The White House has extended its support to a pair of cybersecurity bills scheduled for a House floor vote this week. Both pieces of draft legislation would enable private companies to share cyberthreat information with civilian agencies of the federal government — such as the Department of Homeland Security — as well as with other companies.
In a pair of Statements of Administration Policy put out yesterday, President Obama praised the House and Senate for negotiating a focused approach to defending cyberattacks, even as he raised concerns about these bills' potential to facilitate abusive corporate power and civil liberties violations.
The bills enjoy bipartisan support, and, after an escalating series of corporate hacks, the proposals claim the endorsement of industries including finance, tech, retail, and automotive. Representatives from both sides of the aisle argue that the bills safeguard privacy and civil liberties while protecting cyberinfrastructure from new threats. Critics, on the other hand, maintain that the country's vulnerability to cyberattacks is being used as an excuse to grant the government and private entities the authority to surveil innocent users.
One of the main provisions of the bills grants liability protection to companies that share (identity-stripped) information about their customers with the government. But in his statement, President Obama said he believes the protections the bills afford are too sweeping.
"Appropriate liability protections should incentivize good cybersecurity practices and should not grant immunity to a private company for failing to act on information it receives about the security of its networks," the White House statement said. "Such a provision would remove incentives for companies to protect their customers' personal information and may weaken cybersecurity writ large."
Speaking specifically about the bill out of the the House Permanent Select Committee on Intelligence, which is expected to pass later today, April 22, the White House said the scope of the liability protections may even provide immunity to companies that are "grossly negligent or even reckless." The president went on to express concerns that the collaborative information sharing intended for cybersecurity may be used by businesses for anticompetitive purposes.
Despite these reservations, the Obama administration said a workable solution can be found and backs the passage of the legislation.