Cyber Intelligence Sharing and Protection Act


The Cyber Intelligence Sharing and Protection Act, , ) was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.
The legislation was introduced on November 30, 2011, by Representative Michael Rogers and 111 co-sponsors. It was passed in the House of Representatives on April 26, 2012, but was not passed by the U.S. Senate. President Barack Obama's advisers have argued that the bill lacks confidentiality and civil liberties safeguards, and the White House said he would veto it.
In February 2013, the House reintroduced the bill and it passed in the United States House of Representatives on April 18, 2013, but stalled and was not voted upon by the Senate. On July 10, 2014 a similar bill, the Cybersecurity Information Sharing Act, was introduced in the Senate.
In January 2015, the House reintroduced the bill again. The bill has been referred to the Committee on Intelligence, and as of February 2, 2015 to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations and Subcommittee on Constitution and Civil Justice to see if it will come to the House for a vote.
In December 2015 a version of CISPA was hidden in the total federal budget.
CISPA had garnered favor from corporations and lobbying groups such as Microsoft, Facebook, AT&T, IBM, and the United States Chamber of Commerce, which look on it as a simple and effective means of sharing important cyber threat information with the government. It has however been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation, the American Civil Liberties Union, Free Press, Fight for the Future, and Avaaz.org, as well as various conservative and libertarian groups including the Competitive Enterprise Institute, TechFreedom, FreedomWorks, Americans for Limited Government, Liberty Coalition, and the American Conservative Union. Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual’s Internet browsing information. Additionally, they fear that such new powers could be used to spy on the general public rather than to pursue malicious hackers.
Some critics saw wording included in CISPA as a second attempt to protect intellectual property after the Stop Online Piracy Act was taken off the table by Congress after it met opposition. Intellectual property theft was initially listed in the bill as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts.

Content

CISPA is an amendment to the National Security Act of 1947, which does not currently contain provisions pertaining to cybercrime. It adds provisions to the Act describing cyber threat intelligence as "information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from either "efforts to degrade, disrupt, or destroy such system or network". In addition, CISPA requires the Director of National Intelligence to establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and encourage the sharing of such intelligence.
In an April 16, 2012, press release, the House of Representatives Permanent Select Committee on Intelligence announced the approval of several amendments to CISPA, including the addition of a new provision "to permit federal lawsuits against the government for any violation of restrictions placed on the government’s use of voluntarily shared information, including the important privacy and civil liberties protections contained in the bill," the inclusion of an anti-tasking provision to "explicitly prohibit the government from conditioning its sharing of cyber threat intelligence on the sharing of private sector information with the government", and the prevention of the government from using the information for "any other lawful purpose unless the government already has a significant cybersecurity or national security purpose in using the information". Relevant provisions were also clarified to "focus on the fact that the bill is designed to protect against unauthorized access to networks or systems, including unauthorized access aimed at stealing private or government information". In addition, already collected cyberthreat data can also be used to investigate "the imminent threat of bodily harm to an individual" or "the exploitation of a minor," bringing the bill into line with existing law codified by the Patriot Act and the PROTECT Our Children Act in which these two conditions already allow for protected entities to share data voluntarily with the United States government, law enforcement agencies, and the National Center for Missing and Exploited Children.

Recent developments

Bill sponsors Mike Rogers and Dutch Ruppersberger, the chairman and ranking member of the House Intelligence Committee, respectively, said on April 25, 2012, that the Obama administration's opposition is mostly based on the lack of critical infrastructure regulation, something outside of the jurisdiction of the Intelligence committee; they have also since introduced a package of amendments to the legislation that, "address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans".
Due to the opposition the bill has experienced, the co-sponsors are planning to amend the bill to address many of the concerns of its opponents—including limiting its scope to a narrower definition of cyber-threats, and stating that the "theft of intellectual property" refers to the theft of research and development. In addition, there will now be penalties if private companies or the government uses data from CISPA for purposes "unrelated to cyberthreats".
However, Sharan Bradford Franklin, of the Constitution Project states, "Although we appreciate the Intelligence Committee's efforts to improve the bill and willingness to engage in a dialogue with privacy advocates, the changes in its most current draft do not come close to addressing the civil liberties threats posed by the bill, and some of the proposals would actually make CISPA worse. Therefore, Congress should not pass CISPA".
Rainey Reitman, of the Electronic Frontier Foundation states, "To date, the authors of the bill have been unresponsive to these criticisms, offering amendments that are largely cosmetic. Dismissing the grave concerns about how this bill could undermine the core privacy rights of everyday Internet users, Rep. Mike Rogers characterized the growing protests against CISPA as 'turbulence' and vowed to push for a floor vote without radical changes."
Kendall Burman of the Center for Democracy and Technology states, "The authors of CISPA have made some positive changes recently. Unfortunately, none of the changes gets to the heart of the privacy concerns that Internet users and advocacy groups have expressed."
In April 2012, the Office of Management and Budget of the Executive Office of the President of the United States released a statement strongly opposing the current bill and recommending to veto it.
On April 26, 2012, the House of Representatives passed CISPA.
On February 13, 2013, United States Representative Mike Rogers reintroduced the CISPA bill in the 113th Congress as H.R. 624.
On April 18, 2013, the House of Representatives passed H.R. 624. The Senate has reportedly refused to vote on the measure and is drafting competing legislation.
On July 10, 2014 a similar bill, the Cybersecurity Information Sharing Act, was introduced in the Senate.

House voting counts



A full list can be seen at the site.


A full list can be seen at the site.

Supporters

CISPA is supported by several trade groups containing more than eight hundred private companies, including the Business Software Alliance, CTIA – The Wireless Association, Information Technology Industry Council, Internet Security Alliance, National Cable & Telecommunications Association, National Defense Industrial Association, TechAmerica and United States Chamber of Commerce, in addition to individual major telecommunications and information technology companies like AT&T, IBM, Intel, Oracle Corporation, Symantec, and Verizon. Google has not taken a public position on the bill but has shown previous support for it, and now says they support the idea but believe the bill needs some work. Leading Google, Yahoo, and Microsoft executives are also on the executive council of TechNet, a tech trade group which sent a letter supporting CISPA in April 2013.

Opposition

Dubbed the "Stop Cyber Spying Week", starting on April 16, 2012, many civil liberties groups and advocates raised the awareness of CISPA including, but not limited to, the Constitution Project, American Civil Liberties Union, Electronic Frontier Foundation, Center for Democracy and Technology, Demand Progress, Fight for the Future, Free Press, Reporters Without Borders, Sunlight Foundation, and TechFreedom.

Blackout day

, a hacktivist group, has criticized the bill and called for an "Internet blackout day" to protest the bill. The date of the blackout was April 22, 2013.

Prior attempts for U.S. cybersecurity bills

Since legislation must pass the House and the Senate within the same Congress, anything introduced during the 112th or earlier Congresses has to pass both chambers again.

Senate