Summary

4/18/2013--Passed House amended. Cyber Intelligence Sharing and Protection Act - (Sec. 2) Directs the federal government to conduct cybersecurity activities to provide shared situational awareness enabling integrated operational... Read More

Status

This bill was introduced in a previous session of Congress and was passed by the House on Apr 18, 2013 but was never passed by the Senate.

Bill Text

A BILL

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Cyber Intelligence Sharing and Protection Act''.

SEC. 2. CYBER THREAT INTELLIGENCE AND INFORMATION SHARING.

(a) In General.--Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.) is amended by adding at the end the following new section:

``cyber threat intelligence and information sharing

``Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat Intelligence With Private Sector and Utilities.-- ``(1) In general.--The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and utilities and to encourage the sharing of such intelligence. ``(2) Sharing and use of classified intelligence.--The procedures established under paragraph (1) shall provide that classified cyber threat intelligence may only be-- ``(A) shared by an element of the intelligence community with-- ``(i) a certified entity; or ``(ii) a person with an appropriate security clearance to receive such cyber threat intelligence; ``(B) shared consistent with the need to protect the national security of the United States; and ``(C) used by a certified entity in a manner which protects such cyber threat intelligence from unauthorized disclosure. ``(3) Security clearance approvals.--The Director of National Intelligence shall issue guidelines providing...

Read Full Text

Sentiment Map

Select:

Nation

59 Supporting
1995 Opposing
3% 97%

State: CA

3 Supporting
128 Opposing
2% 98%

District: 1st

0 Supporting
2 Opposing
0% 100%

Popularity Trend

Organizations Supporting

?April 17, 2013 TO THE MEMBERS OF THE U.S. HOUSE OF REPRESENTATIVES: The U.S. Chamber of Commerce, the world’s largest business federation representing the interests of more than three million businesses and organizations of every size, sector, and region, as well as state and local chambers and industry associations, and dedicated to promoting, protecting, and defending America’s free enterprise system, strongly supports H.R. 624, the “Cyber Intelligence Sharing and Protection Act” (CISPA), and opposes any amendments that would weaken this important legislation. The bill would take an important step towards strengthening America’s security by removing legal hurdles that currently prevent the private sector and government from rapidly sharing cyber threat information. The Chamber has consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. H.R. 624 supports existing information-sharing and analysis organizations, and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These programs and exercises offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector cyber risk profile while protecting privacy and civil liberties. In addition, H.R. 624 would provide needed legal certainty that threat and vulnerability information voluntarily shared with the government would be granted safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation would also provide an exemption from antitrust laws, to facilitate greater exchange of information among private entities in order to help prevent, investigate, and mitigate threats to cybersecurity. H.R. 624, sponsored by Reps. Mike Rogers and C.A. Dutch Ruppersberger, was reported out of the House Permanent Select Intelligence Committee last week by a vote of 18 to 2. Business leaders have made passing a smart and effective information-sharing bill a top legislative priority because they believe it is the best tool available to help the United States detect and respond to highly sophisticated digital attacks. If an information-sharing bill is to truly strengthen America’s cybersecurity, the technical aspects—the so-called ones and zeros—of a cyber attack must be disclosed in real time. ?The Chamber opposes an amendment by Rep. Conyers, Schakowsky, Jackson Lee, Johnson, and Holt that would impair this bill. As currently drafted, the amendment would weaken a core purpose of H.R. 624 by excluding “decisions made for cybersecurity purposes” from the liability exemption section of the bill. The Chamber applauds the House for passing on Tuesday three information- security measures. Two bills—H.R. 756 and H.R. 967—would improve national efforts devoted to cybersecurity research and development. The third, H.R. 1163, would update the Federal Information Security Management Act of 2002 (FISMA), enabling the government to proactively counter risks based on continuous monitoring of civilian government networks and system activity. Our organization is disappointed that the administration has threatened to veto H.R. 624. The legislation is a work in progress. Reps. Rogers and Ruppersberger and their staffs have done an extraordinary job engaging a variety of stakeholders—including the White House and privacy groups—to craft a bill that would increase America’s security and protect individuals’ civil liberties. The lawmakers have negotiated nearly 20 privacy- enhancing changes to H.R. 624 since it was first introduced in 2011, and more are expected to be considered on the House floor. At a time when the Administration is seeking industry support for developing and implementing the cybersecurity framework provided by the recently released Executive Order on cybersecurity, the Chamber believes passage H.R. 624 would put wind behind the sails of the presidential order. The Chamber supports H.R. 624 and opposes weakening amendments. The Chamber may include votes on, or in relation to, H.R. 624 in our annual How They Voted scorecard. (Letter provided to POPVOX by Congressional office.)

