Collapse to view only § 485. Information sharing

§ 481. Short title; findings; and sense of Congress
(a) Short title
(b) Findings
Congress finds the following:
(1) The Federal Government is required by the Constitution to provide for the common defense, which includes terrorist attack.
(2) The Federal Government relies on State and local personnel to protect against terrorist attack.
(3) The Federal Government collects, creates, manages, and protects classified and sensitive but unclassified information to enhance homeland security.
(4) Some homeland security information is needed by the State and local personnel to prevent and prepare for terrorist attack.
(5) The needs of State and local personnel to have access to relevant homeland security information to combat terrorism must be reconciled with the need to preserve the protected status of such information and to protect the sources and methods used to acquire such information.
(6) Granting security clearances to certain State and local personnel is one way to facilitate the sharing of information regarding specific terrorist threats among Federal, State, and local levels of government.
(7) Methods exist to declassify, redact, or otherwise adapt classified information so it may be shared with State and local personnel without the need for granting additional security clearances.
(8) State and local personnel have capabilities and opportunities to gather information on suspicious activities and terrorist threats not possessed by Federal agencies.
(9) The Federal Government and State and local governments and agencies in other jurisdictions may benefit from such information.
(10) Federal, State, and local governments and intelligence, law enforcement, and other emergency preparation and response agencies must act in partnership to maximize the benefits of information gathering and analysis to prevent and respond to terrorist attacks.
(11) Information systems, including the National Law Enforcement Telecommunications System and the Terrorist Threat Warning System, have been established for rapid sharing of classified and sensitive but unclassified information among Federal, State, and local entities.
(12) Increased efforts to share homeland security information should avoid duplicating existing information systems.
(c) Sense of Congress
(Pub. L. 107–296, title VIII, § 891, Nov. 25, 2002, 116 Stat. 2252.)
§ 482. Facilitating homeland security information sharing procedures
(a) Procedures for determining extent of sharing of homeland security information
(1) The President shall prescribe and implement procedures under which relevant Federal agencies—
(A) share relevant and appropriate homeland security information with other Federal agencies, including the Department, and appropriate State and local personnel;
(B) identify and safeguard homeland security information that is sensitive but unclassified; and
(C) to the extent such information is in classified form, determine whether, how, and to what extent to remove classified information, as appropriate, and with which such personnel it may be shared after such information is removed.
(2) The President shall ensure that such procedures apply to all agencies of the Federal Government.
(3) Such procedures shall not change the substantive requirements for the classification and safeguarding of classified information.
(4) Such procedures shall not change the requirements and authorities to protect sources and methods.
(b) Procedures for sharing of homeland security information
(1) Under procedures prescribed by the President, all appropriate agencies, including the intelligence community, shall, through information sharing systems, share homeland security information with Federal agencies and appropriate State and local personnel to the extent such information may be shared, as determined in accordance with subsection (a), together with assessments of the credibility of such information.
(2) Each information sharing system through which information is shared under paragraph (1) shall—
(A) have the capability to transmit unclassified or classified information, though the procedures and recipients for each capability may differ;
(B) have the capability to restrict delivery of information to specified subgroups by geographic location, type of organization, position of a recipient within an organization, or a recipient’s need to know such information;
(C) be configured to allow the efficient and effective sharing of information; and
(D) be accessible to appropriate State and local personnel.
(3) The procedures prescribed under paragraph (1) shall establish conditions on the use of information shared under paragraph (1)—
(A) to limit the redissemination of such information to ensure that such information is not used for an unauthorized purpose;
(B) to ensure the security and confidentiality of such information;
(C) to protect the constitutional and statutory rights of any individuals who are subjects of such information; and
(D) to provide data integrity through the timely removal and destruction of obsolete or erroneous names and information.
(4) The procedures prescribed under paragraph (1) shall ensure, to the greatest extent practicable, that the information sharing system through which information is shared under such paragraph include existing information sharing systems, including, but not limited to, the National Law Enforcement Telecommunications System, the Regional Information Sharing System, and the Terrorist Threat Warning System of the Federal Bureau of Investigation.
(5) Each appropriate Federal agency, as determined by the President, shall have access to each information sharing system through which information is shared under paragraph (1), and shall therefore have access to all information, as appropriate, shared under such paragraph.
(6) The procedures prescribed under paragraph (1) shall ensure that appropriate State and local personnel are authorized to use such information sharing systems—
(A) to access information shared with such personnel; and
(B) to share, with others who have access to such information sharing systems, the homeland security information of their own jurisdictions, which shall be marked appropriately as pertaining to potential terrorist activity.
