Congress finally passed the bill to address Internet data breaches and cybersecurity, after years of delay and false starts. The Senate has been debating the Cybersecurity Information Sharing Act (S.754), or CISA, and finally, on October the 27th, had all the votes it needed to pass.
The CISA bill, which claims the legislation, disguised as a surveillance bill that provides government intelligence agencies, such as the National Security Agency, with loopholes to get access to personal information of users and has been criticized by civil rights groups and some companies in the technology industry.
The bill had a number of groups and companies that supported it, such as industry groups, many lawmakers, and the White House. They believed the legislation was necessary due to all the recent cyberattacks on companies and government agencies.
A provision in CISA that focuses on concern to privacy groups, which allows for the direct sharing of information with agencies without the Department of Homeland Security doing its traditional lead role in this regard. A Democrat from Minnesota, Senator Al Franken, received a letter in July from the DHS, that opposed the provision saying it would be inefficient and affect the privacy of users.
Another group that supports the sharing of cyber threat information with the federal government is the administration of President Barack Obama. They said they would support it going through the DHS and then disseminated in real time to other agencies with appropriate privacy protections. There’s been some concern that current DHS privacy protections won’t be applied to the information. Privacy groups have criticized the provision for real-time sharing.
The Senate assembled and considered amendments to the bill, which has been proposed by both opponents and backers. A Democrat from Oregon and a strong privacy advocate, Senator Ron Wyden, has proposed an amendment to improve the requirements of removing personal information from cyber threat indicators before sharing.
On another note, Senator Tom Cotton, a Republican from Arkansas pushed a liability protection for businesses that share cyber threats with the Federal Bureau of Investigation and he Secret Service. The amendment will prove to be divisive and run counter to the views of the Obama administration and those of privacy advocates over the intermediary role of the DHS.
Cotton wants businesses to continue “to maintain their existing channels for sharing without incurring significant costs and delays to establish new ones with DHS.” These businesses being those that have established threat-sharing relationships with the FBI or Secret Service.
An advocacy group opposed to CISA, Fight For the Future, said in a Reddit AMA (Ask Me Anything) that “fortunately, CISA isn’t law yet, but it will have its final Senate vote this week and we need a dozen more senators to vote against it.” Unfortunately for them, after considering the amendments, the Senate approved and passed the bill; 74% yes to 21% no, leaving 5% not voting.
Content originally published here