Cybersecurity

White House backs CISA's privacy provisions

photo credit: Sean Lyngaas

At a recent event, the White House's Michael Daniel said the administration wants to ensure that the final cybersecurity information-sharing law contains "very robust privacy provisions."

The White House is defending the privacy protections in a Senate-passed cybersecurity bill despite a string of privacy-focused amendments being voted down.

The Cybersecurity Information Sharing Act that the Senate passed Oct. 27 includes a "number of very key privacy provisions and use of limitations on how that cybersecurity information can be used," said White House Cybersecurity Coordinator Michael Daniel.

The House passed two cybersecurity bills that would govern the sharing of threat indicators and information between government and the private sector. As the Senate and House go to conference on the various information-sharing bills, "the administration will be pushing to ensure that there are very robust privacy provisions" in the final product, added Daniel, who spoke Nov. 4 at a Council on Foreign Relations conference in Washington.

Privacy has long been a point of contention in efforts to pass legislation that would make it easier for companies to share cyberthreat information among themselves and with the government.

In January, White House officials released a legislative proposal for information sharing that they touted as privacy friendly by emphasizing that it stripped personal information out of the "threat indicators" shared with the government. The version of CISA passed by the Senate guards against the disclosure of threat indicators that contain personal information and includes a requirement for the timely destruction of personal information known not to be relevant to cyberthreats.

But multiple amendments dealing with privacy failed to pass the Senate last month, including a measure sponsored by Sen. Ron Wyden (D-Ore.) designed to provide an additional layer of protection for personal data contained in threat indicators.

Some privacy groups responded to the bill's passage with indignation; the Center for Democracy and Technology called it a huge step backward for American privacy rights.

"I think the privacy groups are going to weigh in very heavily in this conference committee, and I expect them to and I hope they do," said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, at the Council on Foreign Relations event.

An amendment sponsored by Sen. Tom Cotton (R-Ark.) that failed to pass with CISA is "going to be a big issue in conference," McCaul added.

That amendment would have included the FBI and the Secret Service as information-sharing channels with the private sector, whereas CISA leaves that job to the Department of Homeland Security. The White House strongly objects to those exceptions to DHS as the hub for information sharing, but McCaul said a House bill that will be part of the reconciliation process contains language similar to the Cotton amendment.

Daniel also said the administration was not likely to reverse its decision to stop pursuing a legislative solution to law enforcement concerns about end-to-end encryption on mobile devices.

"We don't see much value in pursuing that course right now, and I don't think that that's going to change anytime soon," Daniel said.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.