How CISPA Works

History of the Bill

House Intelligence Committee Chairman Mike Rogers (R-MI) introduced the original version of CISPA in late 2011.
House Intelligence Committee Chairman Mike Rogers (R-MI) introduced the original version of CISPA in late 2011.
© Mark Wilson/Getty Images

The original CISPA was introduced as H.R. 3523 on Nov. 30, 2011 by Republican Mike Rogers of Michigan, chairman of the House Intelligence Committee, and co-sponsored by Democrat Dutch Ruppersberger of Maryland, ranking member of the same committee, as well as more than 20 other representatives, Democrat and Republican alike. It had the support of a lot of companies, including large telecommunications and tech companies, but faced a lot of opposition from civil liberties groups. On April 25, 2012, President Obama's administration even threatened that he would veto the bill for not doing enough to protect core infrastructure from cyberthreats and failing to protect the privacy, data confidentiality and civil liberties of individuals.

More than 40 amendments were proposed. Several pro-privacy amendments were rejected by the House Rules Committee on April 25. One amendment to allow the National Security Agency (NSA) or the Department of Homeland Security (DHS) additional surveillance authority was withdrawn on April 26. A few amendments were passed, increasing the original bill from 11 pages to 27 pages. These included the following:

  • The Minimization Retention and Notification Amendment, which added provisions for notifying entities that have sent data that the government determines is not cyberthreat related, limitations on the use of the data and a statement that mentioned possible efforts to limit privacy and civil liberty impacts.
  • The Definitions Amendment, which inserted or modified definitions for the terms "availability," "confidentiality," "cyber threat information," "cyber threat intelligence," "cybersecurity purpose," "cybersecurity system" and "integrity."
  • The Liability Amendment, which changed the wording of a section waiving liability of private entities for sharing information to include identifying or obtaining cyberthreat information.
  • The Limitation Amendment, which inserted a section that states that nothing in the bill will provide additional authority or modify existing authority of an entity to use a cybersecurity system owned by the federal government on a private-sector system or network.
  • The Use Amendment, which adds language outlining the allowed uses of cyberthreat information shared with the government.
  • A sunset clause was also added that makes the bill expire five years after its adoption.

The amended version of H.R. 3523 passed in the U.S. House of Representatives on April 26, 2012 by 248 to 168 votes, but never reached a vote in the U.S. Senate.

CISPA was reintroduced in the house by Senators Rogers and Ruppersberger in February 2013 under a different bill number, H.R. 624. It is virtually identical to the version of H.R. 3523 that passed the House in 2012.