White House: 'Cybersecurity Legislation Must Not Violate Americans' Right to Privacy'

The White House has responded to an e-petition asking the Obama administration to stop the Cyber Intelligence Sharing and Protection Act (CISPA).

"The President has been clear that the United States urgently needs to modernize our laws and practices relating to cybersecurity, both for national security and the security of our country's businesses -- but that shouldn't come at the expense of privacy," wrote U.S. CTO Todd Park and Michael Daniel, special assistant to the president and the cybersecurity coordinator.

The White House issued a veto threat for the Cyber Intelligence Sharing and Protection Act (CISPA) on April 16, because the legislation did not fully address our core concerns (especially the protection of privacy). Even though a bill went on to pass the House of Representatives and includes some important improvements over previous versions, this legislation still doesn't adequately address our fundamental concerns.

As the response acknowledges, CISPA passed the House of Representatives by a wide margin (248-168) when 42 Democrats voted for it. When the Senate subsequently indicated that it would not be taking CISPA in its current form up, however, the bill's progress ended. That makes the timing of this response, issued after CISPA stalled, interesting.

Responding to the popular e-petition gave the administration an opportunity to do five things.
  1. Make a case for what it has done in the absence of Congressional action on the big bucket of issues that is "cybersecurity" today, specifically issuing an executive order and industry partnership.

  • Outline three principles the administration wants to see in any subsequent legislative proposal.
  • Does it (1) sufficiently protect privacy and civil liberties, (2) ensure that a civilian department -- not an intelligence agency -- is the primary point of entry for cybersecurity information sharing, and (3) provide narrowly tailored liability protections that would allow the private sector to respond to threats

    That will be relevant as the Senate considers information-sharing bills in the coming months and in any subsequent conference, should any draft earn enough votes in the House of Representatives.

  • Remind the nation that there is bipartisan agreement across government and civil society that the nation needs to share information better to detect and respond to threats, as long as such sharing protects civil rights and upholds the Bill of Rights online.
  • "There is broad consensus on the need for more threat-related information sharing -- including among the leading privacy advocates we regularly engage on the issue," wrote Park and Daniel. "The essential question on which people across the spectrum disagree isn't if we can share cybersecurity information and preserve the principles of privacy and liberty that make the United States a free and open society -- but how."

  • Affirm that the American people have a right to privacy. Protecting those rights, given the expanded information sharing in government, that has already happened, hasn't become any easier in the wake of a surge in hacking and data breaches over the past few years.
  • In the months to come, the Senate looks likely to consider an update to the Electronic Communications Privacy Act. Such a reform could add badly needed digital due process for law enforcement that wishes to access the online email and data of citizens.

  • Connect with the 117,576 people who put their signatures on the e-petition. The WeThePeople platform now has some 8 million users and continues to grow quickly. It has quickly become one of the biggest open government websites on the planet.
  • Whether the voices of the people on it are driving administration policy remains up for the debate. What can't be said now is that they're not paying attention to the issues raised. We, the People, should be heard. Now there are new ways to you raise your voice.