The Senate will finally vote on a controversial information-sharing bill in a matter of days, but objections from Silicon Valley’s biggest corporations could keep Congress once again from approving a legislative effort to stymie cyberattacks through public-private partnership.
Sen. Richard Burr, a North Carolina Republican and co-sponsor of the Cybersecurity Information Sharing Act (CISA), said Thursday that lawmakers could vote on an amendments package early next week that would then bring the full bill to the attention of the Senate.
But opponents of the bill now include trade groups representing Apple, Facebook, Google, Microsoft, eBay and Amazon, and critics claim passage would put too much of their customers’ personal data into the heads of the government for the sake of cybersecurity.
As written, CISA allows private sector companies to voluntarily share cyber-threat indicators with the federal government without risking liability. According to its authors, this information sharing would help experts with the Department of Homeland Security and other agencies stay on-top of the cyberattacks consistently waged against American targets.
The bill would “help protect Americans’ most private and personal information,” Senate Majority Leader Mitch McConnell, Kentucky Republican, said this week. “It contains modern tools that cybersecurity experts tell us could help prevent future attacks against both the public and private sectors.”
On Thursday, the chamber voted 83-14 for cloture, easily moving the bill past a procedural hurdle following a series of setbacks. But despite routine high-profile hacks like those suffered by the Office of Personnel Management and, more recently, CIA Director John Brennan and Jeh Johnson, the director of the Department of Homeland Security, lawmakers have been unable to get cybersecurity legislation on the books due to ongoing legislative roadblocks.
Testifying in the House one day earlier, Mr. Johnson endorsed CISA as “a good piece of legislation” and urged the Senate to pass it already and send it to a conference with a House version that’s already been approved.
But while the OPM breach and other recent cyberattacks nearly gave CISA the support it needed before summer recess put a pause on congressional debates up until now, new criticism courtesy of the biggest companies in tech could keep the bill from passing during next week’s vote.
Sen. Bernard Sanders, a Vermont independent and a Democratic presidential candidate, voted against cloture. On Twitter, he explained that “Our civil liberties and right to privacy shouldn’t be the price we pay for security.”
Sen. Rand Paul, a Kentucky Republican and a GOP presidential candidate, also said on Thursday that he thinks the bill weakens privacy protections. He attempted, unsuccessfully, to tack on an amendment that would have stripped immunity from companies that violate their own privacy agreements by participating in the info-exchange.
Although tech companies can decide one by one if they want to share information with the feds through CISA, critics, including Mr. Paul, have objected because that decision ultimately comes down to corporations, not customers.
Now with privacy advocates and tech companies raising similar concerns over the protection of user data under CISA, support for the bill has suddenly waned after the OPM breach and other cyberattacks nearly allowed for passage prior to the summer recess.
“Any company in America that chooses not to participate doesn’t have to, but to deny everybody who would like to participate is wrong,” Mr. Burr said on Thursday.
Activism groups are planning to protest CISA outside the U.S. Capitol Building later on Thursday.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.