Today the House voted 288-127 to pass the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624. The bill passed by a wider margin than last Congress, with 92 Democrats voting in favor of H.R. 624. Several amendments regarding privacy concerns were adopted. Ranking Member Dutch Ruppersberger (D-MD) stated after the vote “CISPA recognizes that you can’t have true security without privacy, and you can’t have privacy without security. This bill effectively works to protect both.”

Read More

Yesterday afternoon the House Permanent Select Committee on Intelligence marked up H.R. 624, the Cyber Intelligence Sharing and Protection Act (CISPA), which was introduced in February. The bill passed the Committee by a vote of 18-2 after the approval of six amendments.

Ranking Member Dutch Ruppersberger (D-MD) praised the “collaborative effort” on improving privacy and civil liberties, while Chairman Mike Rogers (R-MI) noted the amended bill will help American businesses protect their networks from “cyber looters” while improving the cybersecurity marketplace, and without imposing unfunded mandates or additional federal regulation on the private sector.

Written by Jeff Sural, Counsel, Legislative & Public Policy, Privacy & Data Security | Alston & Bird LLP

House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) re-introduced the Cyber Intelligence Sharing and Protection Act (CISPA) this morning. The bill has been numbered H.R. 624.

In their press release, Chairman Rogers and Ranking Member Ruppersberger confirmed that this bill is identical to the version that the full House of Representatives approved by a bipartisan vote of 248-168 on April 26, 2012. The bill sponsors also noted that CISPA had 112 bipartisan cosponsors last Congress. As with all pending legislation in Congress, the start of the 113th Congress last month required the bill sponsors to reintroduce the bill in order to begin the Congressional consideration process again this session.

Read More

Last evening, the Senate Judiciary Committee approved by voice vote a location privacy bill -- S. 1223, the Location Privacy Protection Act -- sponsored by Senator Al Franken (D-MN) and cosponsored by four other Democratic members of the committee. In his remarks before the vote, Senator Franken stated that “companies that collect our location information are not protecting it the way they should.”

Read More

This morning, Congressmen Edward J. Markey (D-MA) and Joe Barton, (R-TX), Co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, hosted a roundtable briefing with Federal Trade Commission (FTC) Chairman Jonathan Leibowitz, FTC Commissioner Julie Brill, and invited representatives of companies and consumer advocacy groups to discuss the “data broker” industry and consumer concerns with the transparency of data collection practices.

Read More

Chief executives of each of the Fortune 500 companies will soon receive a letter from Senator John D. Rockefeller IV (D-W.Va.) asking them to describe how their companies address computer network security, or “cybersecurity.” In the letter, Senator Rockefeller explains that he is addressing Fortune 500 companies directly because of the recent stalling of the Cybersecurity Act (S. 3414) in the U.S. Senate.

Read More

Rep. Ed Markey (D-MA) today introduced in the U.S. House of Representatives the “Mobile Device Privacy Act”, which was numbered H.R. 6377 and will be referred to the House Energy & Commerce Committee for further consideration. Congressman Markey serves as a member of the committee and Co-Chair of the Bi-Partisan Congressional Privacy Caucus. In his released statement, the Congressman remarked, “Consumers should be in control of their personal information, including if and when their mobile devices are transmitting data to third parties.”

Read More

This afternoon, Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC) reintroduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act, which now bears the number S. 3342.

Read More

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP

Last week, the U.S. House of Representatives passed a slate of four cybersecurity bills as part of “Cyber Week." Here is a brief recap of the House activity:

• On Thursday, April 26, the House approved H.R. 3523, the Cyber Intelligence Sharing and Protection Act, by a vote of 248-168. The final version of the bill included amendments that addressed definitions of what information can be shared, limiting it to information linked specifically to threats to government or private networks (“cyber threat information”). An amendment offered by Rep. Mike Pompeo (R-KS) and approved by the House clarified that the Act would not alter or add government authority over private networks. Another approved amendment, offered by Rep. Ben Quayle (R-AZ), limits the use of cyber threat information, received by the government from the private sector, for cybersecurity purposes and for certain other specified purposes, including its use to prevent cyber threats and crimes to citizens that could cause them death or serious bodily harm, and its use to protect minors from sexual crimes and pornography. The bill was also amended to have it require reauthorization (or “sunset”) after five years.

Read More

Today the Obama Administration issued a Statement of Administration Policy (SAP) opposing the principal House cybersecurity bill, HR 3523, CISPA (Rogers-Ruppersberger). It states (in its final sentence) that, “if HR 3523 were presented to the President, his senior advisors would recommend he veto the bill.” As much discussed and pointed out in today’s House Rules Committee meeting, this language is not as strong as language that could have been inserted in the SAP to the effect that the President “will veto” the bill if it passes Congress. The bill is scheduled to be taken up on the House floor as early as tomorrow afternoon (with actual timing subject to when the Rules Committee issues a rule on amendments that will be in order). The vote on the amendments and bill are expected to conclude by Friday of this week, before the House begins a week-long recess next week.

