- How to watch Serie A online for free Today 7:30 AM
- What does ‘uwu’ mean? Today 7:00 AM
- How to uninstall the Epic Games Launcher (for real) Today 6:30 AM
- How to watch the Indianapolis 500 online for free Today 6:00 AM
- Ohio KKK rally met with massive counter-protest and witty signs from local businesses Saturday 5:06 PM
- Guy who said he stole drugs from MS-13 now says viral story is fake Saturday 4:07 PM
- Financial service company left 885 million private records exposed online Saturday 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Saturday 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Saturday 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Saturday 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Saturday 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Saturday 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Saturday 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Saturday 6:30 AM
- How to watch the Copa del Rey Final online for free Saturday 5:45 AM
The Senate’s passage of CISA is just the beginning.
A controversial cybersecurity bill touted by business groups and opposed by privacy activists has cleared the Senate, but months of congressional negotiations lie ahead before it can become law.
The Senate voted 74-21 on Tuesday to pass the Cybersecurity Information Sharing Act (CISA), which encourages companies to share data about cyber threats with the government. But because of significant differences between CISA and the two House-passed cybersecurity bills—the Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act—the two houses of Congress must meet in a conference committee to agree on final legislative language.
“We’re going to move at a very slow pace,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.), a CISA cosponsor, told reporters after the vote.
“CISA needs to undergo a near complete makeover to make it palatable from a security and privacy perspective.”
Burr predicted that the conference committee would not produce final legislation until early next year. The Senate and the House must then pass that final bill before it goes to President Barack Obama‘s desk. The White House has already endorsed CISA, and Obama is likely to sign whatever bill emerges from the conference negotiations.
CISA’s opponents hope to use the months-long negotiations to either improve or derail the final bill. Civil-liberties activists worry that the provisions requiring companies and agencies to “scrub” personal information from shared data are too weak to effectively protect Americans’ privacy. Technologists, security experts, and cyber-law professors warn that the legislation would not prevent major cyberattacks like the breaches at Sony Pictures Entertainment and the Office of Personnel Management. Tech companies have also weighed in to oppose CISA in its current form.
Robyn Greene, a policy counsel at New America’s Open Technology Institute, said that Congress should reject any bill that emerges from the conference committee without substantial reforms.
“Congress does need to get serious about real cybersecurity, and CISA just isn’t [it],” Greene wrote in an email to the Daily Dot.
The Senate majority leader and the speaker of the House will appoint conference members from their chambers. Given the subject matter, custom dictates that the chairmen and ranking members of the intelligence committees be part of that group.
CISA’s passage was a landmark moment in a six-year-long campaign to pass cybersecurity legislation. But even the bill’s supporters wasted no time in calling for changes. Two financial-services trade groups asked Congress to remove a provision that requires the Department of Homeland Security to prepare reports on cybersecurity vulnerabilities in critical U.S. infrastructure, arguing that it represented new and burdensome regulation.
Civil-liberties groups aren’t giving up yet, either. Before the final vote on CISA, senators defeated five privacy-minded amendments, including one from Sen. Ron Wyden (D-Ore.) that would have strengthened language in the data-scrubbing provision, and one from Sen. Al Franken (D-Minn.) that would have more narrowly defined key cybersecurity terms. Privacy advocates hope that the conference committee, which will deliberate privately and as a small group, can incorporate some of those changes despite their failure on the Senate floor.
“CISA needs to undergo a near complete makeover to make it palatable from a security and privacy perspective,” Greene said, “but Senator Wyden and [Senator] Franken’s amendments are by far the best because they would have addressed both operational and privacy concerns.”
If the conference committee doesn’t make those changes, CISA opponents could always filibuster the final bill when it returns to the Senate. In the Open Technology Institute’s statement, Greene noted that the Wyden amendment received 41 votes, the bare minimum needed to block the Senate from taking up a bill.
Wyden said in a statement that, despite, the “early, flawed step” of passing CISA, “[t]he fight to secure Americans’ private, personal data has just begun.”
Keith Chu, a Wyden spokesman, said that the senator would continue that fight as the conference committee did its work.
“That’s one of the reasons that Wyden said he wants to keep pushing for stronger privacy protections,” Chu said in an email. “There could be a long conversation between the House and Senate over how to conference the two bills.”
Photo via Matt Tillett/Flickr (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.