Share

February 13, 2013 Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security. This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties. In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity. We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward. Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue. (Letter provided to POPVOX by a Congressional office.)

Share

February 13, 2013 Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security. This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties. In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity. We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward. Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue. (Letter provided to POPVOX by a Congressional office.)

Share

February 13, 2013 Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security. This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties. In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity. We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward. Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue. (Letter provided to POPVOX by a Congressional office.)

Share

February 13, 2013 Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security. This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties. In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity. We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward. Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue. (Letter provided to POPVOX by a Congressional office.)

Share

February 13, 2013 Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security. This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks. The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties. In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity. We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward. Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue. (Letter provided to POPVOX by a Congressional office.)

Share
Show More Positions

Organizations Opposing

The federal government is once again infringing on your civil liberties. A bipartisan group of congressmen are considering CISPA legislation, which allows the NSA and military to keep tabs on your personal internet records. In the name of “cyber security,” CISPA allows and encourages private companies to share personal user data with governmental entities and military organizations. At best, this legislation is a huge invasion of privacy. At worst, it creates yet another back-door, Orwellian surveillance program. If the freedom movement does not take a principled stand against this harmful legislation, private companies will have increased authority to monitor your online activity and share this sensitive material with the federal government – all without a warrant. And unsurprisingly, the government will not be held to any standards of transparency or oversight: all data collected by the government will be exempt from the Freedom of Information Act. https://secure.freedomworks.org/site/Advocacy?cmd=display&page=UserAction&id=793

Share
FreedomWorks 2 years ago

March 11, 2013 Dear Representative: We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity. CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity. Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so. We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems. (Letter provided to POPVOX by Congressional office.)

Share

March 11, 2013 Dear Representative: We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity. CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity. Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so. We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems. (Letter provided to POPVOX by Congressional office.)

Share

March 11, 2013 Dear Representative: We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity. CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity. Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so. We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems. (Letter provided to POPVOX by Congressional office.)

Share

March 11, 2013 Dear Representative: We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity. CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity. Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so. We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems. (Letter provided to POPVOX by Congressional office.)

Share

March 11, 2013 Dear Representative: We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity. CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity. Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so. We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems. (Letter provided to POPVOX by Congressional office.)

Share
Show More Positions

Users Supporting

I support CISPA (Cyber Intelligence Sharing and Protection Act) because as a web host I constantly face and must guard against hackers attempting to access my servers. I need government to spend some money developing open source means to protect the internet.

Share
FL
6
PaulKruger
FL-6
8 months ago

I support H.R. 624: Cyber Intelligence Sharing and Protection Act because... Though I shudder at the saying "since privacy is dead we should give the body away too", I know we are under attack daily. Please make sure we don't give away anymore of our precious privacy with this bill. Not all who hold the reins of power will be honorable. Thank you for your service

Share
LA
4
oldduffer
LA-4
2 years ago

I support H.R. 624: Cyber Intelligence Sharing and Protection Act because I believe that the NSA and other agencies need broad access to information leading to threats to national security. They need access to information. Realistically, agregate data collected by federal agencies is not a realistic threat to my personal privacy. The motives against this bill are ridiculus things, like "I don't want the government to know about my porn access." When you trade the government knowing what web sites I use, compared to my home being safe from threats, I would choose safety every time.

Share
MI
1
macetw
MI-1
2 years ago

Users Opposing

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because... it violates the 4th amendment. It is government spying on its own citizens.

Share
FL
4
KyleLansford
FL-4
8 months ago

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because we have fought this bill, and every iteration that came before it (SOPA, PIPA, CISPA) that threatens freedom on the internet. Please stop trying. We won't give up.