Written by Paul Martino, Partner | Alston & Bird LLP

The House will be considering on the floor this week (dubbed “Cyber Week”), the following four cybersecurity bills, as described by Speaker Boehner in a press release last Friday:

• Cyber Intelligence Sharing and Protection Act (H.R. 3523), introduced by Intelligence Committee Chairman Mike Rogers (R-MI), will help private sector job creators defend themselves from attacks from countries like China and Russia by allowing the government to provide the intelligence information needed to protect their networks and their customers’ privacy. The bill also provides positive authority to private-sector entities to defend their own networks and to those of their customers, and to share cyber threat information with others in the private sector, as well as with the federal government on a purely voluntary basis.

Read More

Last week the FTC issued its final report to address privacy issues associated with new and emerging technologies and business models (“Report”). This follows the FTC’s preliminary report issued in December 2010. Since the preliminary report, the FTC received and considered over 450 comments prior to making its final recommendations.

The Report articulates a privacy framework of best practices (“Framework”) for businesses to follow in developing and implementing privacy and security practices relating to the collection and use of consumer data. While not legally binding, the Framework is an indication of how the FTC will use its enforcement and regulatory authority, including its authority to challenge unfair or deceptive practices, under Section 5 of the FTC Act. As such, companies should pay close attention to the Framework in order to mitigate any FTC enforcement actions.

Read More

Yesterday, the House Intelligence Committee passed H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011, by a nearly unanimous vote of 17-1. The legislation, which was introduced Wednesday by Committee Chairman Mike Rogers (R-MI), with the support and cosponsorship of a bipartisan group of 28 House members, would provide for sharing of certain classified cyber threat intelligence and information between the U.S. Government’s intelligence community and approved private sector companies and organizations. During the Committee’s markup of the bill, two amendments were approved by voice vote; the first, introduced by Chairman Rogers and Ranking Member Dutch Ruppersberger (D-MD) enhances the privacy protections in the bill by restricting the government’s use of information provided to it from private parties, and the second, introduced by Mike Thompson (D-CA) would require an annual report to Congress from the Inspector General of the Intelligence Community on information voluntarily provided by the private sector to the government to ensure it was shared for cybersecurity purposes. These reports will aid the Intelligence Committee in exercising proper Congressional oversight of the program going forward.

Read More

This afternoon the House Republican Cybersecurity Task Force announced a report containing its recommendations on federal cybersecurity legislation pursuant to a request by the House Republican leadership to examine four critical areas: critical infrastructure and incentives, information sharing and public-private partnerships, existing cybersecurity laws, and legal authorities.

Read More

The Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee held a hearing this morning on a staff discussion draft of the SAFE Data Act, a bill to require greater protection for sensitive consumer data and timely notification in case of breach. The witness list, witness statements, background memorandum and a copy of the draft bill may be found here.

Today, Senators Patrick Leahy (D-Vt.), Chairman of the Senate Judiciary Committee, Benjamin Cardin (D-Md.), Al Franken (D-Minn.) and Charles Schumer (D-N.Y.) introduced the Personal Data Privacy and Security Act of 2011, a bill to prevent and mitigate identity theft, ensure privacy, provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access and misuse of personally identifiable information.

The Senate Commerce Committee held a hearing today entitled "Consumer Privacy and Protection in the Mobile Marketplace." The hearing examined the collection, storage and sharing of data from mobile devices. The witness list, witness statements and an archived webcast of the hearing may be found here.

Senator Patrick Leahy (D-Vt.), Chairman of the Senate Judiciary Committee, has introduced the Electronic Communications Privacy Act Amendments Act of 2011, a bill that would update the Electronic Communications Privacy Act (Pub. L. No. 99-508, 100 Stat. 1848, 18 U.S.C. 2501 et seq.) and provide enhanced protection for email and online communications. The bill would also provide for protection of location information that is collected and stored by mobile devices and applications.

Congressmen Ed Markey (D-Mass), and Joe Barton (R-Tx.), Co-Chairs of the Bi-Partisan Congressional Privacy Caucus, introduced the Do Not Track Kids Act of 2011, a bill which would amend the Children’s Online Privacy Protection Act (COPPA) (Pub. L. No. 105-277, 112 Stat. 2681-728, 15 U.S.C. 6501 et seq.) to extend, enhance and update the provisions relating to the collection, use and disclosure of children’s personal information. The bill also establishes new protections for the personal information of children and teens.