White House backs CISA's privacy provisions

The White House is defending the privacy protections in a Senate-passed cybersecurity bill despite a string of privacy-focused amendments being voted down.

The Cybersecurity Information Sharing Act that the Senate passed Oct. 27 includes a "number of very key privacy provisions and use of limitations on how that cybersecurity information can be used," said White House Cybersecurity Coordinator Michael Daniel.

The House passed two cybersecurity bills that would govern the sharing of threat indicators and information between government and the private sector. As the Senate and House go to conference on the various information-sharing bills, "the administration will be pushing to ensure that there are very robust privacy provisions" in the final product, added Daniel, who spoke Nov. 4 at a Council on Foreign Relations conference in Washington.

Privacy has long been a point of contention in efforts to pass legislation that would make it easier for companies to share cyberthreat information among themselves and with the government.

In January, White House officials released a legislative proposal for information sharing that they touted as privacy friendly by emphasizing that it stripped personal information out of the "threat indicators" shared with the government. The version of CISA passed by the Senate guards against the disclosure of threat indicators that contain personal information and includes a requirement for the timely destruction of personal information known not to be relevant to cyberthreats.

But multiple amendments dealing with privacy failed to pass the Senate last month, including a measure sponsored by Sen. Ron Wyden (D-Ore.) designed to provide an additional layer of protection for personal data contained in threat indicators.

Some privacy groups responded to the bill's passage with indignation; the Center for Democracy and Technology called it a huge step backward for American privacy rights.

"I think the privacy groups are going to weigh in very heavily in this conference committee, and I expect them to and I hope they do," said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, at the Council on Foreign Relations event.

An amendment sponsored by Sen. Tom Cotton (R-Ark.) that failed to pass with CISA is "going to be a big issue in conference," McCaul added.

That amendment would have included the FBI and the Secret Service as information-sharing channels with the private sector, whereas CISA leaves that job to the Department of Homeland Security. The White House strongly objects to those exceptions to DHS as the hub for information sharing, but McCaul said a House bill that will be part of the reconciliation process contains language similar to the Cotton amendment.

Daniel also said the administration was not likely to reverse its decision to stop pursuing a legislative solution to law enforcement concerns about end-to-end encryption on mobile devices.

"We don't see much value in pursuing that course right now, and I don't think that that's going to change anytime soon," Daniel said.