"The President has been clear that the United States urgently needs to modernize our laws and practices relating to cybersecurity, both for national security and the security of our country's businesses -- but that shouldn't come at the expense of privacy," wrote U.S. CTO Todd Park and Michael Daniel, special assistant to the president and the cybersecurity coordinator.
The White House issued a veto threat for the Cyber Intelligence Sharing and Protection Act (CISPA) on April 16, because the legislation did not fully address our core concerns (especially the protection of privacy). Even though a bill went on to pass the House of Representatives and includes some important improvements over previous versions, this legislation still doesn't adequately address our fundamental concerns.
As the response acknowledges, CISPA passed the House of Representatives by a wide margin (248-168) when 42 Democrats voted for it. When the Senate subsequently indicated that it would not be taking CISPA in its current form up, however, the bill's progress ended. That makes the timing of this response, issued after CISPA stalled, interesting.
- Make a case for what it has done in the absence of Congressional action on the big bucket of issues that is "cybersecurity" today, specifically issuing an executive order and industry partnership.
Does it (1) sufficiently protect privacy and civil liberties, (2) ensure that a civilian department -- not an intelligence agency -- is the primary point of entry for cybersecurity information sharing, and (3) provide narrowly tailored liability protections that would allow the private sector to respond to threats
That will be relevant as the Senate considers information-sharing bills in the coming months and in any subsequent conference, should any draft earn enough votes in the House of Representatives.
"There is broad consensus on the need for more threat-related information sharing -- including among the leading privacy advocates we regularly engage on the issue," wrote Park and Daniel. "The essential question on which people across the spectrum disagree isn't if we can share cybersecurity information and preserve the principles of privacy and liberty that make the United States a free and open society -- but how."
In the months to come, the Senate looks likely to consider an update to the Electronic Communications Privacy Act. Such a reform could add badly needed digital due process for law enforcement that wishes to access the online email and data of citizens.
Whether the voices of the people on it are driving administration policy remains up for the debate. What can't be said now is that they're not paying attention to the issues raised. We, the People, should be heard. Now there are new ways to you raise your voice.