Share
AR
2
Kysimir
AR-2
8 months ago

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because...I want government to protect me from foreign enemies & stop being a domestic enemy spy.

Share
IN
8
sherry333
IN-8
8 months ago

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because it's just another law designed as a whole to control the way people use the internet. And for the NSA to spy on it's own people, I presume.

Share
PA
5
Necrotyrannus
PA-5
8 months ago

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because...Just another bill to let the NSA and Dept of Homeland 'security' run wild and rampant over even more of Americans freedoms. Government once again insinuating itself into an area that they have no Constitutional power to do. And in the end, if this is passed - Congress will tax us to do it.

Share
OH
1
wardmama4
OH-1
8 months ago

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because... I, like the EFF, am gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.

Share
FL
14
Richard_Sullivan
FL-14
8 months ago

Bill Summary

4/18/2013--Passed House amended. Cyber Intelligence Sharing and Protection Act - (Sec. 2) Directs the federal government to conduct cybersecurity activities to provide shared situational awareness enabling integrated operational actions to protect, prevent, mitigate, respond to, and recover from cyber incidents. Defines "shared situational awareness" as an environment where cyber threat information is shared in real time between all designated federal cyber operations centers to provide actionable information about all known cyber threats. Directs the President, with respect to information shared by a cybersecurity provider (a non-federal entity that provides goods or services intended to be used for cybersecurity purposes) or self-protected entity (an entity that provides goods or services for cybersecurity purposes to itself), to designate: (1) an entity within the Department of Homeland Security (DHS) as the civilian federal entity to receive cyber threat information under prescribed procedures and subject to specified exceptions, and (2) an entity within the Department of Justice (DOJ) as the civilian federal entity to receive information related to cybersecurity crimes. Requires federal agencies receiving shared cyber threat information to establish procedures to: (1) ensure that specified information is also shared in real time with appropriate federal agencies with a national security mission; (2) ensure real-time information distribution to other federal agencies; and (3) facilitate information sharing, interaction, and collaboration among and between federal, state, local, tribal, and territorial governments, cybersecurity providers, and self-protected entities. Directs the DHS, Attorney General, Director of National Intelligence (DNI), and Department of Defense (DOD) to jointly establish and periodically review policies and procedures governing the receipt, retention, use, and disclosure of non-publicly available cyber threat information shared with the federal government. Requires such procedures, consistent with the need to protect against and mitigate cyber threats in a timely manner, to: (1) minimize the impact on privacy and civil liberties; (2) reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is unnecessary to protect against or mitigate cyber threats in a timely manner; (3) include requirements to safeguard non-publicly available cyber threat information that may be used to identify specific persons from unauthorized access or acquisition; (4) protect the confidentiality of cyber threat information associated with specific persons; and (5) not delay or impede the flow of cyber threat information necessary to defend against or mitigate a cyber threat. Instructs: (1) the DHS, Attorney General, DNI, and DOD to submit such procedures to Congress and establish a program to monitor and oversee the compliance of federal agencies; and (2) federal agencies to implement such procedures and notify such officials and Congress of any significant violations. Prohibits such procedures from being construed to prohibit any federal agency from engaging in technical discussions regarding cyber threat information with a cybersecurity provider or self-protected entity or from providing technical assistance to address vulnerabilities or mitigate threats at their request. Requires any such activity to be coordinated with DHS and other agencies. Directs the President's designated DHS entity to share with all appropriate federal agencies all significant information resulting from: (1) technical discussions with a cybersecurity provider or self-protected entity about cyber threat information, or (2) any technical assistance it provides to such cybersecurity provider or such self-protected entity to address vulnerabilities or mitigate threats. Directs the DHS Inspector General to submit annually to Congress a review of the use of such information shared with the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns. Requires the DHS Officer for Civil Rights and Civil Liberties to submit to Congress an annual report assessing the privacy and civil liberties impact of the federal government's cyber threat information sharing activities. (Sec. 3) Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. Defines "cyber threat intelligence" as intelligence in the possession of an element of the intelligence community directly pertaining to: (1) a vulnerability of a system or network of a government or private entity or utility; (2) a threat to the integrity, confidentiality, or availability of such a system or network or any information stored on, processed on, or transiting such a system or network; (3) efforts to deny