A controversial cybersecurity bill will likely be debated on the Senate floor Tuesday, Democratic leaders told Motherboard.
The Cybersecurity Information Sharing Act (CISA) is similar in intent to Cybersecurity Information Sharing and Protection Act (CISPA), a bill that has been introduced on Capitol Hill for four years without ever being passed because of severe backlash about its privacy provisions. The Senate has never voted on CISA or any of its prior incarnations—the bill has been too politically toxic to touch.
CISPA has passed the Republican-controlled House of Representatives twice, so the Senate has been considered the main holdup. The fact that it's finally being debated by the full chamber is notable and makes it the closest the bill has ever been to passage.
"Republican Senate leaders appear intent on pushing ahead with this flawed cyber bill, despite a surge of opposition"
A spokesperson for Sen. Ron Wyden (D-Oregon), the highest-ranking Senate Intelligence Committee member to oppose the bill, told Motherboard it looks like the bill may finally get a vote.
"All indications are CISA will be up after the immigration bill fails this afternoon," the spokesperson told me.
Similarly, in recent weeks major technology companies have come out strongly against CISA, which would allow companies and the federal government to share information about perceived cybersecurity threats. The bill would let the government give companies classified information about potential threats but would also open up channels for private companies to funnel user data to law enforcement.
The information sharing provision is the crux of the bill, and it's the part that has privacy-focused organizations most concerned. The bill incentivizes companies to funnel information to local law enforcement and the Department of Homeland Security, which must share the information with the National Security Agency "in real time."
Many lawmakers no longer look at CISA as being politically toxic as recent high profile breaches such as the Sony hack, the T-Mobile/Experian hack, Ashley Madison hack, and the Office of Personnel Management hack have emboldened the bill's sponsors, Richard Burr (R-North Carolina) and Dianne Feinstein (D-California), to push for its passage. The switch to a Republican-controlled Senate could help push it through as well, as conservatives have traditionally been more supportive of the bill.
Opposition to the bill continued Tuesday: Twitter came out against it, as have Yelp, Reddit, and Wikipedia. Last week, the Computer and Communications Industry Coalition, which represents Google, Facebook, Yahoo, Amazon, and many others, also slammed the bill.
"[CISA] does not sufficiently protect users' privacy or appropriately limit the permissible uses of information shared with the government," CCIA wrote in a blog post. The "system should not come at the expense of users' privacy, need not be used for purposes unrelated to cybersecurity, and must not enable activities that might actively destabilize the infrastructure the bill aims to protect."
Wyden told Motherboard in an emailed statement that opposition from privacy groups, technology companies, and hundreds of thousands of internet users have been helpful in slowing down the bill's progress, and that he hopes it will ultimately kill the bill.
"Republican Senate leaders appear intent on pushing ahead with this flawed cyber bill, despite a surge of opposition from the people and companies who know best," Wyden said. "CISA won't stop sophisticated hacks, but it will create a big new threat to the privacy of millions of individual Americans. And the netroots, respected technologists and tech companies have clearly said that they do not support it."