Ruppersberger and Rogers will meet next week with members of the Senate to discuss information sharing legislation.
According to a Hill staffer involved in managing the process, the White House put five issues on the table that needed to be addressed: language allowing agencies to share information for “national security” purposes; a requirement that the government limit the impact on privacy and civil liberties of the sharing of cyber-threat information, via procedures known as “minimization;” provisions on information being shared through a civilian, rather than military or intelligence, agency; the scope of liability protections for industry that share threat data; and a requirement that the private sector make a “reasonable effort” at minimization of “personally identifiable information,” such as Social Security numbers or financial records.
By the staffer’s estimation, the committee obliged the White House on three and a half of those five issues — national security purposes, mandatory government minimization, civilian information sharing, and in part, liability protections.
Critics saw it differently; Michelle Richardson, legislative counsel in the American Civil Liberties Union’s Washington office, said the language on information sharing through a civilian agency, for instance, still allowed businesses to share directly with military and intelligence agencies even though it designated the Departments of Homeland Security and Justice as “lead” agencies.
By the sponsors’ reckoning, it couldn’t address every issue without losing industry support. In an April 10 letter, a coalition of business groups including the U.S. Chamber of Commerce warned that the private sector minimization proposal by Rep. Adam B. Schiff, D-Calif., would be a significant impediment for small businesses trying to share information with the government.
A senior administration official, however, contended that none of the changes the White House wanted would have hampered information sharing, and that the administration has reached out to businesses to discuss ways they could implement minimization procedures.
Nonetheless, the changes won over many Democrats. The civilian agency language came via a last-minute addition worked out between Rogers and Ruppersberger with the leaders of the House Homeland Security Committee, Chairman Michael McCaul, R-Texas, and ranking Democrat Bennie Thompson of Mississippi. The language appeared to swing some members of that committee to a “yes” vote, in particular.
None of it swayed the White House. Before the McCaul-Thompson amendment, the White House issued a statement of administration policy spelling out the veto threat. Even after the amendment, the administration did not significantly change its position, although a senior administration official said it was a “step in the right direction.”
“The committee was quite surprised by it,” Sewell said.
Ruppersberger, at least, said he wasn’t surprised, because the sponsors didn’t make every change the White House wanted.
But privately, many backers of the bill fumed.
“Folks were frustrated about the veto threat,” said one industry lobbyist. The sentiment was, according to the lobbyist, “We want your support. If you put value in passing an information sharing bill, at least don’t threaten to veto the darn thing.”
Those who weren’t upset were confused by what the White House had to gain with the veto threat. Another industry lobbyist speculated that the administration was trying to “throw a bone” to liberal Democrats who had become very critical of the administration’s record on national security issues related to privacy and civil liberties.