I have received concerns from many of you about H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA) that passed the House of Representatives last week.
Our nation is under literally daily attack from cyber criminals. I have attended classified debriefings and the threat is real, widespread, and dangerous. Everyday, cyber terrorists throughout the world exploit the Internet to infiltrate business networks in order to obtain personal records, passwords, bank information, and intellectual property. They breach government databases to extract state secrets, and manipulate infrastructure, including electrical grids. Ensuring the cyber security of the United States is essential to the national security of the country, and CISPA was designed to accomplish this shared goal.
CISPA allows companies to voluntarily provide information related to threats against their networks. Previously, there has been uncertainty as to whether companies can legally share this information. CISPA clarifies this question and allows government agencies to disclose certain classified cyber security information with industry and grant security clearances to industry employees when necessary. Again, it is stressed this is voluntary. No company has to participate. CISPA gives the option to participate in a sharing of threat information and therefore a sharing in ways to thwart and combat the daily attacks. This distribution of information and knowledge will allow for greater coordination to combat threats, identify trends, and prepare for future attacks. This coordination is important because malicious activity against one company or government network tends to correspond with attacks on others. CISPA creates this cooperative environment without extending any new regulatory authority to federal agencies, and again, participation on the part of industry is strictly voluntary.
Many have raised concerns about how the information sharing aspects of CISPA affect privacy. As a former prosecutor and someone skeptical of an expanding size and scope of government, I understand the need to safeguard our constitutional rights, which is why many of us insisted on certain protections and safeguard in this bill. These amendments and safeguards include:
* Limiting government use of shared cyber threat information to:
1. Cyber security
2. Investigation and prosecution of cyber security crimes.
3. Protection of individuals from the danger of death or physical injury.
4. Protection of minors from physical or psychological harm.
5. Protection of the national security of the United States.
* Prohibiting the federal government from using library records, firearms sales records, and tax returns received from private companies under CISPA.
* Narrowing the definitions in the bill regarding what information may be identified, obtained, and shared.
* Sunset the provisions of the legislation after five years so Congress must review the effectiveness of the bill and affirmatively act in order to reauthorize CISPA.
Few if any pieces of legislation rise to the level of perfect. And it is very difficult to harmonize national security, which is the foremost responsibility of the federal government, and protect and defend privacy, which is guaranteed constitutionally.
If you are having any difficulty accessing the full body of the legislation, please click HERE. Summaries of legislation, while helpful, necessarily have to leave something out or else they would not be summaries. On the whole, given the voluntary nature of the law, given the daily threat from foreign countries and companies that seek to steal information, and given the personal privacy protections as well as the limiting language of the sunset provisions, I voted in support of the bill.
I appreciate hearing from you on issues and I encourage you to continue contacting me. Please do not hesitate to call my office at 202-225-6030 if I can ever be of service to you, or you want to know about an issue or vote.