User:HistoricMN44/oldcispainfo

The Cyber Intelligence Sharing and Protection Act (2013) (H.R. 624), also known as CISPA, is a proposed law in the United States that would allow different bureaucracies in the United States federal government to share information about cybersecurity and cyber threats with various Internet Service Providers, cybersecurity providers, and other technology entities. These organizations would also be able to share information freely with the federal government.

was a bill introduced into the United States House of Representatives in the 113th United States Congress, which began on January 3rd, 2013 and is scheduled to end on January 3rd, 2015. The Cyber Intelligence Sharing and Protection Act (2011) was also introduced as a piece of legislation, H.R. 3523, in the 112th United States Congress. Although that version of the bill passed the House in 2012, it never passed the United States Senate, and thus never became law. Because a new Congress is in session, the new version of the bill, H.R. 624, will need to go through the entire process of committee mark-up, House votes, and referral to the Senate again before it ever becomes law.

Background
H.R. 624, introduced into the 113th Congress, is the second version of a bill named CISPA. The first version was introduced in the 112th Congress where it passed the House, but failed to gain traction in the Senate and died when the new Congress began.

Introduction
H.R. 624 was introduced into the House of Representatives of the 113th Congress on February 13th, 2013 by Rep. Mike Rogers (R-MI) and his original co-sponsor Rep. Dutch Ruppersberger (D-MD). These two men also sponsored H.R. 3523, the version of CISPA from the 112th Congress. Rep. Rogers is the Chairman of the United States House Permanent Select Committee on Intelligence. Rep. Ruppersberger is the ranking member (senior Democrat) of that committee.

Committee
When it was introduced on February 13, 2013, H.R. 624 was referred to United States House Permanent Select Committee on Intelligence.

Post-committee history
As of March 31, 2013, H.R. 624 had not been referred out of committee. No votes had been made on the bill.

General
H.R. 624 amends Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.) by adding a new section: "Section 1104: Cyber threat intelligence and information sharing".

Official congressional summary
This official summary is available directly from the United States Congress:

Cyber Intelligence Sharing and Protection Act - Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. Defines "cyber threat intelligence" as intelligence in the possession of an element of the intelligence community directly pertaining to: (1) a vulnerability of a system or network of a government or private entity; (2) a threat to the integrity, confidentiality, or availability of such a system or network or any information stored on, processed on, or transiting such a system or network; (3) efforts to deny access to or degrade, disrupt, or destroy such a system or network; or (4) efforts to gain unauthorized access to such a system or network, including for the purpose of exfiltrating information. Excludes intelligence pertaining to efforts to gain unauthorized access to such a system or network that solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access.

Requires the Director of National Intelligence (DNI) to: (1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and utilities, and (2) encourage the sharing of such intelligence.

Requires the procedures established to ensure that such intelligence is only: (1) shared with certified entities or a person with an appropriate security clearance, (2) shared consistent with the need to protect U.S. national security, and (3) used in a manner that protects such intelligence from unauthorized disclosure. Provides for guidelines for the granting of security clearance approvals to certified entities or officers or employees of such entities. Prohibits a certified entity receiving such intelligence from further disclosing the information to any entity other than another certified entity or a federal agency authorized to receive such intelligence.

Authorizes a cybersecurity provider (a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes), with the express consent of a protected entity (an entity that contracts with a cybersecurity provider), to: (1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and (2) share cyber threat information with any other entity designated by the protected entity, including the federal government. Provides similar cybersecurity system use and threat information sharing authority to self-protected entities (an entity that provides goods or services for cybersecurity purposes to itself).

Requires the head of a federal agency receiving cyber threat information to provide such information to the National Cybersecurity and Communications Integration Center of the Department of Homeland Security (DHS), and allows such agency head to request the Center to provide such information to another federal agency. Sets forth requirements with respect to the use and protection of shared information, including prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure. Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity, or a cybersecurity provider acting in good faith under the above circumstances.

Allows the federal government to use shared cyber threat information: (1) for cybersecurity purposes to ensure the integrity, confidentiality, availability, or safeguarding of a system or network; (2) for the investigation of cybersecurity crimes; (3) for the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers (including the protection of minors from child pornography, sexual exploitation, kidnapping, and trafficking); or (4) to protect U.S. national security. Prohibits the federal government from affirmatively searching such information for any other purpose.

