US Senate passes controversial CISA bill

US Senate passes CISA bill while rejecting all CISA amendments designed to protect privacy

The US Senate yesterday voted to pass the controversial Cybersecurity Information Sharing Act (CISA). However it rejected all the five amendments to it. The five amendments, which would have restrained law enforcement from abusing the bill’s powers as well as made corporations more accountable for their roles in protecting consumer information were rejected by a majority vote.

The CISA bill passed the Senate with a 74 – 21 vote (it needed 60). It must now do the same in the House before being either signed into law or vetoed by the President.

CISA is the Senate version of the House’s equally-unpopular CISPA bill that passed earlier this year in a 288-127 vote but which the Senate has refused to take up. CISA, was reintroduced by the Senate Select Committee on Intelligence after massive Sony hack attack earlier this year.

CISA compels companies to share information regarding cyber-attacks with one another and the government. This has riled the privacy advocates and a number of tech companies, who contend that the initiative would allow the government to more easily spy on Americans.

The amendments

The Wyden Amendment, put forth by Sen. Ron Wyden (D-OR) that required companies to remove any personally identifiable information (PII) so long as it doesn’t relate to the investigation at hand and its removal does not hinder law enforcement efforts was rejected with a vote of 41 – 55.

Senator Heller had an amendment that was basically a backstop against the Wyden amendment, saying that if the Wyden amendment didn’t pass, Homeland Security would be responsible for removing such personal information. That amendment also failed by a 49 to 47 vote. Senator Leahy had an amendment that would have removed FOIA exemptions in the bill (making it much less transparent how CISA was used). That amendment was voted down 59 to 37. Senator Franken then had an amendment that would have “tightened” the definition of cybersecurity threats, so that the shared information needed to be “reasonably likely” to cause damage, as opposed to the current “may” cause damage. And (you guess it, because you’re good at this), it was also voted down by a 60 to 35 vote.


Please enter your comment!
Please enter your name here