Cybersecurity Information Sharing Act

See also: Cyber Intelligence Sharing and Protection Act

Cybersecurity Information
Sharing Act of 2015

Long title	To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes
Acronyms (colloquial)	CISA
Legislative history
Introduced in the Senate as S. 2588 by Dianne Feinstein (D-CA) on July 10, 2014 Reintroduced in the Senate as S.754 by Richard Burr (R-NC) on March 17, 2015 Committee consideration by Senate Select Committee on Intelligence

The Cybersecurity Information Sharing Act (CISA S. 2588 (113th Congress), S. 754 (114th Congress)) is a proposed law to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes".^[1] The law would allow the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, but has not yet been considered or voted upon by the full Senate.

History

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th congress, and was able to pass the Senate Intelligence Committee by a vote of 12-3.^[2] The bill did not reach a full senate vote before the end of the congressional session.

The bill was reintroduced for the 114th congress on March 12, 2015, and the bill passed the Senate Intelligence Committee by a vote of 14-1.^[3] Senate Majority Leader Mitch McConnell, (R-Ky) attempted to attach the bill as an amendment to the annual National Defense Authorization Act, but was blocked 56-40, not reaching the necessary 60 votes to include the amendment.^[4][5] As of July 2015, Mitch McConnell has stated that he hopes to bring the bill to senate-wide vote during the week of August 3-7,^[6] but some have indicated other issues will prevent a CISA vote until after the summer recess.^[7]

Provisions

The main provisions of the bill make it easier for companies to share cyber threat information with the government. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. The bill also provides legal immunity from privacy and antitrust laws to the companies which provide such information.

With respect to privacy, the bill includes provisions for preventing the act of sharing data known to be both personally identifiable and irrelevant to cyber security. Any personal information which does not get removed during the sharing procedure can be used in a variety of ways. These shared cyber threat indicators can be used to prosecute cyber crimes, but may also be used as evidence for crimes involving physical force.^[8]

Debate

The CISA has received support from advocacy groups, including BSA (The Software Alliance),^[9] the United States Chamber of Commerce,^[10] the National Cable & Telecommunications Association, and the Financial Services Roundtable.^[8] On September 14, 2015, the BSA published a letter of support addressed to Congress, signed by board members Adobe, Apple Inc., Altium, Autodesk, CA Technologies, DataStax, IBM, Microsoft, Minitab, Oracle, Salesforce.com, Siemens, and Symantec.^[11] This prompted the digital rights advocacy group Fight for the Future to organize a protest against CISA.^[12]

CISA has been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation and the American Civil Liberties Union.^[13][14] It has been compared to the criticized Cyber Intelligence Sharing and Protection Act proposals of 2012 and 2013, which passed the U.S. House, but did not pass the Senate.

A critic of the legislation, Senator Ron Wyden (D-OR), has objected to the bill based on a classified legal opinion from the Justice Department written during the early George W Bush Administration. The Obama administration states that it does not rely on the legal justification laid out in the memo.^[15][16] Wyden has made repeated requests to the US Attorney General to declassify the memo,^[17] dating at least as far back as when a 2010 Office of Inspector General report cited the memo as a legal justification for the FBI's warantless wire-tapping program.^[18]

See also

• Anti-Counterfeiting Trade Agreement
• Chinese intelligence operations in the United States
• Communications Assistance for Law Enforcement Act
• Federal Information Security Management Act of 2002
• Freedom of information laws by country
• Intellectual Property Attache Act
• National Security Agency
• United States Department of Homeland Security

References

1. "Discussion Draft of the 'Cybersecurity Information Sharing Act of 2014' (S.2588)", 113th Congress, 2d Session, June 11, 2014.
2. Gregory S. McNeal (9 Jul 2014). "Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee". Forbes. Retrieved 31 Jul 2015.
3. Andy Greenberg (12 Mar 2015). "CISA Cybersecurity Bill Advances Despite Privacy Concerns". Wired. Retrieved 27 Jul 2015.
4. Charlie Mitchell (22 Jun 2015). "Senate vote falls short of approving defense act with CISA amendment". The Washington Examiner. Retrieved 28 Jul 2015.
5. Erin Kelly (11 Jun 2015). "Democrats block effort to attach cybersecurity legislation to defense bill". USA Today. Retrieved 28 Jul 2015.
6. Charlie Mitchell (20 Jul 2015). "Senate, once again, looks to bring back CISA". The Washington Examiner. Retrieved 27 Jul 2015.
7. Cory Bennett (29 Jul 2015). "Despite rumors, Senate cyber bill still stuck". The Hill. Retrieved 31 Jul 2015.
8. Andy Greenberg (20 Mar 2015). "CISA Security Bill: An F for Security But an A+ for Spying". Wired. Retrieved 31 Jul 2015.
9. Cory Bennett (July 21, 2015). "Software industry urges action on Senate cyber bill". The Hill. Retrieved July 27, 2015.
10. Dibya Sarkar (Mar 5, 2015). "Industry rep: Businesses get stronger liability protection for sharing cyber threat info under CISA". Fierce Homeland Security. Retrieved July 27, 2015.
11. "Congressional Leadership Data Agenda Letter" (PDF). BSA. September 14, 2015.
12. "Betrayed by Tech". Fight for the Future.
13. "A Zombie Bill Comes Back to Life: A Look at The Senate's Cybersecurity Information Sharing Act of 2014", Mark Jaycox, Electronic Frontier Foundation (EFF), June 29, 2014.
14. "Beware the Dangers of Congress’ Latest Cybersecurity Bill", Sandra Fulton, ACLU (Washington), June 27, 2014.
15. Dustin Volz (July 27, 2015). "What's Inside the Justice Department's Secret Cybersecurity Memo?". National Journal. Retrieved July 28, 2015.
16. Trevor Timm (June 13, 2015). "A government surveillance bill by any other name is just as dangerous". The Guardian. Retrieved July 28, 2015.
17. Mike Masnick (4 Feb 2015). "Senator Wyden Follows Up With Eric Holder On All Of The Requests The DOJ Has Totally Ignored". Tech Dirt. Retrieved July 31, 2015.
18. Marc Ambinder (February 1, 2010). "Obama's Secret Wiretap Memo". The Atlantic. Retrieved July 31, 2015.

External links

• S.2588 - Cybersecurity Information Sharing Act of 2014, Congress.gov, Library of Congress.
• "Cybersecurity Information Sharing Act will help protect us", Dianne Feinstein, San Jose Mercury News, July 21, 2014.
• Forbes: Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee, Gregory S. McNeal, July 9, 2014.
• Center for Democracy and Technology: Analysis of Cybersecurity Information Sharing Act, Gregory T. Nojeim and Jake Laperruque, July 8, 2014.