There was immediate and voluminous reaction to the Senate passage Tuesday (Oct. 27) of S. 754, the Cybersecurity Information Sharing Act and, at its extremes, it could not have been more polarized for a bipartisan bill that passed 74 to 21.
The Act would make it easier to share cybersecurity information with the government and vice versa, and would shield companies from lawsuits for inadvertent sharing of sensitive data as a way to incentivize their participation in what is a voluntary program. The bill must still be conferenced with a different version of the bill that passed the House earlier this year.
“This landmark bill finally better secures Americans private information from foreign hackers,” said Sen. Richard Burr (R-N.C.), chairman of the Senate Intelligence committee and co-sponsor of the bill. “American businesses and government agencies face cyber-attacks on a daily basis. We cannot sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information as we saw in the Office of Personnel Management, Target, and Sony hacks. This legislation gives the government and U.S. companies new voluntary collaborative tools so that they can work together against hackers that have been all too successful at stealing the personal information of millions of Americans for years.
One of the 21 who voted against the bill was Sen. Ed Markey (D-Mass.), who said the bill opens a floogate that "jeopardizes" privacy" and puts personal data at risk. "“While the Senate should enact strong cybersecurity legislation, it should not come at the expense of the privacy of the American people," he said.
“This vote will go down in history as the moment that lawmakers decided not only what sort of Internet our children and our children’s children will have, but what sort of world they will live in," said Fight for the Future, which had been fighting hard against the bill. "Every Senator who voted for CISA has voted for a world without freedom of expression, a world without true democracy, a world without basic human rights."
“CISA won’t prevent cyberattacks like the Office of Personnel Management breach and other high-profile incidents cited by its sponsors," said Sari Feldman of the American Library Association. "It will, however, weaken the privacy of millions of Americans and expose library and other computer systems to potentially damaging “defensive measures.” Sadly, with CISA, Congress has again traded civil liberty for a mirage of security.”
Sen. Mark R. Warner (D-Va.), a member of the Senate Intelligence Committee, applauded passage, which he said would strengthen cybersecurity by encouraging voluntary sharing of information while protecting privacy and civil liberties.
The bill includes an amendment Warner co-sponsored that would help the Office of Homeland Security better protect .gov Web sites (like the FCC's site).
“This bill will improve efforts to defend against cyber criminals and better protect consumer financial data,” said Financial Services Roundtable President Tim Pawlenty. “We applaud the Senate for its efforts and urge both the House and Senate to resolve their differences in a conference committee.”
The Information Technology Industry Council signaled the conference process would be a chance to further tweak the bill.
“The Senate’s passage of a cyber-threat information sharing bill represents an important step in the congressional process toward achieving these goals," ITIC said in a statement. "We see a key opportunity for bill sponsors and conferees in the House and Senate to come together to address outstanding concerns and send a final bill to the President that best achieves our shared goal of promoting greater cybersecurity.”
"CISA will bring a much-needed cybersecurity framework between the government and private sector, without granting the government any new authority to monitor or censor private networks," said the National Association of Manufacturers.
"This measure breaks down barriers between government and private industry, enabling them to voluntarily share key information about cyber threats without the fear of costly liability suits," said Sen. Roy Blunt (R-Mo.) "At the same time, the bill ensures Americans’ privacy is protected by requiring both groups to remove any personally identifiable information, and increasing public oversight.