Cyber Intelligence Sharing and Protection Act explained

See also: Cybersecurity Information Sharing Act.

Cyber Intelligence Sharing and Protection Act
Fullname:To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.
Acronym:CISPA
Leghisturl:http://thomas.loc.gov/cgi-bin/bdquery/z?d113:HR00624:@@@L&summ2=m&
Introducedin:House
Introducedbill:H.R. 3523
Introducedby:Mike Rogers (R-MI)
Introduceddate:November 30, 2011
  • Passed the House on April 26, 2012 (248–168) (failed to become law when it did not pass the Senate in the same session)
  • Reintroduced in the House as H.R. 624 by Mike Rogers (R-MI) on February 12, 2013
  • Passed the House on April 18, 2013 (288–127)
  • Received in the Senate on April 22, 2013
  • Reintroduced in the House as H.R. 234 by Dutch Ruppersberger (D-MD) on January 8, 2015 and has since been referred to two additional committees as of February 2, 2015.
Committees:House Select Committee on Intelligence, Senate Select Committee on Intelligence

The Cyber Intelligence Sharing and Protection Act (CISPA (112th Congress), (113th Congress), (114th Congress)) was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.[1]

The legislation was introduced on November 30, 2011, by Representative Michael Rogers (R-MI) and 111 co-sponsors.[2] [3] It was passed in the House of Representatives on April 26, 2012, but was not passed by the U.S. Senate.[4] President Barack Obama's advisers have argued that the bill lacks confidentiality and civil liberties safeguards, and the White House said he would veto it.[5]

In February 2013, the House reintroduced the bill and it passed in the United States House of Representatives on April 18, 2013, but stalled and was not voted upon by the Senate.[6] [7] [8] On July 10, 2014, a similar bill, the Cybersecurity Information Sharing Act (CISA), was introduced in the Senate.[9]

In January 2015, the House reintroduced the bill again.[10] The bill has been referred to the Committee on Intelligence, and as of February 2, 2015, to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations and Subcommittee on Constitution and Civil Justice to see if it will come to the House for a vote. In December 2015 a version of CISPA was hidden in the total federal budget.

CISPA had garnered favor from corporations and lobbying groups such as Microsoft, Facebook, AT&T, IBM, and the United States Chamber of Commerce, which look on it as a simple and effective means of sharing important cyber threat information with the government.[11] It has however been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation, the American Civil Liberties Union, Free Press, Fight for the Future, and Avaaz.org, as well as various conservative and libertarian groups including the Competitive Enterprise Institute, TechFreedom, FreedomWorks, Americans for Limited Government, Liberty Coalition, and the American Conservative Union. Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual's Internet browsing information. Additionally, they fear that such new powers could be used to spy on the general public rather than to pursue malicious hackers.[12] [13]

Some critics saw wording included in CISPA, as a second attempt to protect intellectual property after the Stop Online Piracy Act was taken off the table by Congress after it met opposition.[14] Intellectual property theft was initially listed in the bill, as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts.[15]

Content

CISPA is an amendment to the National Security Act of 1947, which does not currently contain provisions pertaining to cybercrime. It adds provisions to the Act describing cyber threat intelligence as "information in possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from either "efforts to degrade, disrupt, or destroy such system or network".[16] In addition, CISPA requires the Director of National Intelligence to establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and encourage the sharing of such intelligence.[17] [18]

In an April 16, 2012, press release, the House of Representatives Permanent Select Committee on Intelligence announced the approval of several amendments to CISPA, including the addition of a new provision "to permit federal lawsuits against the government for any violation of restrictions placed on the government's use of voluntarily shared information, including the important privacy and civil liberties protections contained in the bill", the inclusion of an anti-tasking provision to "explicitly prohibits the government from conditioning its sharing of cyber threat intelligence on the sharing of private sector information with the government", and the prevention of the government from using the information for "any other lawful purpose unless the government already has a significant cybersecurity or national security purpose in using the information". Relevant provisions were also clarified to "focus on the fact that the bill is designed to protect against unauthorized access to networks or systems, including unauthorized access aimed at stealing private or government information".[19] In addition, already collected cyberthreat data can also be used to investigate "the imminent threat of bodily harm to an individual" or "the exploitation of a minor," bringing the bill into line with existing law codified by the Patriot Act and the PROTECT Our Children Act[20] in which these two conditions already allow for protected entities to share data voluntarily with the United States government, law enforcement agencies, and the National Center for Missing and Exploited Children.[21]