(7) Under procedures prescribed jointly by the Director of Central Intelligence and the Attorney General, each appropriate Federal agency, as determined by the President, shall review and assess the information shared under paragraph (6) and integrate such information with existing intelligence.
(c) Sharing of classified information and sensitive but unclassified information with State and local personnel
(1) The President shall prescribe procedures under which Federal agencies may, to the extent the President considers necessary, share with appropriate State and local personnel homeland security information that remains classified or otherwise protected after the determinations prescribed under the procedures set forth in subsection (a).
(2) It is the sense of Congress that such procedures may include 1 or more of the following means:
(A) Carrying out security clearance investigations with respect to appropriate State and local personnel.
(B) With respect to information that is sensitive but unclassified, entering into nondisclosure agreements with appropriate State and local personnel.
(C) Increased use of information-sharing partnerships that include appropriate State and local personnel, such as the Joint Terrorism Task Forces of the Federal Bureau of Investigation, the Anti-Terrorism Task Forces of the Department of Justice, and regional Terrorism Early Warning Groups.
(3)
(A) The Secretary shall establish a program to provide appropriate training to officials described in subparagraph (B) in order to assist such officials in—
(i) identifying sources of potential terrorist threats through such methods as the Secretary determines appropriate;
(ii) reporting information relating to such potential terrorist threats to the appropriate Federal agencies in the appropriate form and manner;
(iii) assuring that all reported information is systematically submitted to and passed on by the Department for use by appropriate Federal agencies; and
(iv) understanding the mission and roles of the intelligence community to promote more effective information sharing among Federal, State, and local officials and representatives of the private sector to prevent terrorist attacks against the United States.
(B) The officials referred to in subparagraph (A) are officials of State and local government agencies and representatives of private sector entities with responsibilities relating to the oversight and management of first responders, counterterrorism activities, or critical infrastructure.
(C) The Secretary shall consult with the Attorney General to ensure that the training program established in subparagraph (A) does not duplicate the training program established in section 908 of the USA PATRIOT Act (Public Law 107–56; 28 U.S.C. 509 note).
(D) The Secretary shall carry out this paragraph in consultation with the Director of Central Intelligence and the Attorney General.
(d) Responsible officials
(e) Federal control of information
(f) DefinitionsAs used in this section:
(1) The term “homeland security information” means any information possessed by a Federal, State, or local agency that—
(A) relates to the threat of terrorist activity;
(B) relates to the ability to prevent, interdict, or disrupt terrorist activity;
(C) would improve the identification or investigation of a suspected terrorist or terrorist organization; or
(D) would improve the response to a terrorist act.
(2) The term “intelligence community” has the meaning given such term in section 3003(4) of title 50.
(3) The term “State and local personnel” means any of the following persons involved in prevention, preparation, or response for terrorist attack:
(A) State Governors, mayors, and other locally elected officials.
(B) State and local law enforcement personnel and firefighters.
(C) Public health and medical professionals.
(D) Regional, State, and local emergency management agency personnel, including State adjutant generals.
(E) Other appropriate emergency response agency personnel.
(F) Employees of private-sector entities that affect critical infrastructure, cyber, economic, or public health security, as designated by the Federal Government in procedures developed pursuant to this section.
(4) The term “State” includes the District of Columbia and any commonwealth, territory, or possession of the United States.
(g) Construction
(Pub. L. 107–296, title VIII, § 892, Nov. 25, 2002, 116 Stat. 2253; Pub. L. 108–177, title III, § 316(a), Dec. 13, 2003, 117 Stat. 2610.)
§ 483. Report
(a) Report required
(b) Specified congressional committees
The congressional committees referred to in subsection (a) are the following committees:
(1) The Permanent Select Committee on Intelligence and the Committee on the Judiciary of the House of Representatives.
(2) The Select Committee on Intelligence and the Committee on the Judiciary of the Senate.
(Pub. L. 107–296, title VIII, § 893, Nov. 25, 2002, 116 Stat. 2255.)
§ 484. Authorization of appropriations

There are authorized to be appropriated such sums as may be necessary to carry out section 482 of this title.

(Pub. L. 107–296, title VIII, § 894, Nov. 25, 2002, 116 Stat. 2256.)
§ 484a. Reciprocal information sharing

Acting in accordance with a bilateral or multilateral arrangement, the Secretary, in the Secretary’s discretion and on the basis of reciprocity, may provide information from the National Sex Offender Registry relating to a conviction for a sex offense against a minor (as such terms are defined in section 20911 of title 34) to a foreign government upon the request of the foreign government, and may receive comparable information from the foreign government.

