Obama threatens veto of CISPA database-sharing bill

White House veto threat says CISPA legislation does not adequately protect Americans' privacy, raising the odds that controversial data-sharing bill is doomed this year.

President Obama has threatened to veto CISPA because it may not "safeguard personal information adequately."

The White House today delivered a formal veto threat against a controversial data-sharing bill called CISPA that would allow intelligence agencies to collect personal information about Americans from private companies.

In a statement this afternoon, President Obama's aides said they "would recommend that he veto the bill," which is scheduled for a House of Representatives floor vote this week.

A House committee approved CISPA last week without four key privacy amendments sought by opponents that would have curbed the National Security Agency's ability to collect confidential data. (See CNET's CISPA FAQ.)

The White House had threatened a CISPA veto last year, but its backers had hoped that some changes they made, coupled with a related presidential executive order in January, meant the veto threat would not be renewed. Today's statement says:

The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable - and not granted immunity - for failing to safeguard personal information adequately...

The Administration supports incentivizing industry to share appropriate cybersecurity information by providing the private sector with targeted liability protections. However, the Administration is concerned about the broad scope of liability limitations in H.R. 624. Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals.

House Intelligence chairman Mike Rogers (R-Mich.), CISPA's primary author, described the veto threat as "flabbergasting."

"I do not believe the administration knows how to work with a legislative body," Rogers said during a meeting of the House Rules committee. "We have come a long way on some of their points."

CISPA's advocates say it's needed to encourage companies to share more information with the federal government, and to a lesser extent among themselves. A "Myth v. Fact" paper (PDF) prepared by the House Intelligence committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.

Critics of CISPA are hoping for a second chance during this week's floor debate to offer their privacy-protective amendments.

Rep. Adam Schiff (D-Calif.), who voted against the bill during last week's House Intelligence meeting, said at the time he was "disappointed" that his proposal was overwhelmingly rejected by his colleagues.

"It is not too much to ask that companies make sure they aren't sending private information about their customers, their clients, and their employees to intelligence agencies," Schiff said.

Unlike last year's Stop Online Piracy Act outcry, in which Internet users and civil liberties groups allied with technology companies against Hollywood, no broad alliance exists this time. Companies including AT&T, Comcast, EMC, IBM, Intel, McAfee, Oracle, Time Warner Cable, and Verizon have instead signed on as supporters.

There are some exceptions. As CNET reported last month Facebook has been one of the few companies to rescind its support. Microsoft has also backed away. Google has not taken a public position.

CISPA is controversial because it overrules all existing federal and state laws by saying "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government." It would not, however, require them to do so.

That language has alarmed dozens of advocacy groups, including the American Library Association, the ACLU, the Electronic Frontier Foundation, and Reporters Without Borders, which sent a letter (PDF) to Congress last month opposing CISPA. It says: "CISPA's information sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records or the content of e-mails, to any agency in the government."

A similar coalition mounted an attempt to defeat CISPA last year. It failed: despite a presidential veto threat and criticism from Rep. Jared Polis (D-Colo.) and Ron Paul (R-Tex.), the House of Representatives approved the measure by a largely party line vote of 248 to 168. The bill did not, however, receive a vote in the Senate, and never became law.