Homeland Security Act of 2002: Critical Infrastructure Information Act (also called the Critical Infrastructure Information Act of 2002 (CIIA)), Pub. L. No. 107-296 (Titles II and III), 116 Stat. 2135, §§211-215 (Nov. 25, 2002) (full-text), codified at 6 U.S.C. §§121-195c, 441-444, and 481-486; as amended by the Intelligence Reform and Terrorism Prevention Act of 2004, and the Implementing Recommendations of the 9/11 Commission Act of 2007.
The Act, signed by the President on November 25, 2002, created a Cabinet-level department (the Department of Homeland Security), headed by a Secretary of Homeland Security with the mandate and legal authority to:
- Prevent terrorist attacks within the United States.
- Reduce the vulnerability of the United States to terrorism at home.
- Minimize the damage and assist in the recovery from terrorist attacks that occur.
- Ensure that the overall economic security of the United States is not diminished by efforts, activities, and programs aimed at securing the homeland.
Critical infrastructure protection
The Act assigned the DHS a number of critical infrastructure protection responsibilities, including: (1) developing a comprehensive national plan for securing the key resources and critical infrastructures of the United States; (2) recommending measures to protect the key resources and critical infrastructures of the United States in coordination with other groups and in cooperation with state and local government agencies and authorities, the private sector, and other entities; and (3) disseminating, as appropriate, information analyzed by the department both within the department and to other federal agencies, state and local government agencies, and private sector entities to assist in the deterrence, prevention, preemption of, or response to terrorist attacks.
To help accomplish these functions, the act created the Information Analysis and Infrastructure Protection Directorate within the department and transferred to it the functions, personnel, assets, and liabilities of several existing organizations with critical infrastructure protection responsibilities, including the National Infrastructure Protection Center (NIPC) and the Computer Investigations and Operations Section (CIOS).
The Act also amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968, the Electronic Communications Privacy Act of 1986, and the Foreign Intelligence Surveillance Act of 1978 to authorize sharing the results of the federal government’s information gathering efforts under those statutes with relevant foreign, state and local officials.
- ensuring that technologies sustain, and do not erode, privacy protections;
- ensuring that personal information contained in Privacy Act of 1974 systems of records is handled in full compliance with fair information practices as set out in the Act;
- evaluating legislative and regulatory proposals and conducting privacy impact assessments of proposed rules;
- coordinating functions with the Officer for Civil Rights and Civil Liberties;
- preparing an annual report to Congress (without prior comment or amendment by agency heads or OMB); and
- having authority to investigate and having access to privacy-related records, including through subpoena in certain circumstances.
- Pub. L. No. 107-296, November 25, 2002, as amended by the Intelligence Reform and Terrorism Prevention Act of 2004, §8305, and the Implementing Recommendations of the 9/11 Commission Act of 2007, §802.