The US Senate voted to pass the controversial Cybersecurity Information Sharing Act (CISA) on Tuesday in a 74 to 21 vote despite the opposition of many heavyweight tech companies and security experts who have said it undermines several privacy and security principles.
Similar to the Cyber Intelligence Sharing and Protection Act which failed to pass the Senate, CISA is aimed at improving the ability of federal agencies to respond to cyber security incidents by allowing for greater collection and sharing of information about threats. It also offers legal protection to private firms that share information on the attacks they see hitting their systems.
Tech companies including Apple, Dropbox and Twitter have come out against CISA.Dozens of organizations and security experts have stated that, if passed, it wouldn’t have a meaningful effect on cybersecurity, and some of its provisions would be detrimental to security and privacy.
On Tuesday, Senators voted on amendments aimed at addressing some of the more controversial aspects of the bill including one that would provide a more specific definition of “cybersecurity threat” and “threat indicators” covered by the bill. Another amendment put forth by Sen. Ron Wyden would have required companies to remove personal data from cyber threat “indicators” before sharing them with authorities unless that personal information is needed in describing or identifying the threat. However, these amendments and two other amendments were voted down on Tuesday.
CISA was sponsored by Senate Select Committee on Intelligence (SSCI) Chairman Richard Burr and Vice Chairman Dianne Feinstein, who have contended that the bill “helps protect Americans’ personal privacy by taking steps to stop future cyber-attacks before they happen.”
Reminding the public of major recent security incidents involving health insurer Anthem, Sony, and the Office of Personnel Management, Sen. Burr said, “American businesses and government agencies face cyber-attacks on a daily basis. We cannot sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information.”
He continued, “This legislation gives the government and US companies new voluntary collaborative tools so that they can work together against hackers that have been all too successful at stealing the personal information of millions of Americans for years.”
Sen. Feinstein said, “This bill will allow companies and the government to voluntarily share information about cyber threats and the defensive measures they can implement to protect their networks. We took every step we could to satisfy privacy concerns. There’s a lot more work ahead, including conferencing the final legislation, but I believe this is a very good bill that reflects consensus on a very complicated issue.”
With CISA approved by the Senate, digital rights groups such as Fight for the Future are calling on a presidential veto to halt the bill.