Cybersecurity Bill Nears Crucial Senate Vote

Senate Intelligence Committee Chairman Sen. Richard Burr, R-N.C., right, confers with committee Vice-Chair. Sen. Dianne Feinstein, D-Calif., center, and committee member Sen. Ron Wyden, D-Ore., on Capitol Hill.

Senate Intelligence Committee Chairman Sen. Richard Burr, R-N.C., right, confers with committee Vice-Chair. Sen. Dianne Feinstein, D-Calif., center, and committee member Sen. Ron Wyden, D-Ore., on Capitol Hill. Pablo Martinez Monsivais/AP

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Stay Ahead of the Latest Threats with Intelligence-driven Security Operations
Presented By Google Cloud
Download Now
Strengthening cloud security for federal agencies
Presented By Wiz
Download Now
Kaveh Waddell By Kaveh Waddell,
National Journal

By Kaveh Waddell,
National Journal

|

Privacy advocates warn CISA could funnel more private information into the hands of NSA.

The Sen­ate on Tues­day took up a con­tro­ver­si­al cy­ber­se­cur­ity bill that has drawn the ire of pri­vacy ad­voc­ates.

Sen­ate Ma­jor­ity Lead­er Mitch Mc­Con­nell moved to open de­bate on the Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act, or CISA, which would en­cour­age private com­pan­ies to share in­form­a­tion about cy­ber­threats with each oth­er and with the fed­er­al gov­ern­ment.

“We in­tend to pass the cy­ber­se­cur­ity bill,” Mc­Con­nell told re­port­ers Tues­day. “It en­joys sig­ni­fic­ant bi­par­tis­an sup­port, and we think it’s im­port­ant. And we in­tend to see it through to com­ple­tion hope­fully early next week.”

Sup­port­ers say the bill would be a cru­cial tool for thwart­ing in­creas­ingly dam­aging cy­ber­at­tacks, like the ones on Sony Pic­tures and the Of­fice of Per­son­nel Man­age­ment. But pri­vacy ad­voc­ates warn it could give the Na­tion­al Se­cur­ity Agency ac­cess to vast new amounts of per­son­al in­form­a­tion on Amer­ic­ans.

Be­fore leav­ing for the Au­gust re­cess, sen­at­ors reached an agree­ment to vote on the bill as well as 22 amend­ments, which touch on everything from pri­vacy pro­tec­tions for in­di­vidu­als to li­ab­il­ity pro­tec­tions for com­pan­ies. The vote, however, was post­poned, as the Sen­ate dealt with oth­er time-sens­it­ive is­sues like the debt ceil­ing and Pres­id­ent Obama’s nuc­le­ar deal with Ir­an.

With no time agree­ment, vot­ing on 22 amend­ments could take far more time than the Sen­ate has to spare. For that reas­on, the bill’s co-spon­sors, Sens. Richard Burr and Di­anne Fein­stein—chair­man and rank­ing mem­ber of the Sen­ate In­tel­li­gence Com­mit­tee, re­spect­ively—worked with oth­er sen­at­ors to bundle a num­ber of amend­ments to­geth­er in­to a single “man­ager’s” amend­ment.

Burr and Fein­stein packed eight of the oth­er pro­posed amend­ments in­to their man­ager’s amend­ment, leav­ing the rest to re­ceive in­di­vidu­al votes. Burr said that he and Fein­stein de­cided those amend­ments im­proved their bill and that they had agreed to op­pose the rest.

The co-spon­sors also ad­ded six changes that were not a part of the un­an­im­ous-con­sent agree­ment, a spokes­man for Fein­stein said Tues­day.

“Let’s end this pro­cess in a mat­ter of days,” Burr said on the Sen­ate floor. “We’ve pro­posed to vote on every amend­ment.”

But when the In­tel­li­gence Com­mit­tee chair­man asked for un­an­im­ous con­sent to vote on the bill and its amend­ments on Thursday, he was stopped by Sen. Ron Wyden, a lead­ing crit­ic of CISA. Wyden said one of the amend­ments—a change put for­ward by Sen. Shel­don White­house that would in­crease the crim­in­al pen­al­ties for hack­ing—would “sig­ni­fic­antly ex­pand a badly out­dated Com­puter Fraud and Ab­use Act.”

A group of se­cur­ity ex­perts and civil-liber­ties or­gan­iz­a­tions wrote an open let­ter Tues­day op­pos­ing the White­house amend­ment, which they say would “al­ter the CFAA in dan­ger­ous and un­pre­dict­able ways.” They say the change would fur­ther put a damper on le­git­im­ate com­puter re­search and would ex­pand pen­al­ties for low-level com­puter crime.

Burr urged Wyden to re­con­sider and al­low every amend­ment to re­ceive a vote. “If we can’t move for­ward with a pro­cess like that, then it’s dif­fi­cult to see how in a reas­on­able amount of time, we can com­plete this agenda,” he said.

Wyden’s op­pos­i­tion to CISA at large, which largely stems from his worry that the bill in­cludes in­ad­equate pri­vacy pro­tec­tions, is shared by pri­vacy ad­voc­ates and civil-liber­ties or­gan­iz­a­tions, as well as a grow­ing num­ber of tech com­pan­ies. Prom­in­ent tech as­so­ci­ation CCIA—which rep­res­ents Google, Face­book, Amazon, and oth­ers—came out against the bill last week, as in­di­vidu­al com­pan­ies like Twit­ter, Yelp, and Wiki­me­dia also voiced their op­pos­i­tion.

But their call to op­pose CISA is countered by groups like the U.S. Cham­ber of Com­merce and the Fin­an­cial Ser­vices Roundtable, which have been act­ively lob­by­ing to pass a piece of le­gis­la­tion they say is es­sen­tial to strength­en­ing cy­ber­se­cur­ity for the private sec­tor and gov­ern­ment both.

If the Sen­ate’s cy­ber­se­cur­ity bill were to pass, it still would have to be aligned with two sim­il­ar—but not ident­ic­al—in­form­a­tion-shar­ing bills that passed the House earli­er this year.

NEXT STORY: DHS chief defends China cyber accord