The IT Law Wiki
Register
Advertisement

Citation[]

Homeland Security Act of 2002: Critical Infrastructure Information Act (also called the Critical Infrastructure Information Act of 2002 (CIIA)), Pub. L. No. 107-296 (Titles II and III), 116 Stat. 2135, §§211-215 (Nov. 25, 2002) (full-text), codified at 6 U.S.C. §§121-195c, 441-444, and 481-486; as amended by the Intelligence Reform and Terrorism Prevention Act of 2004, and the Implementing Recommendations of the 9/11 Commission Act of 2007.

Overview[]

The Act, signed by the President on November 25, 2002, created a Cabinet-level department (the Department of Homeland Security), headed by a Secretary of Homeland Security with the mandate and legal authority to:

  • Prevent terrorist attacks within the United States.
  • Reduce the vulnerability of the United States to terrorism at home.
  • Minimize the damage and assist in the recovery from terrorist attacks that occur.
  • Ensure that the overall economic security of the United States is not diminished by efforts, activities, and programs aimed at securing the homeland.

Critical infrastructure protection[]

The Act assigned the DHS a number of critical infrastructure protection responsibilities, including: (1) developing a comprehensive national plan for securing the key resources and critical infrastructures of the United States; (2) recommending measures to protect the key resources and critical infrastructures of the United States in coordination with other groups and in cooperation with state and local government agencies and authorities, the private sector, and other entities; and (3) disseminating, as appropriate, information analyzed by the department both within the department and to other federal agencies, state and local government agencies, and private sector entities to assist in the deterrence, prevention, preemption of, or response to terrorist attacks.

To help accomplish these functions, the act created the Information Analysis and Infrastructure Protection Directorate within the department and transferred to it the functions, personnel, assets, and liabilities of several existing organizations with critical infrastructure protection responsibilities, including the National Infrastructure Protection Center (NIPC) and the Computer Investigations and Operations Section (CIOS).

Information sharing[]

The Act also amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968, the Electronic Communications Privacy Act of 1986, and the Foreign Intelligence Surveillance Act of 1978 to authorize sharing the results of the federal government’s information gathering efforts under those statutes with relevant foreign, state and local officials.

Privacy provisions[]

Section 222 of the Act, as amended,[1] instructed the secretary of the Department of Homeland Security to appoint a senior official with primary responsibility for privacy policy, including the following:

References[]

  1. Pub. L. No. 107-296, November 25, 2002, as amended by the Intelligence Reform and Terrorism Prevention Act of 2004, §8305, and the Implementing Recommendations of the 9/11 Commission Act of 2007, §802.
Advertisement