The Cybersecurity Information Sharing Act (CISA 13th Congress 14th Congress is a

United States federal law The law of the United States comprises many levels of codified and uncodified forms of law, of which the most important is the nation's Constitution, which prescribes the foundation of the federal government of the United States, as well as ...

designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, and passed in the Senate October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the

NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collec ...

and local police. The text of the bill was incorporated by amendment into a consolidated spending bill in the U.S. House on December 15, 2015, which was signed into law by President

Barack Obama Barack Hussein Obama II ( ; born August 4, 1961) is an American politician who served as the 44th president of the United States from 2009 to 2017. A member of the Democratic Party (United States), Democratic Party, Obama was the first Af ...

on December 18, 2015.

History

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th Congress, and was able to pass the

Senate Intelligence Committee The United States Senate Select Committee on Intelligence (sometimes referred to as the Intelligence Committee or SSCI) is dedicated to overseeing the United States Intelligence Community—the agencies and bureaus of the federal government o ...

by a vote of 12-3. The bill did not reach a full senate vote before the end of the congressional session. The bill was reintroduced for the 114th Congress on March 12, 2015, and the bill passed the Senate Intelligence Committee by a vote of 14-1. Senate Majority Leader

Mitch McConnell Addison Mitchell McConnell III (born February 20, 1942) is an American politician and retired attorney serving as the senior United States senator from Kentucky and the Senate minority leader since 2021. Currently in his seventh term, McCon ...

, (R-Ky) attempted to attach the bill as an amendment to the annual National Defense Authorization Act, but was blocked 56-40, not reaching the necessary 60 votes to include the amendment. Mitch McConnell hoped to bring the bill to senate-wide vote during the week of August 3–7, but was unable to take up the bill before the summer recess. The Senate tentatively agreed to limit debate to 21 particular amendments and a manager's amendment, but did not set time limits on debate. In October 2015, the US Senate took the bill back up following legislation concerning

sanctuary cities Sanctuary city (; ) refers to municipal jurisdictions, typically in North America, that limit their cooperation with the national government's effort to enforce immigration law. Leaders of sanctuary cities say they want to reduce fear of deport ...

Provisions

The main provisions of the bill make it easier for companies to share personal information with the government, especially in cases of cyber security threats. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. With respect to privacy, the bill includes provisions for preventing the sharing of personal data that is irrelevant to cyber security. Any personal information that does not get removed during the sharing procedure can be used in a variety of ways. These shared cyber threat indicators can be used to prosecute cyber crimes, but may also be used as evidence for crimes involving physical force.

Positions

Indemnification

Sharing National Intelligence threat data among public and private partners is a hard problem, and one that many care about. The National Intelligence Threat Sharing (NITS) project is intended as an innovative solution to this hard problem. Altogether NITS is both innovative and useful. But first, to ensure that NITS is trustworthy, private partners must be indemnified. Indemnification takes an act of Congress, literally. The underlying impediment to more fulsome cooperation among buyers, sellers, and peers within a supply chain is indemnification. Indemnification is needed to secure industry partners against legal responsibility for their actions. Unfortunately, Congressional refusal to offer indemnification remains an impediment to real collaboration. At least qualified immunity should be accorded. This is immunity of individuals performing tasks as part of the government's actions.

Businesses and trade groups

The CISA has received some support from advocacy groups, including the United States Chamber of Commerce, the National Cable & Telecommunications Association, and the Financial Services Roundtable. A number of business groups have also opposed the bill, including the

Computer & Communications Industry Association The Computer and Communications Industry Association (CCIA) is an international non-profit advocacy organization based in Washington, DC, United States which represents the information and communications technology industries. According to their ...

, as well as individual companies such as

Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...

Yelp Yelp Inc. is an American company that develops the Yelp.com website and the Yelp mobile app, which publish crowd-sourced reviews about businesses. It also operates Yelp Guest Manager, a table reservation service. It is headquartered in San F ...

Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ancest ...

, and

Reddit Reddit (; stylized in all lowercase as reddit) is an American social news aggregation, content rating, and discussion website. Registered users (commonly referred to as "Redditors") submit content to the site such as links, text posts, imag ...

BSA (The Software Alliance) The Software Alliance, also known as BSA, is a trade group established by Microsoft in 1988 to represent commercial software makers. It is a member of the International Intellectual Property Alliance. Its principal activity is trying to stop copyr ...

appeared initially supportive of CISA, sending a letter on July 21, 2015 urging the senate to bring the bill up for debate. On September 14, 2015, the BSA published a letter of support for amongst other things cyber threat information sharing legislation addressed to Congress, signed by board members

Adobe Adobe ( ; ) is a building material made from earth and organic materials. is Spanish for '' mudbrick''. In some English-speaking regions of Spanish heritage, such as the Southwestern United States, the term is used to refer to any kind of ...

, Apple Inc., Altium, Autodesk, CA Technologies,

DataStax DataStax, Inc. is a real-time data company based in Santa Clara, California. Its product Astra DB is a cloud database-as-a-service based on Apache Cassandra. DataStax also offers DataStax Enterprise (DSE), an on-premises database built on Apache ...

, IBM,

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...

, Minitab,

Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The word ...

Salesforce.com Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides customer relationship management (CRM) software and applications focused on sales, customer service, marketing automation, a ...

Siemens Siemens AG ( ) is a German multinational conglomerate corporation and the largest industrial manufacturing company in Europe headquartered in Munich with branch offices abroad. The principal divisions of the corporation are ''Industry'', ''E ...

, and

Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...