Recent developments

Bill sponsors Mike Rogers and Dutch Ruppersberger, the chairman and ranking member of the House Intelligence Committee, respectively, said on April 25, 2012, that the Obama administration's opposition is mostly based on the lack of critical infrastructure regulation, something outside of the jurisdiction of the Intelligence committee; they have also since introduced a package of amendments to the legislation that, "address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans".[22]

Due to the opposition the bill has experienced, the co-sponsors are planning to amend the bill to address many of the concerns of its opponents—including limiting its scope to a narrower definition of cyber-threats, and stating that the "theft of intellectual property" refers to the theft of research and development. In addition, there will now be penalties if private companies or the government uses data from CISPA for purposes "unrelated to cyberthreats".[23] [24]

However, Sharan Bradford Franklin, of the Constitution Project states, "Although we appreciate the Intelligence Committee's efforts to improve the bill and willingness to engage in a dialogue with privacy advocates, the changes in its most current draft do not come close to addressing the civil liberties threats posed by the bill, and some of the proposals would actually make CISPA worse. Therefore, Congress should not pass CISPA".[25]

Rainey Reitman, of the Electronic Frontier Foundation states, "To date, the authors of the bill have been unresponsive to these criticisms, offering amendments that are largely cosmetic. Dismissing the grave concerns about how this bill could undermine the core privacy rights of everyday Internet users, Rep. Mike Rogers characterized the growing protests against CISPA as 'turbulence' and vowed to push for a floor vote without radical changes."[26]

Kendall Burman of the Center for Democracy and Technology states, "The authors of CISPA have made some positive changes recently. Unfortunately, none of the changes gets to the heart of the privacy concerns that Internet users and advocacy groups have expressed."[27]

In April 2012, the Office of Management and Budget of the Executive Office of the President of the United States released a statement strongly opposing the current bill and recommending to veto it.[28]

On April 26, 2012, the House of Representatives passed CISPA.

On February 13, 2013, United States Representative Mike Rogers reintroduced the CISPA bill in the 113th Congress as H.R. 624.[6]

On April 18, 2013, the House of Representatives passed H.R. 624.[8] The Senate has reportedly refused to vote on the measure and is drafting competing legislation.[29]

On July 10, 2014, a similar bill, the Cybersecurity Information Sharing Act (CISA), was introduced in the Senate.[9]

House voting counts

House vote on April 26, 2012 passing CISPA
AffiliationYes votesNo votesDid not vote
Democraticalign=center 42align=center 140align=center 8
Republicanalign=center 206align=center 28align=center 7
Totalalign=center 248align=center 168align=center 15

A full list can be seen at the house.gov site.[30]

House vote on April 18, 2013 passing CISPA
AffiliationYes votesNo votesDid not vote
Democraticalign=center 92align=center 98align=center 11
Republicanalign=center 196align=center 29align=center 6
Totalalign=center 288align=center 127align=center 17

A full list can be seen at the house.gov site.[31]

Supporters

CISPA is supported by several trade groups containing more than eight hundred private companies, including the Business Software Alliance, CTIA – The Wireless Association, Information Technology Industry Council, Internet Security Alliance, National Cable & Telecommunications Association, National Defense Industrial Association, TechAmerica and United States Chamber of Commerce, in addition to individual major telecommunications and information technology companies like AT&T, IBM, Intel, Oracle Corporation, Symantec, and Verizon.[32] [33] Google has not taken a public position on the bill.[34] Leading Google, Yahoo, and Microsoft executives are also on the executive council of TechNet, a tech trade group which sent a letter supporting CISPA in April 2013.[35] [36]

Opposition

Week of action

Dubbed the "Stop Cyber Spying Week", starting on April 16, 2012, many civil liberties groups and advocates raised the awareness of CISPA (through a Twitter campaign with the hash-tags #CISPA and #CongressTMI,) including, but not limited to, the Constitution Project, American Civil Liberties Union, Electronic Frontier Foundation, Center for Democracy and Technology, Demand Progress, Fight for the Future, Free Press, Reporters Without Borders, Sunlight Foundation, and TechFreedom.[62] [63] [64] [65] [66]

Blackout day

Anonymous, a hacktivist group, has criticized the bill and called for an "Internet blackout day" to protest the bill. The date of the blackout was April 22, 2013.[67]

Prior attempts for U.S. cybersecurity bills

Since legislation must pass the House and the Senate within the same Congress, anything introduced during the 112th or earlier Congresses has to pass both chambers again.

