As an amended version of CISPA nears a vote on the House floor, the White House has once again stated that it has fundamental problems with the cybersecurity bill in its current form. In an official policy statement, the Obama Administration said that lawmakers had not addressed several issues regarding information-sharing and privacy, and that "if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill." Instead, it urged a continuing dialog between Congress and the President in order to create a more acceptable version.
Specifically, the White House remains concerned that CISPA does not require companies to "take reasonable steps" to strip personal information when sharing user data with the government or other businesses. This has been a major point of contention between CISPA supporters and civil libertarians, who worry that the bill would give companies immunity for swapping user data inappropriately. The White House says that an amended CISPA should "incorporate privacy and civil liberties safeguards" into its text, but it also worries more generally about limiting the liability of companies when they're faced with a potential security problem. "Even if there is no clear intent to do harm," the statement reads, "the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm," it writes.
"The law should not immunize a failure to take reasonable measures... to prevent harm."
The White House has already indicated that Obama isn't likely to support the bill as written; the National Security Council raised similar concerns with it last week. However, while this isn't good news for CISPA, the bill has a long road before it gets to Obama's desk. After passing out of a House committee, it's set to come up for a vote as soon as tomorrow, after which it will still need to pass through the Senate — something it failed to do last year, effectively killing it until it was reintroduced in February. As before, several tech companies and lobbying groups have expressed support for the legislation, and Obama himself has pushed for legal changes after issuing an executive cybersecurity order earlier this year. Right now, though, CISPA will need to change before it gets his support.