The Senate has soundly defeated an amendment, the Paul Amendment, that backers of the Cybersecurity Information Sharing Act (CISA), which include cable operators and major financial services firms, said would have weakened liability protections and discouraged participation.
Those protections shield companies from lawsuits for inappropriate sharing of information with each other and the government so long as it was inadvertent. Given that the cyber threat sharing allowed by the bill is voluntary, that shield is meant to encourage companies to participate.
CISA would make it easier for business-to-business, business-to-government, and government-to-business sharing of cyber threat information, with the Department of Homeland Security overseeing an automatic "portal" through which the information will pass, and ostensibly be scrubbed of any personal information that was not scrubbed by the companies, save for that information crucial to identifying and addressing the threat.
The vote was 65-32 against as the Senate continued to vote on amendments to the bill, which likely will not get a final vote until next week.
"The Paul Amendment would throw into doubt a firm’s liability protections for even an inadvertent violation of a terms of service or privacy agreement, and could subject the company to loss of its liability protections, leaving businesses open to litigation," the Financial Services Roundtable—banks, credit card companies, lenders—had argued before the vote in arguing the amendment be defeated.