. This prompted the digital rights advocacy group Fight for the Future to organize a protest against CISA. Following this opposition campaign, BSA stated that its letter expressed support for cyber threat sharing legislation in general, but did not endorse CISA, or any pending cyber threat sharing bill in particular. BSA later stated that it is opposed to CISA in its current form. The

, another major trade group including members such as

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

, Amazon.com, Cloudflare,

Netflix Netflix, Inc. is an American subscription video on-demand over-the-top streaming service and production company based in Los Gatos, California. Founded in 1997 by Reed Hastings and Marc Randolph in Scotts Valley, California, it offers a ...

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...

Red Hat Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide. Red Hat has become a ...

, and

Yahoo! Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo Inc., which is 90% owned by investment funds managed by Apollo Global Mana ...

, also announced its opposition to the bill.

Government officials

Proponents of CISA include the bill's main cosponsors, senators

Dianne Feinstein Dianne Goldman Berman Feinstein ( ; born Dianne Emiel Goldman; June 22, 1933) is an American politician who serves as the senior United States senator from California, a seat she has held since 1992. A member of the Democratic Party, she wa ...

(D-CA) and Richard Burr (R-NC). Some senators have announced opposition to CISA, including

Ron Wyden Ronald Lee Wyden (; born May 3, 1949) is an American politician and retired educator serving as the senior United States senator from Oregon, a seat he has held since 1996. A member of the Democratic Party, he served in the United States Hou ...

(D-OR),

Rand Paul Randal Howard Paul (born January 7, 1963) is an American physician and politician serving as the Seniority in the United States Senate, junior United States Senate, U.S. senator from Kentucky since 2011. A member of the Republican Party (Un ...

(R-KY), and

Bernie Sanders Bernard Sanders (born September8, 1941) is an American politician who has served as the junior United States senator from Vermont since 2007. He was the U.S. representative for the state's at-large congressional district from 1991 to 20 ...

(I-VT). Senator Ron Wyden (D-OR) has objected to the bill based on a classified legal opinion from the

Justice Department A justice ministry, ministry of justice, or department of justice is a ministry or other government agency in charge of the administration of justice. The ministry or department is often headed by a minister of justice (minister for justice in a ...

written during the early George W Bush Administration. The

Obama administration Barack Obama's tenure as the 44th president of the United States began with his first inauguration on January 20, 2009, and ended on January 20, 2017. A Democrat from Illinois, Obama took office following a decisive victory over Republican ...

states that it does not rely on the legal justification laid out in the memo. Wyden has made repeated requests to the US Attorney General to declassify the memo, dating at least as far back as when a 2010 Office of Inspector General report cited the memo as a legal justification for the FBI's warrantless wire-tapping program. On August 4, 2015, White House spokesman

Eric Schultz Eric Schultz (born 1980) is an American political advisor who served as Deputy White House Press Secretary in the Obama Administration from 2014 to 2017. Recognized by '' Politico'' as the strategist "White House officials turn to in a crisis to ...

endorsed the legislation, calling for the senate to "take up this bill as soon as possible and pass it". The

United States Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-ter ...

initially supported the bill, with Jeh Johnson, the secretary of the DHS, calling for the bill to move forward on September 15. However, in an August 3 letter to senator Al Franken (D-MN), the deputy secretary of the DHS,

Alejandro Mayorkas Alejandro Nicholas Mayorkas (born November 24, 1959) is a Cuban-American government official and attorney who has been serving as the seventh United States Secretary of Homeland Security since February 2, 2021. During the Obama administration, h ...

, expressed a desire to have all connections be brokered by the DHS, given the Department's charter to protect the executive branch networks. In the letter, the DHS found issue with the direct sharing of information with all government agencies, advocating instead that the DHS be the sole recipient of cyberthreat information, allowing it to scrub out private information. In addition, the Department of Homeland Security has published a Privacy Impact Assessment detailing its internal review of the proposed system for handling incoming indicators from Industry.

Civil liberties groups

Privacy advocates opposed a version of the Cybersecurity Information Sharing Act, passed by the Senate in October 2015, that left intact portions of the law they said made it more amenable to surveillance than actual security while quietly stripping out several of its remaining privacy protections. CISA has been criticized by advocates of Internet privacy and

civil liberties Civil liberties are guarantees and freedoms that governments commit not to abridge, either by constitution, legislation, or judicial interpretation, without due process. Though the scope of the term differs between countries, civil liberties ma ...

, such as the

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...

and the

American Civil Liberties Union The American Civil Liberties Union (ACLU) is a nonprofit organization founded in 1920 "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States". T ...

. It has been compared to the criticized

Cyber Intelligence Sharing and Protection Act The Cyber Intelligence Sharing and Protection Act (CISPA (112th Congress), (113th Congress), (114th Congress)) was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. gover ...

proposals of 2012 and 2013, which passed the United States House of Representatives, but did not pass the Senate.

Similar laws in different countries

United Kingdom government policy: cyber securityThe Scottish Government Information Sharing

References

{{reflist, colwidth=30em

External links

S.2588 - Cybersecurity Information Sharing Act of 2014
Congress.gov, Library of Congress.
"Cybersecurity Information Sharing Act will help protect us"
Dianne Feinstein, ''San Jose Mercury News'', July 21, 2014.
Forbes: Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee
Gregory S. McNeal, July 9, 2014.
Center for Democracy and Technology: Analysis of Cybersecurity Information Sharing Act
Gregory T. Nojeim and Jake Laperruque, July 8, 2014.
- CISA Security Bill Passes Senate With Privacy Flaws Unfixed
ANDY GREENBERG AND YAEL GRAUER Oct 27, 2015

2010 to 2015 government policy: cyber security Computer security Copyright enforcement Internet law in the United States Proposed legislation of the 113th United States Congress Internet censorship

History

Provisions

Positions

Indemnification

Businesses and trade groups

Government officials

Civil liberties groups

Similar laws in different countries

See also

References

External links