- Lyft received a whopping 7 sexual assault lawsuits in a day Wednesday 10:00 PM
- High school reopens investigation into Nazi salute video after other racist videos emerge Wednesday 7:14 PM
- Facebook content moderators continue to suffer from brutal working conditions Wednesday 5:58 PM
- #RIPReese: Man bullied for relationship with trans woman dies by suicide Wednesday 4:46 PM
- Redaction error reveals ICE is paying Palantir $49 million Wednesday 4:25 PM
- People are using social media to raise awareness about the Amazon fires Wednesday 4:24 PM
- How to watch ‘Detective Pikachu’ right now Wednesday 3:56 PM
- Walmart is suing Tesla over fires at stores with solar panels Wednesday 3:44 PM
- Jeremy Renner asks nicely for Sony to let Spider-Man back in the MCU Wednesday 2:51 PM
- The best and safest torrenting sites you should be using in 2019 Wednesday 2:47 PM
- ‘Beyoncé’s Assistant for a Day’ creator is releasing more games on storytelling app Yarn Wednesday 1:54 PM
- Why does everyone keep falling for that Instagram and Facebook hoax? Wednesday 1:46 PM
- A bunch of celebrities fell for that viral Instagram hoax Wednesday 1:17 PM
- Former Die Antwoord crew member says video shows ‘homophobic attack’ Wednesday 1:13 PM
- How to stream all the MLS Rivalry Week matches Wednesday 1:13 PM
Senate votes to move ahead with CISA, a controversial cybersecurity bill
Privacy groups worry that the bill will expose more sensitive information to hackers.
The Senate on Thursday cleared the first hurdle toward passing a controversial cybersecurity bill championed by pro-business groups and condemned by civil-liberties advocates and leading tech companies as detrimental to Americans’ privacy.
The upper chamber voted 83-14 to end debate and advance the Cybersecurity Information Sharing Act (CISA), which would let businesses share data about cyber threats with the government. A final vote on the bill is expected early next week.
A growing wave of cyberattacks in recent years has heightened concerns about weak cybersecurity practices, prompting Congress to consider new ways to spot these attacks before they begin. But CISA faces fierce criticism from a broad coalition of privacy advocates over concerns that businesses will expose their users’ personal information when they share threat data with the U.S. government. The bill contains a provision requiring companies to scrub such information, but civil-liberties groups argue that its language is not stringent enough.
“Everyone is for ‘cybersecurity,’ but that’s not what this bill is about,” Nathan White, senior legislative manager at the civil-society group Access, said in a statement. “This bill is being sold as security, but it’s a backdoor to surveillance. The more people learn about the bill, the more the opposition grows.”
Senate Intelligence Committee Chairman Richard Burr (R-N.C.), the bill’s co-sponsor, on Wednesday dismissed criticisms of the bill as “a sign of ignorance or a sign that [critics are] being disingenuous.”
But Sen. Ron Wyden (D-Ore.), CISA’s chief congressional opponent, insisted that Burr and other supporters were masking the bill’s true nature.
“This isn’t a cybersecurity bill,” Wyden said on the Senate floor on Thursday. “This is yet another surveillance bill. The Senate is again missing another opportunity to do this right and promote both security and liberty.”
Wyden introduced an amendment to rewrite the privacy provision, which currently directs any company sharing cyber threat data to scrub from the data:
“any information…that the [company] knows at the time of sharing to be personal information of or identifying a specific person not directly related to a cybersecurity threat.”
Wyden’s amendment would instead direct companies to scrub:
“any personal information of or identifying a specific individual that is not necessary to describe or [identify] a cybersecurity threat.”
The new language would emphasize preserving information that companies believe is directly related to cyber threats rather than focusing on deleting information that is found to be unrelated—creating a higher bar to including potentially sensitive data.
It remained unclear, as CISA cleared its first hurdle, when (or whether) this and other amendments would receive votes.
Cybersecurity has been the focus of unprecedented attention in recent months, following the massive data breach at the Office of Personnel Management, in which hackers stole the records of more than 22 million current, former, and prospective federal workers. CISA supporters repeatedly pointed to the OPM hack as evidence of the cyber threats that the United States faced, even though experts have said that cyber threat data sharing would not have prevented the attack.
Wyden has even warned, in an interview with the Daily Dot, that CISA could compound the problem, by placing a new repository of threat data—potentially including Americans’ personal information—on government servers that remain insecure. He echoed those concerns on the Senate floor on Tuesday, calling CISA’s data-sharing portal “a prime target for hackers.”
Many business groups, including the U.S. Chamber of Commerce and the Financial Services Roundtable, have pushed for passage of CISA. The bill grants companies immunity from lawsuits stemming from their sharing of cyber-threat data with the government.
Immediately after the cloture vote, the Senate defeated an amendment from Sen. Rand Paul (R-Ky.) to preserve legal liability for companies that violate their privacy agreements with customers by sharing personal data.
“This legislation is a first step only to improve our nation’s defenses against cyberattack and cyber intrusion,” Sen. Dianne Feinstein (D-Calif.), the top Democrat on the Intelligence Committee and one of CISA’s main backers, said on the Senate floor on Tuesday. “It is the most effective first legislative step we believe that we can take.”
Update 11:03am CT, Oct. 22: Added Paul amendment vote.
Photo via jasleen_kaur/Flickr (CC BY SA 2.0) | Remix by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.