All but one of the 15 members of the U.S. Senate Intelligence Committee voted in favor of a cybersecurity bill Thursday. The measure would allow government agencies such as the Department of Homeland Security to exchange information with private companies about data breaches and hacking threats.
Called the Cybersecurity Information Sharing Act of 2015 (CISA), the bill would give companies that share data about threats liability protections, allowing them to report more information about cyberthreats to the public. The bill’s lone opponent, Sen. Ron Wyden, D-Ore., said that cyberattacks were “a serious problem,” but that CISA will further enable the U.S. intelligence community to spy on Americans.
“It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens,” Wyden said in a statement. “If information-sharing legislation does not include adequate privacy protections, then that’s not a cybersecurity bill -- it’s a surveillance bill by another name.”
Similar objections by the White House and other Democrats had held up the bill for weeks. Wyden’s fellow members of the Intelligence Committee claimed concessions had been made to address privacy concerns.
Sen. Dianne Feinstein, D-Calif., the committee’s vice chairman, said the bill had been amended about 15 times to ensure greater privacy for Americans, with 12 of these amendments making it into the measure as it stands today. “This has been a long road,” the Hill quoted Feinstein as saying.
In the area of privacy, the bill would not allow companies to instantly share data with intelligence agencies -- instead, they would have to go through the Department of Homeland Security, which is considered a civilian agency.
Sen. Richard Burr, R-N.C., the committee’s chairman, called the passage of the bill “historic,” saying CISA might have “minimized” the damage of data breaches at Anthem Inc. and Home Depot Inc. had it been in place before those attacks. At the very least, it “would have made sure that elsewhere in the industry, there wouldn’t have been a threat because federal government would have responded,” the Hill quoted Burr as saying.
The committee will bring the bill to the floor for a vote this spring.