The Cybersecurity Information Sharing Act (CISA) was officially approved by the Senate back in October. Since that time, the bill has languished in committee as lawmakers sought to align the Senate bill with the versions passed by the House of Representatives in April.
CISA is designed to allow private companies to easily share threat intelligence with government agencies. Sharing of intelligence is supposed to be voluntary. Critics of the bill say the provisions will only increase the indiscriminate monitoring of legal activity by giving companies immunity from lawsuits for sharing information with the government.
Before the Senate vote, Sen. Rand Paul (R-Ky.) introduced an amendment which would require companies to adhere to their own terms of service with customers. However, this amendment failed after only receiving 32 votes. Senator Paul’s presidential campaign website says that the bill “would transform websites into government spies.”
The bill may face a final vote in the House and the Senate as soon as next week. However, there are reports that the cybersecurity bill could be added as a provision to the budget bill which is supposed to keep the federal government running through 2016.
“It’s either this scenario or we wait until early 2016, and chamber members definitely prefer seeing passage sooner rather than later,” said Matthew Eggers, senior director of the National Security and Emergency Preparedness Department at the U.S. Chamber of Commerce, told USA Today.
Reuters reports that a vote on the budget will happen on Friday before the midnight deadline for funding the federal government. According to Reuters, “lawmakers have been unable to reach agreement on a number of policy ‘riders’ some lawmakers would like to add to the bill.” These “riders” include the CISA provision.
On Wednesday, a coalition of 19 civil liberties groups sent a letter to President Obama and congressional leaders calling for stricter privacy protections and warning that such protections are being “stripped” from the House Homeland Security Committee version of the bill.
“Let me be clear that we do not support any of the three bills and believe that cybersecurity legislation could actually make us more vulnerable to cyber attacks by housing more personal information with government agencies that aren’t good at protecting it,” said Evan Greer, campaign director of Fight for the Future, organizer of the letter. “But, of the three bills, the House Homeland Security Committee’s bill had the strongest privacy protections and was sort of the least terrible.”
Fight for the Future was joined by the American Library Association, Demand Progress, and Free Press Education Fund to FreedomWorks, Campaign for Liberty, and R-Street.
The organizations say that CISA would “reduce privacy protections for Americans’ personal information” and “overexpand the term ‘cyber threat’ to facilitate the prosecution of crimes unrelated to cybersecurity.”
The letter comes one day after The Hill reported on additional changes to the bill. According to the Hill, “it now appears the final language is unlikely to include notable privacy provisions that digital rights and civil liberties groups insist are necessary to reduce the odds the bill enables greater government surveillance.”
The Hill also confirmed that “lawmakers are aiming to vote on the final cyber bill as part of an omnibus budget deal that is expected before the end of the year.”
USA Today reported that House Homeland Security Chairman Michael McCaul “said he would prefer to wait and have a formal conference committee made up of House members and senators negotiate a final bill rather than relying on staff talks to try to speed legislation through Congress in the next few days.”
McCaul told USA Today he warned Republican House leaders that they could lose votes on the 2016 government budget if they attempt to add on CISA without strong privacy protections.
As Truth In Media recently reported, the supposedly “voluntary” aspects of the bill are not voluntary at all and amount to surveillance of private customer information.
“Number one, it’s not voluntary for their customers, millions and millions of customers,” Senator Ron Wyden, a long-time opponent of CISA told the Daily Dot. “And number two, to get the liability protection, the companies have got to say that they didn’t find anything personal and unrelated in a knowing fashion. And that’s going to be a pretty easy bar because they don’t have to do much to look!”