Administration Issues Veto Threat Against House Cyberbill, Citing Privacy Concerns

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  


The Obama administration April 16 issued a statement of administration policy in which it threatened to veto a controversial cybersecurity bill from the House Intelligence Committee, citing privacy concerns.

“Citizens have a right to know that corporations will be held accountable--and not granted immunity--for failing to safeguard personal information adequately,” the statement of administration policy said.

The Intelligence Committee passed the bill April 10 during a closed-door markup, after adopting several amendments, including one to clarify that the measure is not intended to authorize companies that have suffered a cyber-attack to engage in “hacking back” (12 PVLR 633, 4/15/13).

The House adopted several privacy amendments to the Cyber Intelligence Sharing and Protection Act (CISPA) before approving the measure April 18 (see related report).

FISMA Reform Bill Easily Passed

In a related development, the House April 16 passed a series of noncontroversial cybersecurity measures, including legislation (H.R. 1163) to update the Federal Information Security Management Act (FISMA).

H.R. 1163 sailed through the House on a 416-0 vote. That legislation is aimed at improving the framework for safeguarding information technology systems that support the federal government.

“This bipartisan legislation will address the shortcomings of FISMA by incorporating recent technological innovations, and enhance and strengthen the current framework that protects federal information technology systems,” House Oversight and Government Reform Committee Chairman Darrell E. Issa (R-Calif.), the bill's chief sponsor, said in a statement.

Currently, federal agencies are required under FISMA to develop, document, and implement an agencywide program to secure the information and information systems that support the agency's operations and assets, including those provided or managed by a contractor.

Issa's bill would require these programs to include automated and continuous monitoring, when possible, of the risk and magnitude of the harm that could result from the disruption or unauthorized access, use, disclosure, modification, or destruction of information and information systems that support the agency's operations and assets.

The House also easily passed a pair of cybersecurity research and development bills (H.R. 756, H.R. 967).

By Alexei Alexis  

The administration's statement of administration policy on CISPA is available at

H.R. 1163 is available at

H.R. 756 is available at

H.R. 967 is available at