access to or degrade, disrupt, or destroy such a system or network; or (4) efforts to gain unauthorized access to such a system or network, including for the purpose of exfiltrating information. Excludes intelligence pertaining to efforts to gain unauthorized access to such a system or network that solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access. Requires the DNI to: (1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and utilities, and (2) encourage the sharing of such intelligence. Requires the procedures established to ensure that such intelligence is only: (1) shared with certified entities or a person with an appropriate security clearance; (2) shared consistent with the need to protect U.S. national security; (3) used in a manner that protects such intelligence from unauthorized disclosure; and (4) used, retained, or further disclosed by a certified entity for cybersecurity purposes. Provides guidelines for the granting of security clearance approvals to certified entities or officers, employees, or independent contractors of such entities. Prohibits a certified entity receiving such intelligence from further disclosing the information to any entity other than another certified entity or a federal agency authorized to receive such intelligence. Authorizes a cybersecurity provider, with the express consent of a protected entity (an entity that contracts with a cybersecurity provider), to: (1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and (2) share cyber threat information with any other entity designated by the protected entity, including, if specifically designated, the DHS and DOJ entities designated by the President. Provides cybersecurity system use and threat information sharing authority to self-protected entities. Sets forth requirements with respect to the use and protection of shared information, including anonymization or minimization of such information and prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure and prohibits the use of such information for regulatory purposes. Specifies that a non-federal recipient may only use such information for a cybersecurity purpose. Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity, or a cybersecurity provider acting in good faith under the above circumstances. Prohibits such shared information requirements from being construed to provide new authority to: (1) a cybersecurity provider to use a cybersecurity system to identify or obtain cyber threat information from a system or network other than a system or network owned or operated by a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, or (2) a self-protected entity to use a cybersecurity system to identify or obtain cyber threat information from a system or network other than a system or network owned or operated by such self-protected entity. Allows the federal government to use shared cyber threat information for: (1) cybersecurity purposes to ensure the integrity, confidentiality, availability, or safeguarding of a system or network; (2) the investigation of cybersecurity crimes; or (3) the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers (including the protection of minors from child pornography, sexual exploitation, kidnapping, and trafficking). Prohibits the federal government from affirmatively searching such information for any other purpose. Prohibits the federal government from using certain personally identifiable information shared from sensitive personal documents such as library records, firearms sales records, educational records, tax returns, and medical records. Requires a federal agency receiving information that is not cyber threat information to so notify the entity or provider of such information. Prohibits federal agencies from retaining shared information for any unauthorized use. Outlines federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information. Preempts any state statute that restricts or otherwise regulates specified activity authorized by this Act. States that nothing in this section shall be construed to: (1) provide additional authority to, or modify existing authority of, any element of the intelligence community to control or direct the cybersecurity efforts of a private-sector entity or a component of the federal government or a state, local, or tribal government; (2) limit or affect existing information sharing relationships of the federal government; (3) preclude the federal government from requiring an entity to report significant cyber incidents under another provision of law; or (4) provide additional authority to, or modify existing authority of, any entity to use a cybersecurity system owned or controlled by the federal government on a private-sector system or network to protect the latter system or network. Prohibits this section from being construed to authorize the DOD, National Security Agency (NSA), or any other intelligence community element to target a U.S. person for surveillance. (Sec. 4) Repeals amendments made by this Act five years after enactment of this Act. (Sec. 5) Expresses the sense of Congress that international cooperation with regard to cybersecurity should be encouraged wherever possible. (Sec. 6) Prohibits this Act from being construed to provide new or alter any existing authority for an entity to sell personal information of a consumer to another entity for marketing purposes. (Sec. 7) Prohibits this Act from being construed to authorize a federal agency to require a federally contracted cybersecurity provider to provide information about cybersecurity incidents that do not pose a threat to the federal government's information.

H.R. 623The Alaska Native Tribal Health Consortium Land Transfer Act' H.R. 625The Sports Gaming Opportunity Act