Cybersecurity Bill Nears Crucial Senate Vote

Privacy advocates warn CISA could funnel more private information into the hands of the NSA.

Senate Intelligence Committee Chairman Sen. Richard Burr confers with committee Vice-Chair Sen. Dianne Feinstein and committee member Sen. Ron Wyden. (ASSOCIATED PRESS)

The Sen­ate on Tuesday took up a con­tro­ver­sial cybersecurity bill that has drawn the ire of pri­vacy ad­voc­ates.

Sen­ate Ma­jor­ity Lead­er Mitch Mc­Con­nell moved to open de­bate on the Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act, or CISA, which would en­cour­age private com­pan­ies to share in­form­a­tion about cy­ber­threats with each oth­er and with the fed­er­al gov­ern­ment.

“We in­tend to pass the cy­ber­se­cur­ity bill,” Mc­Con­nell told re­port­ers Tues­day. “It en­joys sig­ni­fic­ant bi­par­tis­an sup­port, and we think it’s im­port­ant. And we in­tend to see it through to com­ple­tion hope­fully early next week.”

Sup­port­ers say the bill would be a cru­cial tool for thwart­ing in­creas­ingly dam­aging cy­ber­at­tacks, like the ones on Sony Pic­tures and the Of­fice of Per­son­nel Man­age­ment. But pri­vacy ad­voc­ates warn it could give the Na­tion­al Se­cur­ity Agency ac­cess to vast new amounts of per­son­al in­form­a­tion on Amer­ic­ans.

Be­fore leav­ing for the Au­gust re­cess, sen­at­ors reached an agree­ment to vote on the bill as well as 22 amend­ments, which touch on everything from pri­vacy pro­tec­tions for in­di­vidu­als to li­ab­il­ity pro­tec­tions for com­pan­ies. The vote, however, was post­poned, as the Sen­ate dealt with oth­er time-sens­it­ive is­sues like the debt ceil­ing and Pres­id­ent Obama’s nuc­le­ar deal with Ir­an.

With no time agree­ment, vot­ing on 22 amend­ments could take far more time than the Sen­ate has to spare. For that reas­on, the bill’s co-sponsors, Sens. Richard Burr and Di­anne Fein­stein—chair­man and rank­ing mem­ber of the Sen­ate In­tel­li­gence Com­mit­tee, re­spect­ively—worked with oth­er sen­at­ors to bundle a num­ber of amend­ments to­geth­er in­to a single “man­ager’s” amend­ment.

Burr and Feinstein packed eight of the other proposed amendments into their manager's amendment, leaving the rest to receive individual votes. Burr said that he and Feinstein decided those amendments improved their bill and that they had agreed to oppose the rest.

The co-sponsors also added six changes that were not a part of the unanimous-consent agreement, a spokesman for Feinstein said Tuesday.

"Let's end this process in a matter of days," Burr said on the Senate floor. "We've proposed to vote on every amendment."

But when the Intelligence Committee chairman asked for unanimous consent to vote on the bill and its amendments on Thursday, he was stopped by Sen. Ron Wyden, a lead­ing crit­ic of CISA. Wyden said one of the amendments—a change put forward by Sen. Sheldon Whitehouse that would increase the criminal penalties for hacking—would "significantly expand a badly outdated Computer Fraud and Abuse Act."

A group of security experts and civil-liberties organizations wrote an open letter Tuesday opposing the Whitehouse amendment, which they say would "alter the CFAA in dangerous and unpredictable ways." They say the change would further put a damper on legitimate computer research and would expand penalties for low-level computer crime.

Burr urged Wyden to reconsider and allow every amendment to receive a vote. "If we can't move forward with a process like that, then it's difficult to see how in a reasonable amount of time, we can complete this agenda," he said.

Wyden’s op­pos­i­tion to CISA at large, which largely stems from his worry that the bill in­cludes in­ad­equate pri­vacy pro­tec­tions, is shared by pri­vacy ad­voc­ates and civil-liber­ties or­gan­iz­a­tions, as well as a grow­ing num­ber of tech com­pan­ies. Prom­in­ent tech as­so­ci­ation CCIA—which rep­res­ents Google, Face­book, Amazon, and oth­ers—came out against the bill last week, as in­di­vidu­al com­pan­ies like Twit­ter, Yelp, and Wiki­me­dia also voiced their op­pos­i­tion.

But their call to op­pose CISA is countered by groups like the U.S. Cham­ber of Com­merce and the Fin­an­cial Ser­vices Roundtable, which have been act­ively lob­by­ing to pass a piece of le­gis­la­tion they say is es­sen­tial to strengthening cy­ber­se­cur­ity for the private sec­tor and gov­ern­ment both.

If the Sen­ate’s cy­ber­se­cur­ity bill were to pass, it still would have to be aligned with two sim­il­ar—but not identic­al—in­form­a­tion-shar­ing bills that passed the House earli­er this year.