Senate CISA Passage Draws Mixed Response
The closely watched cybersecurity bill easily passed in the Senate on Tuesday, to the cheers of multiple industries, despite technology advocates' efforts to quash it. At least one technology group, however, is holding out hope that the legislation can be fixed.
One of the most controversial cybersecurity bills in years just coasted through the Senate, and groups on both sides of the debate around the bill are hoping to get in the last word.
The Cybersecurity Information Sharing Act (CISA) easily passed the Senate by a margin of 74-21 on Tuesday afternoon, despite a wave of opposition that rose up in the days before the vote.
Those who favor the measure, including players in the retail, financial, and industrial sectors, were quick to applaud the end result, which they believe will protect American consumers and companies by improving sharing of cybersecurity-threat information between businesses and the federal government.
“This bill will improve efforts to defend against cyber criminals and better protect consumer financial data,” Tim Pawlenty, the president and CEO of the Financial Services Roundtable, said in a statement. “We applaud the Senate for its efforts and urge both the House and Senate to resolve their differences in a conference committee.”
And Nicholas Ahrens, the Retail Industry Leaders Association’s vice president of privacy and cybersecurity, said it was essential that the House and Senate quickly come to an agreement in a conference committee so that the legislation can be sent to the president to sign. (Both chambers have crafted versions of the bill and must iron out differences between them.)
“Today was a win for retailers and those committed to stepping up the fight against overseas hackers and cyberthieves targeting American businesses and our customers,” Ahrens said in his statement. “Cyber-attacks are not going away; in fact, hackers are only growing more sophisticated in their ability to attack businesses, institutions, and governments.”
Interest in CISA is fairly high even outside of the world of technology, as reflected by the National Electrical Manufacturers Association’s (NEMA) endorsement of lawmakers’ decision to pass legislation.
“Congress has taken an important first step by passing information-sharing legislation, but there is more work to be done to protect against cyber- and physical threats. We look forward to working with Congress and the administration as they do so,” NEMA President and CEO Kevin J. Cosgriff said in a statement.
Tech Groups: Can CISA Be Salvaged?
Those words of praise were not echoed by technology-focused organizations such as the Electronic Frontier Foundation (EFF) and the Computer & Communications Industry Association (CCIA). While both groups agree that the version that the Senate approved is problematic, the two differ over whether it could be improved before it reaches President Obama. Taking an optimistic view a couple of weeks before the Senate vote, CCIA said that while it could not support the bill as is, because it does not adequately protect people’s privacy and sufficiently limit how the government could use shared data, the organization thinks it can be improved and hopes to work with Congress on this process.
EFF, though, called the bill “fundamentally flawed” and said there was no turning back.
“The conference committee between the House of Representatives and the Senate will determine the bill’s final language. But no amount of changes in conference could fix the fact that CISA doesn’t address the real cybersecurity problems that caused computer data breaches like Target and the U.S. Office of Personnel Management (OPM),” EFF’s Mark Jaycox said in a blog post.
EFF’s stance is shared by government whistle-blower Edward Snowden, who argues that the very name of the bill is misleading.
“CISA isn’t a cybersecurity bill. It’s not going to stop any attacks. It’s not going to make us any safer. It’s a surveillance bill,” Snowden wrote in a comment on Reddit at the behest of the advocacy group Fight for the Future. “What it allows is for the companies you interact with every day—visibly, like Facebook, or invisibly, like AT&T—to indiscriminately share private records about your interactions and activities with the government.”