(Pub. L. 107–296, title VIII, § 895, as added Pub. L. 117–347, title III, § 323(a)(1)(B), Jan. 5, 2023, 136 Stat. 6207.)
§ 485. Information sharing
(a) DefinitionsIn this section:
(1) Homeland security information
(2) Information Sharing Council
(3) Information sharing environment
(4) Program manager
(5) Terrorism informationThe term “terrorism information”—
(A) means all information, whether collected, produced, or distributed by intelligence, law enforcement, military, homeland security, or other activities relating to—
(i) the existence, organization, capabilities, plans, intentions, vulnerabilities, means of finance or material support, or activities of foreign or international terrorist groups or individuals, or of domestic groups or individuals involved in transnational terrorism;
(ii) threats posed by such groups or individuals to the United States, United States persons, or United States interests, or to those of other nations;
(iii) communications of or by such groups or individuals; or
(iv) groups or individuals reasonably believed to be assisting or associated with such groups or individuals; and
(B) includes weapons of mass destruction information.
(6) Weapons of mass destruction information
(b) Information sharing environment
(1) EstablishmentThe President shall—
(A) create an information sharing environment for the sharing of terrorism information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties;
(B) designate the organizational and management structures that will be used to operate and manage the ISE; and
(C) determine and enforce the policies, directives, and rules that will govern the span and usage of the ISE.
(2) AttributesThe President shall, through the structures described in subparagraphs (B) and (C) of paragraph (1), ensure that the ISE provides and facilitates the means for sharing terrorism information among all appropriate Federal, State, local, and tribal entities, and the private sector through the use of policy guidelines and technologies. The President shall, to the greatest extent practicable, ensure that the ISE provides the functional equivalent of, or otherwise supports, a decentralized, distributed, and coordinated environment that—
(A) connects existing systems, where appropriate, provides no single points of failure, and allows users to share information among agencies, between levels of government, and, as appropriate, with the private sector;
(B) ensures direct and continuous online electronic access to information;
(C) facilitates the availability of information in a form and manner that facilitates its use in analysis, investigations and operations;
(D) builds upon existing systems capabilities currently in use across the Government;
(E) employs an information access management approach that controls access to data rather than just systems and networks, without sacrificing security;
(F) facilitates the sharing of information at and across all levels of security;
(G) provides directory services, or the functional equivalent, for locating people and information;
(H) incorporates protections for individuals’ privacy and civil liberties;
(I) incorporates strong mechanisms to enhance accountability and facilitate oversight, including audits, authentication, and access controls;
(J) integrates the information within the scope of the information sharing environment, including any such information in legacy technologies;
(K) integrates technologies, including all legacy technologies, through Internet-based services, consistent with appropriate security protocols and safeguards, to enable connectivity among required users at the Federal, State, and local levels;
(L) allows the full range of analytic and operational activities without the need to centralize information within the scope of the information sharing environment;
(M) permits analysts to collaborate both independently and in a group (commonly known as “collective and noncollective collaboration”), and across multiple levels of national security information and controlled unclassified information;
(N) provides a resolution process that enables changes by authorized officials regarding rules and policies for the access, use, and retention of information within the scope of the information sharing environment; and
(O) incorporates continuous, real-time, and immutable audit capabilities, to the maximum extent practicable.
(3) Delegation
(A) In general
(B) Limitation
(c) Preliminary reportNot later than 180 days after December 17, 2004, the program manager shall, in consultation with the Information Sharing Council—
(1) submit to the President and Congress a description of the technological, legal, and policy issues presented by the creation of the ISE, and the way in which these issues will be addressed;
(2) establish an initial capability to provide electronic directory services, or the functional equivalent, to assist in locating in the Federal Government intelligence and terrorism information and people with relevant knowledge about intelligence and terrorism information; and
(3) conduct a review of relevant current Federal agency capabilities, databases, and systems for sharing information.
(d) Guidelines and requirementsAs soon as possible, but in no event later than 270 days after December 17, 2004, the President shall—
(1) leverage all ongoing efforts consistent with establishing the ISE and issue guidelines for acquiring, accessing, sharing, and using information, including guidelines to ensure that information is provided in its most shareable form, such as by using tearlines to separate out data from the sources and methods by which the data are obtained;
(2) in consultation with the Privacy and Civil Liberties Oversight Board established under section 2000ee of title 42, issue guidelines that—
(A) protect privacy and civil liberties in the development and use of the ISE; and
(B) shall be made public, unless nondisclosure is clearly necessary to protect national security; and
(3) require the heads of Federal departments and agencies to promote a culture of information sharing by—
(A) reducing disincentives to information sharing, including over-classification of information and unnecessary requirements for originator approval, consistent with applicable laws and regulations; and
(B) providing affirmative incentives for information sharing.
