President Obama Tuesday threatened to veto the overarching cybersecurity bill known as CISPA if it passes Congress "as currently crafted," citing consumer privacy concerns.
For two years, legislators have been attempting to pass the Cyber Intelligence Sharing and Protection Act, which would allow the government to share classified "cyber threat" information with corporations. While cybersecurity has been a key focus of the administration (Obama issued an executive order in February to address the problem), his administration said Tuesday that the bill still contains language that could infringe on personal liberties.
"The administration still seeks additional improvements and if the bill, as currently crafted, were presented to the president, his senior advisers would recommend that he veto the bill," the White House said in a statement released to reporters.
The bill is expected to hit the House floor on Wednesday.
Though the bill has undergone significant revisions since it was first introduced in November, 2011, when it would have allowed corporations wide latitude to share customer information with the federal government, the administration "remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities."
Last year's version of CISPA passed the House of Representatives in April, but died in the Senate. At the time, Obama threatened to veto the bill. Rep. Mike Rogers (R-Mich.), reintroduced the bill in February with the promise of assuaging the concerns of the privacy community.
"We want to make sure we meet the level of privacy concerns. We're working on writing very direct language to reiterate that," Rogers said at a cybersecurity discussion in Washington, D.C. last month. "It's good to share. All we're talking about doing is taking malicious source code and sharing that with [companies] in a classified way … our NSA is not monitoring the Internet here in the United States."
The latest version of CISPA, which was tentatively scheduled to be voted on in the House this week, would have granted corporations immunity if they shared information with the government without clear intent to do harm.
"Citizens have a right to know that corporations will be held accountable—and not granted immunity—for failing to safeguard personal information adequately," Obama's statement added. "Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures … to prevent harm."