Before leaving for a monthlong recess in August, senators set up 22 amendments to get votes alongside the bill. Burr and Feinstein folded a number of amendments that they supported into a manager's package, which tweaked the bill with a limited increase in privacy protections, but left about a dozen others that they did not support to get individual votes.
On Tuesday morning, senators considered a number of amendments that would have bolstered the bill’s privacy protections. The proposed changes would have tightened mechanisms for removing sensitive personal information from the threat indicators that would be shared under the program, specified the kind of information that could be considered threatening enough to be shared, and made certain information available to Freedom of Information Act requests.
The Senate voted down all of the privacy offerings.
The day's votes caught the eye of Edward Snowden, who took to Twitter to push for the privacy changes, and, when they were voted down, to shame the lawmakers who voted against them.
Before taking up the bill and voting on final passage, two more individual amendments got a vote, including an especially controversial change from Sen. Tom Cotton, which proposed extending liability protections to companies that chose to share directly with the FBI and the Secret Service.
Burr and Feinstein said the amendment would undo their work to set up the Department of Homeland Security as the central clearinghouse for shared threat data, a view the White House said it shared in an official policy statement circulated last week.
Cotton's amendment, which Burr called a "deal-killer," was overwhelmingly rejected, 73-22.
Finally, senators took up the manager's amendment and the final bill, and passed both.
IBM, one of the businesses that lobbied in favor of the bill, celebrated its passage. "Today’s vote is a big win for both security and privacy," said Timothy Sheehy, the company's vice president for technology policy affairs. "Sharing technical details on the latest digital threats is critical to strengthening America’s cyber defenses."
At a press conference after the final vote, Burr and Feinstein thanked senators who worked with them on the bill, and lauded the bipartisan nature of its passage. "What we saw in this process is the United States Senate as it's supposed to function," Burr said.
"On occasion, we can defy the common wisdom that we're totally gridlocked here in Washington," added Sen. John McCain.
But privacy groups vowed to keep fighting to boost the privacy protections as the cybersecurity legislation continues through the political process.
"To avoid a veto, whatever emerges from the conference committee must be a bill that meets President Obama’s previous standards," said Nathan White, senior legislative manager at Access, a digital human-rights organization. "The administration’s policy up to this point has been very clear—it has supported CISA's process but expressed concerns that it is currently 'dangerous to cybersecurity.'
"Today’s vote is a disappointment," White added. "But it is not the end of the road."