Provides for the protection of sensitive personal documents such as library records, firearms sales records, educational records, tax returns, and medical records. Requires a federal agency receiving information that is not cyber threat information to so notify the entity or provider of such information. Prohibits federal agencies from retaining shared information for any unauthorized use. Outlines federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information.

Section 1
Section 1 ("Short title") of H.R. 624 gives the "short title" of the bill, namely the Cyber Intelligence Sharing and Protection Act." The full long title of the bill is "a bill to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes."

Section 2
Section 2 ("Cyber threat intelligence and information sharing") contains four subsections: a, b, c, and d.

Section 2, subsection a
Section 2 subsection a [henceforth "Section 2(a)"] contains the bulk of the bill. Section 2(a) provides the proposed text of the material the bill would insert into the National Security Act of 1947. This material would become Section 1104 "Cyber threat intelligence and information sharing". Section 1104 contains its own subsections a-h.

Section 1104(a) - "Intelligence community sharing of cyber threat intelligence with private sector and utilities"

Section 1104(b) - "Use of cybersecurity systems and sharing of cyber threat information"

Section 1104(c) - "Federal government use of information"

Section 1104(d) - "Federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information"

Section 1104(e) - "Report on information sharing"

Section 1104(f) - "Federal preemption"

Section 1104(g) - "Savings clauses"

Section 1104(h) - "Definitions"

Section 2, subsection b
Section 2(b) "Procedures and guidelines" gives instructions to the Director of National Intelligence about how to establish the rules, policies, and procedures that the federal government will use to apply this act. He or she is given 60 days to accomplish this.

Section 2, subsection c
Section 2(c) "Initial report" refers to a report required by the proposed text being added to the National Security Act of 1947 [in section 1104(e)] and states that the first copy of this newly required report must be submitted no later than a year from the date of enactment of H.R. 624.

Section 2, subsection d
Section 2(d) "Table of contents amendment" alters the table of contents of the National Security Act of 1947 to add the new section (1104) to the list of sections.

Section 3
Section 3 ("Sunset") of H.R. 624 states that five years after the date of the enactment of H.R. 624, the amendments made to the National Security Act of 1947 will expire. Since the nearly the entire text of the H.R. 624 is devoted to adding a new section on cyber security to the National Security Act of 1947, this effectively means that all provisions of H.R. 624 will expire in five years.

Section 3 is the final section of H.R. 624.

Organizations supporting H.R. 624
The following organizations have publicly stated their support for H.R. 624:


 * AT&T
 * United States Chamber of Commerce
 * Verizon Wireless
 * Intel
 * IBM
 * Comcast

General criticism
Broadly speaking, civil liberties groups and privacy advocates are opposed to the bill.

Privacy concerns
One of the primary criticisms leveled at H.R. 624 is that it fails to adequately protect the privacy of individuals, and in fact, significantly undermines previous legal privacy protections. The proposed legislation found in Section 1104(b)(1) states that "notwithstanding any other provisions of law" a cybersecurity provider or a self-protected entity may "share such cyber threat information with any other entity, including the Federal Government." Any information shared with one department of the federal government can be shared with other departments, subject to some restrictions. Section 1104(b)(4) then exempts the organizations sharing information with the government from any civil or criminal prosecution for sharing the information. This provision would prevent wronged internet users from taking legal action when their privacy is violated.

Organizations opposed to H.R. 624
The following organizations have publicly stated their opposition to H.R. 624:


 * American Library Association
 * American Civil Liberties Union (ACLU)
 * Electronic Frontier Foundation
 * Reporters Without Borders

Presidential position
President Barack Obama threatened to veto the first version of CISPA that was introduced into the 112th Congress. At the time, President Obama's Administration indicated that they preferred an alternate piece of legislation on cyber security, one that was backed by Congressional Democrats. Regarding the 2013 version of CISPA, however, the President's position may shift. In early February 2013, Representative Ruppersberger told reporters that he and the bill's other supporters were working hard to bring the Obama administration on-board with the new bill.

Internet activism over H.R. 624/CISPA

 * An internet domain name registrar called Namecheap held a promotion in March 2013 where it donated $1 to the Electronic Frontier Foundation, campaigning against CISPA, every time a Twitter user tweeted the Hashtag #CISPAalert. Representative Mike Rogers, the sponsor of CISPA, was apparently unaware of this and thus donated at least $4 to one of the organizations fighting against his bill.