Senate

House of Representatives

See also

External links

114th Congress

113th Congress

Notes and References

  1. Web site: HR 3523 as reported to the House Rules Committee . dead . https://web.archive.org/web/20130228035632/http://www.rules.house.gov/Media/file/PDF_112_2/LegislativeText/CPRT-112-HPRT-RU00-HR3523.pdf . February 28, 2013 . mdy-all .
  2. Web site: H.R. 3523 . Library of Congress . April 5, 2012 . December 16, 2012 . https://web.archive.org/web/20121216175227/http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3523: . dead .
  3. Web site: Current Status of CISPA . GovTrack . April 18, 2012.
  4. Web site: FINAL VOTE RESULTS FOR ROLL CALL 192 . April 26, 2012.
  5. News: Cyber-security bill Cispa passes US House . . April 26, 2012 . May 1, 2012.
  6. http://www.informationweek.com/security/cybercrime/cispa-cybersecurity-bill-reborn-6-key-fa/240148600 "CISPA Cybersecurity Bill, Reborn: 6 Key Facts"
  7. News: Senate Won't Vote On CISPA, Deals Blow To Controversial Cyber Bill . . April 25, 2013 . April 26, 2013 . Gerry . Smith.
  8. http://clerk.house.gov/evs/2013/roll117.xml "FINAL VOTE RESULTS FOR ROLL CALL 117"
  9. https://www.forbes.com/sites/gregorymcneal/2014/07/09/controversial-cybersecurity-bill-known-as-cisa-advances-out-of-senate-committee/ "Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee"
  10. Web site: The New CISPA Bill Is Literally Exactly the Same as the Last One. Kate. Knibbs. Gizmodo. January 14, 2015. January 16, 2015.
  11. News: CISPA: Who's for it, who's against it and how it could affect you . Hayley Tsukayama . . April 27, 2012 . May 1, 2012.
  12. Web site: Masnick . Mike . Forget SOPA, You Should Be Worried About This Cybersecurity Bill . Techdirt . April 2, 2012 . April 11, 2012.
  13. http://techland.time.com/2012/04/19/5-reasons-the-cispa-cybersecurity-bill-should-be-tossed/ 5 Reasons the CISPA Cybersecurity Bill Should Be Tossed
  14. News: CISPA legislation seen by many as SOPA 2.0 . Morgan Little . . April 9, 2012 . April 30, 2012.
  15. Web site: House Cybersecurity Bill Backs Off On IP Theft Provisions . subscription . Law360 . Dietrich . Knauth . April 16, 2012 . April 18, 2012 . live . https://archive.today/20210604121536/https://www.law360.com/articles/330398/house-cybersecurity-bill-backs-off-on-ip-theft-provisions . 4 June 2021 .
  16. "H.R. 3523 Discussion Draft" - U.S. House of Representatives - November 29, 2011.
  17. Web site: H.R.3523 - CRS Summary . Congressional Research Service . THOMAS (Library of Congress) . April 5, 2012 . July 3, 2016 . https://web.archive.org/web/20160703182055/http://thomas.loc.gov/cgi-bin/bdquery/z?d112:HR03523:@@@D&summ2=m& . dead .
  18. Kominsky. Mitchell. February 6, 2014. The Current Landscape of Cybersecurity Policy: Legislative Issues in the 113th Congress. Harvard Law School National Security Journal . live . https://web.archive.org/web/20221106120938/http://harvardnsj.org/2014/02/the-current-landscape-of-cybersecurity-policy-legislative-issues-in-the-113th-congress/ . Nov 6, 2022 .
  19. Web site: Bill Status Update - H.R. 3523 . Apr 16, 2012 . . April 17, 2012 . https://web.archive.org/web/20160507041051/http://intelligence.house.gov/press-release/bill-status-update-hr-3523 . May 7, 2016 . dead .
  20. Web site: S.1738 - 110th Congress (2007-2008): PROTECT Our Children Act of 2008 . live . https://web.archive.org/web/20230803203344/https://www.congress.gov/bill/110th-congress/senate-bill/1738 . Aug 3, 2023 . Congress.gov.
  21. Web site: PROTECT Our Children Act of 2008 (2008; 110th Congress S. 1738) . GovTrack.us . live . https://web.archive.org/web/20230803203336/https://www.govtrack.us/congress/bills/110/s1738 . Aug 3, 2023 .
  22. News: Albanesius . Chloe . White House Threatens to Veto CISPA . PC Magazine . April 25, 2012 . live . https://web.archive.org/web/20180809114548/https://www.pcmag.com/article2/0,2817,2403549,00.asp . Aug 9, 2018 .