(e) Implementation plan reportNot later than one year after December 17, 2004, the President shall, with the assistance of the program manager, submit to Congress a report containing an implementation plan for the ISE. The report shall include the following:
(1) A description of the functions, capabilities, resources, and conceptual design of the ISE, including standards.
(2) A description of the impact on enterprise architectures of participating agencies.
(3) A budget estimate that identifies the incremental costs associated with designing, testing, integrating, deploying, and operating the ISE.
(4) A project plan for designing, testing, integrating, deploying, and operating the ISE.
(5) The policies and directives referred to in subsection (b)(1)(C), as well as the metrics and enforcement mechanisms that will be utilized.
(6) Objective, systemwide performance measures to enable the assessment of progress toward achieving the full implementation of the ISE.
(7) A description of the training requirements needed to ensure that the ISE will be adequately implemented and properly utilized.
(8) A description of the means by which privacy and civil liberties will be protected in the design and operation of the ISE.
(9) The recommendations of the program manager, in consultation with the Information Sharing Council, regarding whether, and under what conditions, the ISE should be expanded to include other intelligence information.
(10) A delineation of the roles of the Federal departments and agencies that will participate in the ISE, including an identification of the agencies that will deliver the infrastructure needed to operate and manage the ISE (as distinct from individual department or agency components that are part of the ISE), with such delineation of roles to be consistent with—
(A) the authority of the Director of National Intelligence under this title,1
1 See References in Text note below.
and the amendments made by this title,1 to set standards for information sharing throughout the intelligence community; and
(B) the authority of the Secretary of Homeland Security and the Attorney General, and the role of the Department of Homeland Security and the Department of Justice, in coordinating with State, local, and tribal officials and the private sector.
(11) The recommendations of the program manager, in consultation with the Information Sharing Council, for a future management structure for the ISE, including whether the position of program manager should continue to remain in existence.
(f) Program manager
(1) Designation
(2) Duties and responsibilities
(A) In generalThe program manager shall, in consultation with the Information Sharing Council—
(i) plan for and oversee the implementation of, and manage, the ISE;
(ii) assist in the development of policies, as appropriate, to foster the development and proper operation of the ISE;
(iii) consistent with the direction and policies issued by the President, the Director of National Intelligence, and the Director of the Office of Management and Budget, issue governmentwide procedures, guidelines, instructions, and functional standards, as appropriate, for the management, development, and proper operation of the ISE;
(iv) identify and resolve information sharing disputes between Federal departments, agencies, and components; and
(v) assist, monitor, and assess the implementation of the ISE by Federal departments and agencies to ensure adequate progress, technological consistency and policy compliance; and regularly report the findings to Congress.
(B) Content of policies, procedures, guidelines, rules, and standardsThe policies, procedures, guidelines, rules, and standards under subparagraph (A)(ii) shall—
(i) take into account the varying missions and security requirements of agencies participating in the ISE;
(ii) address development, implementation, and oversight of technical standards and requirements;
(iii) take into account ongoing and planned efforts that support development, implementation and management of the ISE;
(iv) address and facilitate information sharing between and among departments and agencies of the intelligence community, the Department of Defense, the homeland security community and the law enforcement community;
(v) address and facilitate information sharing between Federal departments and agencies and State, tribal, and local governments;
(vi) address and facilitate, as appropriate, information sharing between Federal departments and agencies and the private sector;
(vii) address and facilitate, as appropriate, information sharing between Federal departments and agencies with foreign partners and allies; and
(viii) ensure the protection of privacy and civil liberties.
(g) Information Sharing Council
(1) Establishment
(2) Specific dutiesIn assisting the President and the program manager in their duties under this section, the Information Sharing Council shall—
(A) advise the President and the program manager in developing policies, procedures, guidelines, roles,2
2 So in original. Probably should be “rules,”.
and standards necessary to establish, implement, and maintain the ISE;
(B) work to ensure coordination among the Federal departments and agencies participating in the ISE in the establishment, implementation, and maintenance of the ISE;
(C) identify and, as appropriate, recommend the consolidation and elimination of current programs, systems, and processes used by Federal departments and agencies to share information, and recommend, as appropriate, the redirection of existing resources to support the ISE;
(D) identify gaps, if any, between existing technologies, programs and systems used by Federal departments and agencies to share information and the parameters of the proposed information sharing environment;
(E) recommend solutions to address any gaps identified under subparagraph (D);
(F) recommend means by which the ISE can be extended to allow interchange of information between Federal departments and agencies and appropriate authorities of State and local governments;
(G) assist the program manager in identifying and resolving information sharing disputes between Federal departments, agencies, and components;
(H) identify appropriate personnel for assignment to the program manager to support staffing needs identified by the program manager; and
(I) recommend whether or not, and by which means, the ISE should be expanded so as to allow future expansion encompassing other relevant categories of information.
