After the Senate voted on Thursday to permit debate to move forward on cyber security legislation and then rejected a privacy amendment to the bill, Majority Leader Mitch McConnell (R-Ky.) set next Tuesday for votes an additional amendments and then final passage of the Cybersecurity Information Sharing Act (CISA).
The bill has strong bipartisan support with the cloture vote passing 83-14.
The chief sponsors of CISA (S. 754), Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and vice-chairman respectively of the Senate Intelligence Committee, have agreed to oppose all amendments offered to preserve the “delicate balance” that has garnered support from key private sector organizations, Burr said on the Senate floor.
Burr said that any changes to the bill will upset the comfort level of businesses across the country and then “we won’t have a successful information sharing bill.”
One of the key aims of CISA and similar legislation in the House is to promote the sharing of cyber threat indicators between the private sector and the federal government and among private companies to improve situational awareness around cyber threats. To do this, the bills provide liability protections to companies that are willing on a voluntary basis to share these indicators with the government. However, a concern among opponents of the various bills is that these bills don’t go far enough to prevent personal data of American citizens from being shared.
The amendment rejected by the Senate on Thursday by a vote of 65-32 was introduced by Sen. Rand Paul (R-Ky.) to prohibit liability immunity to apply to private entities that break user or privacy agreements in place with their customers. Paul argued that CISA “weakens privacy protections,” adding that the federal government doesn’t have a good track record of protecting the data of its citizens and that his amendment “gives clarity to what information is shared with the government and protect the privacy agreement” in place between companies and their customers.
Feinstein, ahead of the vote on Paul’s amendment, said it is a “bill killer” and that the United States Chamber of Commerce and numerous other industry associations oppose it. Paul replied that many technology companies oppose CISA as it currently stands.
On Tuesday the Senate will begin voting on six amendments at 11 a.m. and then take up two more at 4 p.m. before proceeding with a vote on a substitute amendment—basically a rewrite of the bill since it was first approved by the Intelligence Committee in March—authored by Burr and Feinstein to include what they say were acceptable additions and modifications that still maintain broad support for the legislation.
If the substitute is agreed to, then another cloture vote is scheduled before a vote on the final bill would occur.
The amendments to be debated and voted on Tuesday include: Sen. Ron Wyden (D-Ore.) to remove personal information from cyber threat indicators before they are shared; Sen. Dean Heller (R-Nev.) to protect certain personal information; Sen. Patrick Leahy (D-Vt.) to strike a Freedom of Information Act Exemption; Sen. Jeff Flake (R-Ariz.) to terminate provisions of CISA after six years; Sen. Al Franken (D-Minn.) to improve definitions of cyber security threat and cyber threat indicator; Sen. Chris Coons (D-Del.) to remove certain personal information from homeland security cyber threat indicators and countermeasures; and Sen. Tom Cotton (R-Ark.) to exempt from the capability and process within the Department of Homeland Security communication between a private entity and the FBI or Secret Service regarding cyber security threats.