On Wednesday, two days before the expected House vote, the Obama administration expressed its concerns.
The bill, it said in a statement, “fails to provide authorities to ensure that the nation’s core critical infrastructure is protected while repealing important provisions” of privacy law.
The legislation would make it easier for the government to share classified data with the private sector and for the private sector, in turn, to share data voluntarily with the government. Advocates say the exchange of information about cyberthreats could help companies improve their defenses against attacks.
The bill’s co-sponsors, Reps. Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.), said amendments were being introduced this week to enhance privacy protections.
But the White House, which had refrained from publicly taking issue with any specific cyber-legislation before Wednesday, said the bill allows broad sharing of information with government agencies without sufficiently establishing ways to anonymize personal information or ensure that data are used only for appropriate purposes.
Civil liberties advocates have raised concerns that the bill would allow a large flow of private communications to the National Security Agency, which conducts electronic surveillance on foreign enemies and whose work is highly classified.
The White House also expressed worry that the bill would shield companies from lawsuits if they misused data. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our nation’s economic, national security, and public safety interests,” the administration said.
Rogers and Ruppersberger issued a measured response in a joint statement, asserting that the administration’s threat “is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction.”
They also pointed to the “substantial package of privacy and civil liberties improvement” that they said addresses “nearly every single one of the criticisms leveled by the administration, particularly those regarding privacy and civil liberties of Americans.”
Said the lawmakers: “Congress must lead on this critical issue and we hope the White House will join us.”
The plan, House aides said, is to bring CISPA to the floor for debate on Thursday and a vote on Friday. It is expected to pass by a comfortable margin, along with three smaller cyber-bills.
Then, Rep. Mac Thornberry (R-Tex.) said, “it’s the Senate’s turn to act.”
Thornberry noted that the House’s approach is narrow, focusing on the sharing of data about threats. “It doesn’t try to solve all the problems in cybersecurity,” he said.
But the Senate Democratic leadership and the White House are holding out for comprehensive legislation. They favor a bill co-sponsored by Sens. Joseph I. Lieberman (I-Conn.) and Susan Collins (R-Maine) that would require companies that provide critical services, such as electricity, to develop cybersecurity standards that the Department of Homeland Security would be able to approve. Senate Republicans have opposed the plan as a regulatory burden on industry.
The package also includes an information-sharing component, which could be the basis for a compromise with the House.
The Senate leadership plans to bring the legislation to the floor in May. But past deadlines have slipped. “We’re going to do everything we can to make sure we pass a bill out of the Senate that legitimately confronts the urgent national security threats we face,” a Democratic aide said.