The U.S. Senate has passed a major cybersecurity bill backed by business groups after rejecting amendments that sought to enhance its privacy protections.
The Cybersecurity Information Sharing Act (CISA) shields companies from liability for sharing cyber-threat data with the federal government. The Senate voted 74-21 in favor of the bill, which is designed to stem the rising tide of corporate data breaches and now must be reconciled with legislation passed earlier this year by the House.
“We are hopeful that the Senate and House can work together expeditiously to send cybersecurity legislation to the president’s desk,” said Lisa Monaco, assistant to President Barack Obama for homeland security and counterterrorism.
The Senate vote was a setback for privacy activists, who believe CISA is a backdoor surveillance bill that benefits the intelligence community. The law allows the Department of Homeland Security to share information gathered in the program with other government agencies, such as the FBI or the National Security Agency.
“The incentive and the framework it creates is for companies to quickly and massively collect user information and ship it to the government,” Mark Jaycox, a legislative analyst for the civil liberties group the Electronic Frontier Foundation, told Wired. “As soon as you do, you obtain broad immunity, even if you’ve violated privacy law.”
Before passing the bill, senators rejected amendments that would have narrowed the definition of “cybersecurity threat” and require more stringent reviews by companies to remove personal information before sharing data with the government.
CISA’s supporters argue that critics’ privacy concerns are misunderstandings, pointing out that the corporate information-sharing is voluntary.
According to Wired, the latest form of CISA is less privacy-protective than the version of the bill known as the Protecting Cyber Networks Act that passed the House Intelligence Committee in March.