  23. Web site: Couts . Andrew . April 10, 2012 . New CISPA amendments expected — but the fight will go on . live . https://web.archive.org/web/20160422082117/http://www.digitaltrends.com/web/new-cispa-amendments-expected-but-the-fight-will-go-on/ . Apr 22, 2016 . Digital Trends.
  24. http://www.digitaltrends.com/web/cispa-and-sopa-like-apples-and-oranges-say-chief-co-sponsors/ CISPA and SOPA like 'apples and oranges,' say chief co-sponsors
  25. Web site: CISPA Lacks Protections for Individual Rights . USNews . April 18, 2012.
  26. Web site: CISPA Is Dangerously Vague . USNews . April 18, 2012.
  27. Web site: CISPA Not the Right Way to Achieve Cybersecurity . USNews . April 18, 2012 . https://web.archive.org/web/20160409074910/http://www.usnews.com/debate-club/should-the-congress-pass-cispa/cispa-not-the-right-way-to-achieve-cybersecurity . April 9, 2016 . dead .
  28. https://obamawhitehouse.archives.gov/sites/default/files/omb/legislative/sap/112/saphr3523r_20120425.pdf Statement of Administration Policy - H.R. 3523 - Cyber Intelligence Sharing and Protection Act
  29. News: Smith . Gerry . Senate Won't Vote On CISPA, Deals Blow To Controversial Cyber Bill . April 29, 2013 . . April 25, 2013.
  30. Web site: FINAL VOTE RESULTS FOR ROLL CALL 192 . clerk.house.gov . April 20, 2013.
  31. Web site: FINAL VOTE RESULTS FOR ROLL CALL 117 . clerk.house.gov . April 18, 2013.
  32. Web site: H.R. 3523 - Letters of Support . House Permanent Select Committee on Intelligence . April 26, 2012 . dead . https://web.archive.org/web/20120426182510/http://intelligence.house.gov/hr-3523-letters-support . April 26, 2012 . mdy-all .
  33. Web site: CISPA supporters list: 800+ companies that could help Uncle Sam snag your data . Digital Trends . April 12, 2012.
  34. Web site: Google acknowledges lobbying on cybersecurity bill CISPA . May 9, 2012 . April 23, 2012 . Brendan Sasso . Hillicon Valley.
  35. News: Google, Yahoo, Microsoft execs back CISPA through trade group. Edward. Moyer. 13 April 2013. CNET News.
  36. News: CISPA 2013: Google, Apple Top Massive List Of Supporters Favoring The Controversial Cybersecurity Bill. Dave. Smith. 12 April 2013. International Business Times. https://web.archive.org/web/20210224145609/https://www.ibtimes.com/cispa-2013-google-apple-top-massive-list-supporters-favoring-controversial-1189545 . 24 February 2021.
  37. Web site: Opposition grows to CISPA 'Big Brother' cybersecurity bill . CNET . April 23, 2012.
  38. News: Ron Paul says Cispa cyberterrorism bill would create 'Big Brother' culture . GuardianUK . April 23, 2012 . London . Dominic . Rushe . April 23, 2012.
  39. Web site: CISPA is the new SOPA . The Hill . April 23, 2012 . April 23, 2012.
  40. Web site: Letter To Congress . Privacy Lives . April 23, 2012.
  41. Web site: Free Market Coalition: Amend CISPA to Preserve Freedom, Prevent Gov't Overreach . CEI . April 23, 2012.
  42. Web site: Voices of Opposition Against CISPA . April 19, 2012 . EFF . April 23, 2012.
  43. Web site: An Open Letter From Security Experts, Academics and Engineers to the U.S. Congress: Stop Bad Cybersecurity Bills . April 23, 2012 . EFF . April 23, 2012.
  44. Web site: Don't Let Congress Use "Cybersecurity" Fears to Erode Digital Rights . EFF . April 7, 2012.
  45. News: Anti-CISPA Petition On Avaaz.org Approaches 800,000 Signatures . Timothy . Stenovec . Huffington Post . April 25, 2012 . June 8, 2015.
  46. News: Human rights group Avaaz launches a petition against CISPA . https://web.archive.org/web/20120419093748/http://www.theinquirer.net/inquirer/news/2168668/human-rights-avaaz-launches-petition-cispa . unfit . April 19, 2012 . Lee . Bell . The Inquirer . Incisive Media . London . April 18, 2012 . June 7, 2015.
  47. Web site: Cybersecurity's 7-Step Plan for Internet Freedom | Center for Democracy & Technology . April 10, 2012 . https://web.archive.org/web/20130525001944/https://www.cdt.org/blogs/greg-nojeim/2803cybersecuritys-8-step-plan-internet-freedom . May 25, 2013 . dead .
