House Intelligence Committee leaders Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) will re-introduce their Cyber Intelligence Sharing and Protection Act (CISPA) and hold a public hearing analyzing the current state of cyber threat information sharing between the U.S. government and industry next week.
The bill aims to thwart cyberattacks by making it easier for private companies to share information about cyberthreats and malicious source code with the intelligence community and the Department of Homeland Security.
The same privacy and civil liberties groups that fought against CISPA last year say they plan to revive their efforts to rally opposition against the bill—especially since it will be identical to the measure that passed the House last spring.
“The Internet activists who vociferously opposed CISPA last year are certainly primed to oppose the same bill again this year,” said Greg Nojeim, director of the Center for Democracy and Technology’s project on freedom, security and technology. “It’s hard to understand why members would want to start with the same legislation that raised such uproar.”
Last year, privacy advocates argued that the bill would increase the pool of people’s electronic communications flowing to the military and the secretive National Security Agency (NSA). They also argued that it would embolden the NSA to use data from people’s electronic communications for non-cybersecurity purposes.
But observers are anxious to see what kind of move the White House will take if CISPA reaches the House floor a second time.
The White House issued a veto threat against CISPA a day before the lower chamber took up the bill for a vote last spring, saying it repeals “important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.”
The bill also included sweeping liability protection for companies and failed to address security vulnerabilities in the computer systems of critical infrastructure, the White House said.
Despite the veto threat and pushback that CISPA received, the bill boasted 112 co-sponsors from both sides of the aisle and cleared the House.
So far, the White House is keeping mum on whether it will take action against the bill if it reaches the floor.
When asked for comment, White House spokeswoman Caitlin Hayden reiterated the administration’s views about the importance of including adequate privacy protections in cybersecurity legislation.
“We do not issue [statements of administration policy] until bills are ready for the floor, so as not to prejudge the legislative process,” Hayden said in a statement.
“Our belief continues to be that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections.”
Both Rogers and Ruppersberger have said their staffs are engaged in talks with the White House about their bill in hopes of staving off another veto threat.
“We’re working on some things … working with the White House to make sure that hopefully they can be more supportive of our bill than they were the last time,” Ruppersberger said earlier this week.
Privacy advocates, however, expect the White House to come out in opposition against CISPA again this year.
“Given that the bill hasn’t changed, we would expect the White House to react the same [way] it did as the bill emerged from the House last year,” Nojeim said. “They issued a veto threat, and with nothing changed [in the bill], one would expect the position will be the same.”
CISPA critics view the White House’s previous veto threat as one of the key persuasion tools they have to convince lawmakers to oppose the bill. They also backed an information sharing measure included in the Senate’s cybersecurity bill last year, which was ultimately blocked by GOP senators.
“I think it’s a different ball game this time,” said Michelle Richardson, a legislative counsel in the American Civil Liberties Union’s Washington office. “I feel emboldened after what happened in the Senate last fall and [with] the veto threat.”
“With that [Senate] alternative out there, I don’t think this sort of broad and unaccountable approach to information sharing [legislation] is going to go anywhere,” she added, noting that the bill received 168 ‘no’ votes last year.
However, James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, said the administration could use the veto threat to aid its negotiations with Congress on cybersecurity legislation and will likely wait to see what kind of a bill the Senate comes up with before taking action.
“Generally [CISPA] is something you can expect to get out of the House with people knowing you’re going to have to do more on privacy and critical infrastructure,” he said.
The bill will be introduced before the White House issues its executive order on cybersecurity. The order is expected to be released this month. Sen. Tom Carper (D-Del.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, said the White House has signaled that it will issue the cyber order after the president’s State of the Union address.
CISPA will likely receive broad support from industry groups just as it did last year, when Facebook, AT&T and Microsoft threw their support behind the bill.
“We strongly support CISPA. We did before and we continue to,” said Nilmini Rubin, director of government relations at the Information Technology Industry Council, which counts Google and IBM as members. “It’s still needed. We hope that as people become more educated about cybersecurity, they understand why information sharing [about cyber threats] is so important.”