(3) Consultation
(4) Inapplicability of chapter 10 of title 5
(5) Detailees
(h) Agency responsibilitiesThe head of each department or agency that possesses or uses intelligence or terrorism information, operates a system in the ISE, or otherwise participates (or expects to participate) in the ISE shall—
(1) ensure full department or agency compliance with information sharing policies, procedures, guidelines, rules, and standards established under subsections (b) and (f);
(2) ensure the provision of adequate resources for systems and activities supporting operation of and participation in the ISE;
(3) ensure full department or agency cooperation in the development of the ISE to implement governmentwide information sharing; and
(4) submit, at the request of the President or the program manager, any reports on the implementation of the requirements of the ISE within such department or agency.
(i) Report on the information sharing environment
(1) In generalNot later than 180 days after August 3, 2007, the President shall report to the Committee on Homeland Security and Governmental Affairs of the Senate, the Select Committee on Intelligence of the Senate, the Committee on Homeland Security of the House of Representatives, and the Permanent Select Committee on Intelligence of the House of Representatives on the feasibility of—
(A) eliminating the use of any marking or process (including “Originator Control”) intended to, or having the effect of, restricting the sharing of information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, between and among participants in the information sharing environment, unless the President has—
(i) specifically exempted categories of information from such elimination; and
(ii) reported that exemption to the committees of Congress described in the matter preceding this subparagraph; and
(B) continuing to use Federal agency standards in effect on August 3, 2007, for the collection, sharing, and access to information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, relating to citizens and lawful permanent residents;
(C) replacing the standards described in subparagraph (B) with a standard that would allow mission-based or threat-based permission to access or share information within the scope of the information sharing environment, including homeland security information, terrorism information, and weapons of mass destruction information, for a particular purpose that the Federal Government, through an appropriate process established in consultation with the Privacy and Civil Liberties Oversight Board established under section 2000ee of title 42, has determined to be lawfully permissible for a particular agency, component, or employee (commonly known as an “authorized use” standard); and
(D)
(i) the use of such information is reasonably expected to produce results materially equivalent to the use of information that is transferred or stored in a non-anonymized form; and
(ii) such use is consistent with any mission of that department, agency, or component (including any mission under a Federal statute or directive of the President) that involves the storage, retention, sharing, or exchange of personally identifiable information.
(2) Definition
(j) Additional positionsThe program manager is authorized to hire not more than 40 full-time employees to assist the program manager in—
(1) activities associated with the implementation of the information sharing environment, including—
(A) implementing the requirements under subsection (b)(2); and
(B) any additional implementation initiatives to enhance and expedite the creation of the information sharing environment; and
(2) identifying and resolving information sharing disputes between Federal departments, agencies, and components under subsection (f)(2)(A)(iv).
(k) Authorization of appropriations
(Pub. L. 108–458, title I, § 1016, Dec. 17, 2004, 118 Stat. 3664; Pub. L. 110–53, title V, § 504, Aug. 3, 2007, 121 Stat. 313; Pub. L. 111–259, title VIII, § 806(a)(1), Oct. 7, 2010, 124 Stat. 2748; Pub. L. 116–92, div. E, title LXIV, § 6402, Dec. 20, 2019, 133 Stat. 2196; Pub. L. 116–260, div. W, title III, § 307, Dec. 27, 2020, 134 Stat. 2368; Pub. L. 117–263, div. F, title LXVIII, § 6811(c)(1), Dec. 23, 2022, 136 Stat. 3600; Pub. L. 117–286, § 4(a)(17), Dec. 27, 2022, 136 Stat. 4307.)
§ 486. Limitation of liability

A person who has completed a security awareness training course approved by or operated under a cooperative agreement with the Department of Homeland Security using funds made available in fiscal year 2006 and thereafter or in any prior appropriations Acts, who is enrolled in a program recognized or acknowledged by an Information Sharing and Analysis Center, and who reports a situation, activity or incident pursuant to that program to an appropriate authority, shall not be liable for damages in any action brought in a Federal or State court which result from any act or omission unless such person is guilty of gross negligence or willful misconduct.

(Pub. L. 109–90, title V, § 541, Oct. 18, 2005, 119 Stat. 2089.)