U.S. Rep. Mike Thompson (CA-5), a senior member of the House Permanent Select Committee On Intelligence today introduced and passed several privacy related provisions to H.R. 624, the Cyber Intelligence Sharing and Protection Act (CISPA) during today's committee proceedings on the bill. CISPA allows for information sharing about cyber threats between the intelligence community and businesses. The intelligence community would keep businesses aware of potential cyber attacks that threaten national security and the economy. Businesses would keep the intelligence community informed when cyber attacks on their systems occur.
Thompson provisions address privacy concerns with the legislation.
"There is no reason we can't protect our country and economy against a crippling cyber security threat and protect the constitutional privacy rights of Americans," said Thompson. "The provisions I offered to this bill will provide additional oversight to the sharing of cyber threat information, makes sure that sensitive personal information is not exchanged, and that individual privacy rights are protected."
Thompson's first amendment would expand oversight of the information sharing by providing the Inspector General of the Intelligence Community, each agency's privacy officer and Congress with additional oversight authority. The amendment also requires a new report by the privacy officials of the Office of the Director of National Intelligence (ODNI) and the Department of Justice (DoJ), in consultation with the Privacy and Civil Liberties Oversight Board (PCLOB), the Office of Intelligence Community Inspector General, and individual agency's privacy officials. These reports are to be prepared in both a classified and unclassified form to guarantee CISPA's transparency and accountability moving forward.
The second provision authored by Thompson amends a committee amendment that deals with limiting the amount and kinds of information that can be shared by businesses with the intelligence community. The provision requires the head of each federal agency receiving cyber threat information to notify the Director of National Intelligence (DNI), the Attorney General, and the congressional intelligence committees of any significant violations of information sharing. It requires the DNI, in consultation with the Attorney General, the Secretary of the Department of Homeland Security (DHS), and the Secretary of Defense to oversee compliance with the bill's established limits on information sharing.
CISPA does not require anyone to provide anything to the government. All sharing of cyber threat information would be voluntary, it forbids the government from retaining information shared that is not cyber threat information, and it restricts the government to use cyber threat information for national security purposes.
Thompson's language amending CISPA passed unanimously. It is expected that H.R. 624 will be voted on by the full House of Representatives next week.