Advertisement

Senate takes up CISA, at long last

The bill, S 754, the Cybersecurity Information Sharing Act of 2015, offers legal immunity to companies who share cyberthreat information with each other and the federal government. Two companion bills passed the House in April with wide bipartisan support, but the Senate bill has proved more controversial.

The Senate Tuesday began its long-delayed consideration of controversial legislation designed to encourage companies to share cyberthreat intelligence with each other and the federal government.

The bill’s authors, the chairman and vice chairwoman of the Senate Select Committee on Intelligence, told lawmakers they had worked hard to take into account the concerns of privacy activists, who have criticized the proposed law as a surveillance measure in cyber clothing.

“Nothing in this bill provides even the potential … for additional surveillance authorities,” said Intelligence Chairman Sen. Richard Burr, R-N.C.

Burr said the bill’s authors had met with a range of interested parties, including many of the bill’s fiercest critics. He said he hoped that changes made in committee earlier this year, and in a managers’ amendment, would allay privacy advocates’ concerns about what they say is the bill’s overly broad scope and unnecessarily vague language.

Advertisement

“This bill is the product of years of work and includes input from all sides of this issue,” said Vice Chairwoman Sen. Dianne Feinstein, D-Calif. “It balances security, personal privacy and liability protection.”

The bill, S. 754, the Cybersecurity Information Sharing Act of 2015, offers legal immunity to companies that share cyberthreat information with each other and the federal government. Two companion bills passed the House in April with wide bipartisan support, but the Senate bill has proved more controversial.

“I believe this bill will do little to make Americans safer,” said Sen. Ron Wyden, D-Ore. “But it will potentially reduce the privacy of millions of Americans in a very substantial way.”

Wyden has been the most vocal of a small coterie of senators who have vowed to amend or even block the legislation, saying it lacks safeguards against abuse and broadens the number of uses to which shared data can be put beyond just cybersecurity.

In addition to the managers’ amendment, 21 others have been listed for debate, but — without an agreement on time — it is unclear how many will end up being debated.

Advertisement

The amendments likely to provoke the most controversy include one from Sen. Sheldon Whitehouse, D-R.I., stiffening criminal penalties for hackers; one from Sen. Rand Paul, R-Ky., limiting immunity for breaches of user agreements; and a slew of proposals specifying what kind of information may be shared under the bill, with which agencies and what sorts of personal or other data has to be scrubbed.

Senate Majority Leader Mitch McConnell, R-Ky., said Tuesday he hopes to get a vote on passage by early next week. After that the bill would have to be reconciled with its counterparts in the House before going to the president for signature.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.

Latest Podcasts