Former Secretary of State Hillary Clinton wasn't the only one who geared up to face a drubbing on Capitol Hill this Thursday – the Cyber Information Security Act (CISA) continued to take a wallop from privacy advocates even as the Senate mulled its merits, with both emerging relatively intact.
As Clinton continued her 11-hour testimony before the Select Committee on Benghazi, the Senate was much more accommodating/approving of CISA, eventually, in an 83-14 procedural vote, agreeing to vote on the legislation's amendments on Tuesday.
Senate Intelligence Committee Vice Chairman Dianne Feinstein (D-Calif.), who co-sponsored CISA along with Sen. Richard Burr (R-NC), has remained hopeful that the legislation would have passed.
The bill has drawn strong criticism and resistance from vendors like Apple and Microsoft, as well and privacy organizations from the Electronic Frontier Foundation (EFF) to Fight for the Future, the latter staged a demonstration outside Congress Thursday night, have said the proposed law could be another tool of surveillance and doesn't offer adequate privacy protections.
Feinstein earlier in the week questioned why the bill would draw such strong stands from tech companies, calling it unnecessary. “If you don't like the bill, you don't have to do it,” she said. “So it's hard for me to understand why we have companies like Apple and Google and Microsoft and others saying they can't support the bill at this time.” She clarified that the companies have no reason to make those contentions because they “don't have to do anything, but there are companies by the hundreds if not thousands that want to participate in this.”
CISA, which picked up endorsements from the White House and the Department of Homeland Security (DHS) Thursday night, seemed on track to pass at the senator gathering broke for the weekend.
"The Administration supports Senate passage of S. 754," the White House said, according to the Daily Dot.
On deck for Tuesday's vote are nearly half a dozen amendments from Senators Ron Wyden (D-Ore.), Patrick Leahy (D-Vt.), Al Franken (D-Minn.), Dean Heller (R-Nev.) and Jeff Flake (R-Ariz.) that seek, respectively, to pump up requirements on removing personally identifiable information (PII), get rid of Freedom of Information Act (FOIA) exemptions, define the terms cyber threat indicator and cybersecurity threat, protect PII that meets the “reasonably believed” standard and sunset the act itself after six years time.
The Senate will vote on a second set of amendments later in the day, including a controversial measure proposed by Sen. Tom Cotton (R-Ark.) that would give liability protection on par with what they'd get through DHS to those companies that share information with the Secret Service or the FBI.
CISA and particularly the Cotton amendment gained the backing of the Retail Industry Leaders Association (RILA), which sent a letter to Senate Majority Leader Mitch McConnell (R-Ky.) and Minority Leader Harry Reid (D-Nev.) urging passage of the bill.
“A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits,” the letter said. “We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real time threat indicators and defensive measures and taking actions to mitigate cyberattacks.”
Despite its support of the bill, the White House did indicate that the bill is far from a finished product, pledging to work with Congress as CISA “moves through the legislative process to ensure further important changes are made to the bill, including, but not limited to, preserving the leadership of civilian agencies in domestic cybersecurity."