- Lawsuit alleges YouTube’s unboxing videos are ‘abusive’ ads aimed at kids Sunday 3:48 PM
- Dr. Dre shades Lori Loughlin with Instagram flex about his daughter getting into USC Sunday 3:13 PM
- University of Georgia frat’s racist Snapchat video draws campus outrage Sunday 1:21 PM
- Facing criticism for eating fish, vegan YouTube star Rawvana speaks out Sunday 10:47 AM
- Arnold Schwarzenegger chases mini-pony in new TikTok video Sunday 9:19 AM
- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest Sunday 8:00 AM
- Where do 2020 Democratic candidates stand on healthcare? Sunday 7:30 AM
- How to (legally) stream live TV on Kodi Sunday 7:00 AM
- ‘Delhi Crime’ tackles inequality and women’s rights Sunday 7:00 AM
- How to watch the 2019 STP 500 at Martinsville Speedway for free Sunday 6:00 AM
- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets ‘canceled’ over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
Senate votes to move ahead with CISA, a controversial cybersecurity bill
Privacy groups worry that the bill will expose more sensitive information to hackers.
The Senate on Thursday cleared the first hurdle toward passing a controversial cybersecurity bill championed by pro-business groups and condemned by civil-liberties advocates and leading tech companies as detrimental to Americans’ privacy.
The upper chamber voted 83-14 to end debate and advance the Cybersecurity Information Sharing Act (CISA), which would let businesses share data about cyber threats with the government. A final vote on the bill is expected early next week.
A growing wave of cyberattacks in recent years has heightened concerns about weak cybersecurity practices, prompting Congress to consider new ways to spot these attacks before they begin. But CISA faces fierce criticism from a broad coalition of privacy advocates over concerns that businesses will expose their users’ personal information when they share threat data with the U.S. government. The bill contains a provision requiring companies to scrub such information, but civil-liberties groups argue that its language is not stringent enough.
“Everyone is for ‘cybersecurity,’ but that’s not what this bill is about,” Nathan White, senior legislative manager at the civil-society group Access, said in a statement. “This bill is being sold as security, but it’s a backdoor to surveillance. The more people learn about the bill, the more the opposition grows.”
Senate Intelligence Committee Chairman Richard Burr (R-N.C.), the bill’s co-sponsor, on Wednesday dismissed criticisms of the bill as “a sign of ignorance or a sign that [critics are] being disingenuous.”
But Sen. Ron Wyden (D-Ore.), CISA’s chief congressional opponent, insisted that Burr and other supporters were masking the bill’s true nature.
“This isn’t a cybersecurity bill,” Wyden said on the Senate floor on Thursday. “This is yet another surveillance bill. The Senate is again missing another opportunity to do this right and promote both security and liberty.”
Wyden introduced an amendment to rewrite the privacy provision, which currently directs any company sharing cyber threat data to scrub from the data:
“any information…that the [company] knows at the time of sharing to be personal information of or identifying a specific person not directly related to a cybersecurity threat.”
Wyden’s amendment would instead direct companies to scrub:
“any personal information of or identifying a specific individual that is not necessary to describe or [identify] a cybersecurity threat.”
The new language would emphasize preserving information that companies believe is directly related to cyber threats rather than focusing on deleting information that is found to be unrelated—creating a higher bar to including potentially sensitive data.
It remained unclear, as CISA cleared its first hurdle, when (or whether) this and other amendments would receive votes.
Cybersecurity has been the focus of unprecedented attention in recent months, following the massive data breach at the Office of Personnel Management, in which hackers stole the records of more than 22 million current, former, and prospective federal workers. CISA supporters repeatedly pointed to the OPM hack as evidence of the cyber threats that the United States faced, even though experts have said that cyber threat data sharing would not have prevented the attack.
Wyden has even warned, in an interview with the Daily Dot, that CISA could compound the problem, by placing a new repository of threat data—potentially including Americans’ personal information—on government servers that remain insecure. He echoed those concerns on the Senate floor on Tuesday, calling CISA’s data-sharing portal “a prime target for hackers.”
Many business groups, including the U.S. Chamber of Commerce and the Financial Services Roundtable, have pushed for passage of CISA. The bill grants companies immunity from lawsuits stemming from their sharing of cyber-threat data with the government.
Immediately after the cloture vote, the Senate defeated an amendment from Sen. Rand Paul (R-Ky.) to preserve legal liability for companies that violate their privacy agreements with customers by sharing personal data.
“This legislation is a first step only to improve our nation’s defenses against cyberattack and cyber intrusion,” Sen. Dianne Feinstein (D-Calif.), the top Democrat on the Intelligence Committee and one of CISA’s main backers, said on the Senate floor on Tuesday. “It is the most effective first legislative step we believe that we can take.”
Update 11:03am CT, Oct. 22: Added Paul amendment vote.
Photo via jasleen_kaur/Flickr (CC BY SA 2.0) | Remix by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.