The Senate on Tuesday took up a controversial cybersecurity bill that has drawn the ire of privacy advocates.
Senate Majority Leader Mitch McConnell moved to open debate on the Cybersecurity Information Sharing Act, or CISA, which would encourage private companies to share information about cyberthreats with each other and with the federal government.
“We intend to pass the cybersecurity bill,” McConnell told reporters Tuesday. “It enjoys significant bipartisan support, and we think it’s important. And we intend to see it through to completion hopefully early next week.”
Supporters say the bill would be a crucial tool for thwarting increasingly damaging cyberattacks, like the ones on Sony Pictures and the Office of Personnel Management. But privacy advocates warn it could give the National Security Agency access to vast new amounts of personal information on Americans.
Before leaving for the August recess, senators reached an agreement to vote on the bill as well as 22 amendments, which touch on everything from privacy protections for individuals to liability protections for companies. The vote, however, was postponed, as the Senate dealt with other time-sensitive issues like the debt ceiling and President Obama’s nuclear deal with Iran.
With no time agreement, voting on 22 amendments could take far more time than the Senate has to spare. For that reason, the bill’s co-sponsors, Sens. Richard Burr and Dianne Feinstein—chairman and ranking member of the Senate Intelligence Committee, respectively—worked with other senators to bundle a number of amendments together into a single “manager’s” amendment.
Burr and Feinstein packed eight of the other proposed amendments into their manager's amendment, leaving the rest to receive individual votes. Burr said that he and Feinstein decided those amendments improved their bill and that they had agreed to oppose the rest.
The co-sponsors also added six changes that were not a part of the unanimous-consent agreement, a spokesman for Feinstein said Tuesday.
"Let's end this process in a matter of days," Burr said on the Senate floor. "We've proposed to vote on every amendment."
But when the Intelligence Committee chairman asked for unanimous consent to vote on the bill and its amendments on Thursday, he was stopped by Sen. Ron Wyden, a leading critic of CISA. Wyden said one of the amendments—a change put forward by Sen. Sheldon Whitehouse that would increase the criminal penalties for hacking—would "significantly expand a badly outdated Computer Fraud and Abuse Act."
A group of security experts and civil-liberties organizations wrote an open letter Tuesday opposing the Whitehouse amendment, which they say would "alter the CFAA in dangerous and unpredictable ways." They say the change would further put a damper on legitimate computer research and would expand penalties for low-level computer crime.
Burr urged Wyden to reconsider and allow every amendment to receive a vote. "If we can't move forward with a process like that, then it's difficult to see how in a reasonable amount of time, we can complete this agenda," he said.
Wyden’s opposition to CISA at large, which largely stems from his worry that the bill includes inadequate privacy protections, is shared by privacy advocates and civil-liberties organizations, as well as a growing number of tech companies. Prominent tech association CCIA—which represents Google, Facebook, Amazon, and others—came out against the bill last week, as individual companies like Twitter, Yelp, and Wikimedia also voiced their opposition.
But their call to oppose CISA is countered by groups like the U.S. Chamber of Commerce and the Financial Services Roundtable, which have been actively lobbying to pass a piece of legislation they say is essential to strengthening cybersecurity for the private sector and government both.
If the Senate’s cybersecurity bill were to pass, it still would have to be aligned with two similar—but not identical—information-sharing bills that passed the House earlier this year.