In the past decade, technology has advanced tremendously to the point where most individuals and companies use computers and the internet to conduct business and for personal purposes. This technology has enabled companies and individuals to function more efficiently; however, it has also opened the door to cyber attacks. Each and every day, the federal government and private companies are targeted by nation-state actors like China and Russia in order to steal Intellectual Property (IP), which results in economic espionage, and steal individuals' personal information, such as medical records, bank accounts, and social security numbers. It is estimated that economic espionage to the private sector costs up to $400 billion annually. As well, cyber attacks against the federal government aim to steal IP property related to national security and defense, which, if stolen, can leave every American vulnerable.
To address the growing threat of cyber attacks, Representative Mike Rogers of Michigan introduced H.R. 3523, CISPA, on November 30, 2011. This bill would direct the Director of National Intelligence to establish procedures to share cyber threat intelligence with private cybersecurity providers with appropriate security clearances that provide goods or services intended to be used for cybersecurity purposes. This legislation explicitly states that cybersecurity purposes "means the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network," which includes protection against "efforts to degrade, disrupt, or destroy such system or network" or theft of "private or government information, intellectual property, or personally identifiable information." Additionally, if a private entity chooses to receive cybersecurity intelligence from the federal government, the private company would be required to take measures to protect that information from unauthorized disclosure.
CISPA would enable private cybersecurity providers to use the federal government's intelligence in order to protect its own system and its customers from cyber threats and attacks. While private companies would be able to share this information with the federal government, the company is not required to do so, and could opt to never share any information with the government. If it does, CISPA requires the information to be submitted anonymously or significantly minimized. Also, CISPA only allows private companies to use the information to protect itself and its customers, and CISPA does not allow the federal government or private entities to monitor individuals.
It is also important to note that H.R. 3523 does not expand the federal government's authority or surveillance abilities, does not allow the government to monitor individuals' phone records, and it does not allow the government to monitor or read individuals' emails. This bill also does not allow the government to shut down private websites, and CISPA specifically prohibits the federal government from requiring any private company to provide the government with cybersecurity information. As well, any information the government may receive can only be used for cybersecurity and national security purposes, but nothing beyond that, and it cannot be disclosed without the consent of the providing company. Furthermore, if the federal government violates this Act's provisions and wrongfully oversteps its authority, CISPA makes the federal government liable for damages to individuals in civil court. H.R. 3523 was referred to the Committee on Intelligence, of which I am not a Member. On December 1, 2011, the Committee held a markup of this bill and voted to send it to the full U.S. House of Representatives for consideration.
Like you, I believe each American's privacy protections should be upheld. As well, I have serious concerns that legislation enabling the federal government to block websites dangerously encroaches upon individuals' privacy and freedom of speech. However, I also believe private companies should be able to protect themselves, as well as their customers who voluntarily agree to have their personal information protected by private cybersecurity providers, from cyber threats and attacks.
That is why I supported an amendment to CISPA offered by Representative Mick Mulvaney to direct the federal government to create reasonable procedures to protect privacy and civil liberties, consistent with the needs of cybersecurity. I also voted for an amendment offered by Representative Ben Quayle to limit the use of shared cyber threat information to only five purposes: cybersecurity, to investigate and prosecute cyber crime, to protect individuals from death or physical injury, to protect minors from child pornography or risk of sexual exploitation, and to protect the national security of the United States. You will be pleased to know that both of these amendments were adopted and included in the final version of CISPA.
Shortly thereafter, CISPA passed in the U.S. House of Representatives, with my support, by a vote of 248 -- 168 on April 26, 2012, and now awaits action in the U.S. Senate. I voted for CISPA because it is paramount that the United States is protected from cyber threats from individuals trying to steal individual's personal information or crash entire networks. I also believe that the adoption of Representative Mulvaney and Representative Quayle's amendments will prevent companies and the federal government from overstepping their boundaries, in order to ensure individual freedoms and liberties are upheld.
I agree with the Heritage Foundation's analysis of CISPA, which found that "Instead of a command-and-control model that mandates certain actions and contemplates an expanded regulatory state, greater sharing within the private sector and between the government and private-sector actors is a modest first step that would, in a bipartisan way, attempt to harness the creativity and innovation of the American private sector." If you would like to read more about this analysis and why the Heritage Foundation supports CISPA, you can do so by reading articles on its website at www.heritage.org or www.heritage.org/morningbell.