The Senate on Tuesday passed a bill that intends to improve cybersecurity by encouraging companies and the government to share information about hacking threats.
The Cybersecurity Information Sharing Act (CISA) passed by a 74-21 vote Tuesday despite concerns about privacy and transparency from some senators and technology companies, such as Apple and Yelp.
The Senate rejected amendments, including one addressing concerns that companies could give the government personal information about their customers. Another failed amendment would have eliminated part of the bill that would keep secret information about which companies participate and what they share with the government.
Companies would receive legal protections from antitrust and consumer privacy liabilities for participating in the voluntary program.The bill must be reconciled with two similar information-sharing measures that passed the House earlier this year. The White House announced support last week for the Senate bill, although it stated a desire for some revisions before it lands on President Barack Obama’s desk.
Civil libertarians have opposed information-sharing legislation for years, with many warning it will give the National Security Agency and other agencies more access to snoop on Americans’ personal data without improving cyber defenses.
CISA is important to help detect and minimize cyber intrusions, according to the bill’s bipartisan backers.
The bill would make it easier for corporations to share information about cyberattacks with each other or the government without fear of lawsuits.
“This bill will provide important liability protections for companies that choose to exchange cybersecurity threat information,” said Paul Kurtz, CEO of TruSTAR Technology and former cybersecurity adviser to the White House under Clinton and Bush. “However, we have also heard the message loud and clear that information-sharing efforts must not cost us our privacy. Now that government has played its role by removing legal obstacles to cyber incident collaboration, it is time for industry to work together to create a privacy-preserving information sharing infrastructure.”
Senators have been eager to address cybersecurity in the wake of recent high-profile hacks of companies such as Sony Pictures and the pilfering of troves of employee data from the federal Office of Personnel Management.