  48. Web site: Cybersecurity's 7-Step Plan for Internet Freedom . CDT . April 10, 2012 . https://web.archive.org/web/20130525001944/https://www.cdt.org/blogs/greg-nojeim/2803cybersecuritys-8-step-plan-internet-freedom . May 25, 2013 . dead .
  49. Web site: Lungren Cybersecurity Bill Takes Careful, Balanced Approach . February 2, 2012 . CDT . April 10, 2012.
  50. Web site: H.R. 3674: PRECISE Act of 2011 . GovTrack.us . April 10, 2012.
  51. Web site: ISSUE ALERT: Cybersecurity Bills Pending in U.S. House Threaten Privacy Rights and Civil Liberties . TCP . April 11, 2012 . https://web.archive.org/web/20120422143429/http://archive.constantcontact.com/fs092/1101561619973/archive/1109744955764.html . April 22, 2012 . dead .
  52. Web site: ACLU Opposition to H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 . ACLU . April 13, 2012.
  53. Web site: CISPA is Terrible for Transparency . Sunlight Foundation . April 14, 2012.
  54. Web site: Ron Paul is right about CISPA: It must be stopped . Current TV . April 25, 2012 . https://web.archive.org/web/20120425225947/http://current.com/shows/the-young-turks/videos/ron-paul-is-right-about-cispa-it-must-be-stopped . April 25, 2012 . dead .
  55. Web site: CISPA Is The New SOPA: Help Kill It . Demand Progress . April 14, 2012.
  56. Web site: Letter to Rogers and Ruppersberger . CEI . April 23, 2012.
  57. Web site: Draconian cyber security bill could lead to Internet surveillance and censorship . RWB . April 15, 2012 . March 12, 2016 . https://web.archive.org/web/20160312110058/http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html . dead .
  58. Web site: Mozilla breaks ranks with Silicon Valley, comes out against CISPA . The Hill . May 2, 2012 . May 3, 2012.
  59. Web site: Letter in regards to CISPA . ACM . June 6, 2012.
  60. Web site: Letter in regards to CISPA . April 17, 2013 . https://web.archive.org/web/20130521030811/http://www.igda.org/node/1043370 . May 21, 2013 . dead .
  61. Web site: Cover Photos . Libertarian Party's Page . Facebook . 22 April 2013.
  62. Web site: Kicking off "Stop Cyber Spying Week" . April 16, 2012 . ACLU . April 16, 2012.
  63. Web site: Stop Cyber Spying Week Launches to Protest CISPA . April 15, 2012 . EFF . April 16, 2012.
  64. Web site: Week of Action On CISPA Preceding "Cybersecurity Week" in the House . CDT . April 16, 2012 . https://web.archive.org/web/20130523123952/https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house . May 23, 2013 . dead .
  65. Web site: Save The Internet . Free Press . April 16, 2012 . dead . https://web.archive.org/web/20120618050941/http://www.savetheinternet.com/ . June 18, 2012 . mdy .
  66. Web site: Internet Advocacy Coalition Announces Twitter Campaign to Fight Privacy-Invasive Bill (CISPA . En.rsf.org . April 22, 2013 . March 22, 2016 . https://web.archive.org/web/20160322032734/https://en.rsf.org/etats-unis-internet-advocacy-coalition-16-04-2012,42283.html . dead .
  67. Web site: Everything Anonymous . AnonNews.org . April 22, 2013 . https://web.archive.org/web/20130806160341/http://anonnews.org/press/item/2290 . August 6, 2013 . dead .
  68. Web site: S. 2151: SECURE IT . GovTrack.us . April 13, 2012.
  69. Web site: S. 2105: Cybersecurity Act of 2012 . GovTrack.us . April 13, 2012.
  70. News: Senators Purge Regulations from Cybersecurity Bill: Obama Calls for Passage of Revised Cybersecurity Act of 2012 . July 20, 2012 . gov info security . July 19, 2012 . Eric Chabrow . dead . https://web.archive.org/web/20120804204617/http://www.govinfosecurity.com/senators-purge-regulations-from-cybersecurity-bill-a-4969 . August 4, 2012 . mdy .
  71. Web site: H.R. 3674: PRECISE Act of 2011 . GovTrack.us . April 13, 2012.
  72. Web site: House Homeland Security Panel Fights to Stay in Cybersecurity Debate . nationaljournal . April 20, 2012 . dead . https://web.archive.org/web/20130509124840/http://mobile.nationaljournal.com/tech/house-homeland-security-panel-fights-to-stay-in-cybersecurity-debate-20120418 . May 9, 2013 . mdy .
  73. Web site: Federal Information Security Amendments Act of 2012 . GovTrack.us . April 18, 2012.