Senate kills privacy advocates' bid to change cyber bill

Senate kills privacy advocates' bid to change cyber bill

The Senate on Tuesday dismissed a last-ditch effort from privacy-minded senators to change a controversial cybersecurity bill that is quickly headed for a final vote.

The Cybersecurity Information Sharing Act (CISA) — which would encourage businesses to share more data on hackers with the government — is now expected to pass without any of the amendments desired by privacy advocates, despite a months-long campaign from a number of lawmakers.

Before the vote, Senate Minority Leader Dick DurbinRichard (Dick) Joseph DurbinThis week: House GOP regroups after farm bill failure Overnight Health Care — Sponsored by PCMA — Trump hits federally funded clinics with new abortion restrictions Dem lawmaker spars with own party over prison reform MORE (D-Ill.) told his colleagues the edits were needed to help strike the appropriate balance between ensuring security and protecting civil liberties.

ADVERTISEMENT
"We are always going to be faced with that challenge," he said. "Are we going too far? Are we giving too much to the government? That, in fact, is the debate we have today."

But Sen. Dianne FeinsteinDianne Emiel FeinsteinDOJ, Trump reach deal on expanded Russia review Congress — when considering women’s health, don’t forget about lung cancer Overnight Energy: Pruitt taps man behind 'lock her up' chant for EPA office | Watchdog to review EPA email policies | Three Republicans join climate caucus MORE (D-Calif.), a CISA co-sponsor, cautioned the edits would "undo the careful compromises we have made on this bill."

Many industry groups, a bipartisan group of lawmakers, and the White House argue CISA is needed to help the country better defend itself against cyberattacks. But privacy advocates criticized the bill as a surveillance measure that will simply shuttle more of Americans’ personal data to the government.

In recent days, leading CISA critic Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Facebook, Google struggle to block terrorist content | Cambridge Analytica declares bankruptcy in US | Company exposed phone location data | Apple starts paying back taxes to Ireland Firm exposes cell phone location data on US customers Overnight Finance: Watchdog weighs probe into handling of Cohen bank records | Immigration fight threatens farm bill | House panel rebukes Trump on ZTE | Trump raises doubts about trade deal with China MORE (D-Ore.) made a vocal bid to win over enough votes to get through several privacy-focused amendments from himself and four other senators.

These amendments, “seek to achieve the same goal ... to reduce the unnecessary sharing of Americans’ private and personal information,” he said on the Senate floor Monday.

Wyden was pushing his own amendment that would have injected stricter requirements for companies to remove personal information from their cyber threat data before handing it to the government. The proposal fell by a 41-55 vote.

His change, he argued, would have provided CISA with “a straightforward standard that could give consumers real confidence that their privacy is actually being protected.”

As it stands now, “the message behind this bill is, when in doubt, hand it over,” Wyden added.

Feinstein shot back just before the vote Tuesday, arguing that Wyden's language would create "a very unclear requirement" for businesses.

Sen. Dean HellerDean Arthur HellerKennedy retirement rumors shift into overdrive McConnell: Midterms will be 'very challenging' for GOP Singer Jason Mraz: Too much political 'combat' in Washington MORE (R-Nev.) offered a similar amendment that would have also raised the personal data scrubbing standard for the government.

"I believe that my amendment does strike a balance, increasing privacy, but still providing that real-time information sharing," Heller said on the Senate floor Tuesday.

Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrSenate confirms Haspel to head CIA The Hill's Morning Report: Mueller probe hits one-year mark Divisions deepen as Mueller probe hits one year MORE (R-N.C.), CISA's other co-sponsor, pushed back.  

"It changes [CISA] in a way that would either cause companies to choose not to participate, or it may change it in a way that delays notification to the federal government," he said.

Heller's proposal went down in a 47-49 vote.

Casting his 15,001th Senate vote, Sen. Patrick LeahyPatrick Joseph LeahyDem senator mocks Pruitt over alleged security threats: 'Nobody even knows who you are' Pruitt tells senators: ‘I share your concerns about some of these decisions’ Protesters hold up 'fire him' signs behind Pruitt during hearing MORE (D-Vt.) tried but failed to strip the bill of what he believes are detrimental exemptions to a vital public transparency law, the Freedom of Information Act (FOIA).

"We should not be passing legislation that weakens this critical law," Leahy insisted Monday. 

Under CISA, businesses sharing data on hackers with the government would receive some protections from having the details of this information revealed through a FOIA request.

"While the bill seeks to share information about the nature of cyber threats and suggestions on how to defend networks, this information should not be made widely available to hackers and cyber criminals who could use it for their own purposes," Feinstein argued on the floor Tuesday.

The Leahy measure garnered only 37 votes.

Sen. Al FrankenAlan (Al) Stuart Franken100 days after House passage, Gillibrand calls on Senate to act on sexual harassment reform Eric Schneiderman and #MeToo pose challenges for both parties Senate confirms Trump judicial pick over objections of home-state senator MORE (D-Minn.) also failed in his effort to restrict the volume and type of data the government would receive under CISA.

His offering, which received 35 votes with 60 against, would have narrowed the definition of “cybersecurity threat” in the bill.

“These changes will help ensure that CISA’s broad authorities are not triggered in circumstances where no real cyber threats are present,” he said in a final pitch to his colleagues Monday night. “This makes the bill more privacy protective and more likely to work effectively.”

But Feinstein warned it would inject uncertainty into the bill, and possibly even stop companies from sharing vital cyber threat data.

Privacy advocates got one final bid at altering the bill Tuesday afternoon, with an amendment from Sen. Chris CoonsChristopher (Chris) Andrew CoonsCongress, Trump eye new agency to invest in projects overseas On World Press Freedom Day, elected officials must commit to keeping press freedom nonpartisan Overnight Defense: Pompeo clears Senate panel, on track for confirmation | Retired officers oppose Haspel for CIA director | Iran, Syria on agenda for Macron visit MORE. The Delaware Democrat wanted to add more stringent data scrubbing requirements specifically for the Department of Homeland Security (DHS), which would receive most of the cyber threat shared under CISA.

Like his fellow privacy-minded colleagues, Coons' effort fell short, receiving 41 votes.

Even though Coons didn't get his language approved, a variation of his desired changes was included in a manager’s package from the bill’s co-sponsors, Burr and Feinstein.

Their package contains nearly two dozen edits from various senators, including some of Coons’s language merged with a proposal from Sen. Tom CarperThomas (Tom) Richard CarperHillicon Valley: Facebook, Google struggle to block terrorist content | Cambridge Analytica declares bankruptcy in US | Company exposed phone location data | Apple starts paying back taxes to Ireland Overnight Energy: Pruitt taps man behind 'lock her up' chant for EPA office | Watchdog to review EPA email policies | Three Republicans join climate caucus Watchdog to probe EPA email preservation MORE (D-Del.). That package is expected to pass Tuesday evening.

While privacy groups did urge the upper chamber to adopt each of the amendments, the alterations stood no chance of fully winning over staunch CISA supporters.

Greg Nojeim, senior counsel at the Center for Democracy & Technology, said the amendments were “important” and could have lessened the likelihood that personal data will be transferred to the government, “but at the end of the day, the world that we’ll face is one in which instead of minimizing the flow of user information to the NSA, the bill will mandate it.”

— Katie Bo Williams contributed.

— This story was updated at 4:39 p.m.