By Cory Bennett - 12/19/15 01:31 PM EST
Congress on Friday approved its first major cybersecurity bill in years as part of a sweeping end-of-year spending deal.
The legislation, which provides incentives for companies to share data on hacking threats with the government without fear of facing customer lawsuits, became law when President Obama signed the $1.15 trillion omnibus spending bill.
Sens. Mitch McConnellMitch McConnellPeter Thiel does not make the GOP pro-gay Reid: Trump is a 'hateful con man' McAuliffe: Clinton won't move TPP without changes MORE (R-Ky.), Richard BurrRichard BurrThe Trail 2016: Putting the past behind them The Hill's 12:30 Report Burr pledges to retire after one more Senate term MORE (R-N.C.), Dianne FeinsteinDianne FeinsteinDems urge Obama to release info on Russian links to DNC hack Hotel lobby cheers scrutiny on Airbnb GOP platform attempts middle ground on encryption debate MORE (D-Calif.)
McConnell, the Senate’s majority leader, has struggled to unify his caucus on surveillance and privacy legislation.
During the high-profile debate over reauthorizing the National Security Agency’s collection of data, McConnell and Burr, the Senate Intelligence Committee chairman, were rebuked by the GOP’s civil liberties wing.
This time around, Burr led the charge on the Senate’s cyber bill with Sen. Dianne Feinstein (D-Calif.), the Intelligence panel’s top Democrat.
The pair was able to secure considerable bipartisan support for a bill that was opposed by much of the same coalition that successfully overrode McConnell and Burr during the NSA debate.
After the bill passed Friday, McConnell told reporters the cyber bill was “near the top of my list” for 2015.
U.S. Chamber of Commerce
Big business groups such as the Chamber of Commerce, the Financial Services Roundtable and the National Retail Federation made the cyber bill a top legislative priority this year.
The groups won concessions during the final negotiations as the House and Senate combined three bills into the compromise text that passed Friday.
According to people tracking the final discussions, negotiators bowed to industry pressure and dropped a clause that would have directed the Department of Homeland Security (DHS) to evaluate the cybersecurity readiness at roughly 65 companies behind critical infrastructure.
The White House
In January, the White House issued its own cyber info-sharing legislative proposal, which some believed might rival the offering from Burr and Feinstein.
Initially, the two efforts seemed far apart. But the White House and its Capitol Hill allies, including Senate Homeland Security Committee ranking member Tom Carper (D-Del.), were able to inject a series of administration-favored clauses into the final bill.
They worked with Burr and Feinstein to craft a manager’s package that was adopted as an amendment shortly before the Senate bill passed.
The White House has said it is mostly pleased with the final compromise language.
Bush and Fiorina have been the two Republican presidential candidates stumping hardest for the cyber bill.
Both have criticized Obama for not moving swifter on efforts to better engage the private sector on combating cyberattacks.
Earlier this week, Fiorina, the former head of tech firm Hewlett-Packard, reiterated her support for the measure while laying out her cybersecurity plan.
The cyber bill’s passage is a serious blow to privacy groups’ efforts to scale back the government’s surveillance arm.
Since the 2013 disclosures by Edward Snowden, a coalition of digital rights groups, libertarian Republicans and tech-focused Democrats have recorded a number of incremental victories, including the NSA reform bill where they won out over McConnell and Burr.
Friday’s vote puts a stop to that winning streak.
While the final bill is an improvement over similar legislation that nearly passed last year, the language did not go nearly far enough to draw privacy advocates’ support.
“Ultimately this will be embarrassing for Congress,” said Nathan White, senior legislative manager at digital rights group Access Now.
A last-ditch amendment from Rep. Jim Jordan (R-Ohio), the chairman of the conservative House Freedom Caucus, would have stripped the cyber text from the omnibus. It failed to get a floor vote.
Lawmakers opposed to the bill acknowledged they ended up on the losing side.
“It’s an ongoing battle and this is a major step backwards from the progress we’ve been making,” said Rep. Jared Polis (D-Colo.).
Sen. Rand PaulRand PaulGreen party candidate: People have 'real questions' about vaccines What to watch for on Day 2 at the GOP convention Cyber squatters sitting on valuable VP web addresses MORE (R-Ky.)
Many thought Sen. Rand Paul would use the cyber bill as another chance to take a stand against government surveillance.
His White House bid got off to a hot start with his long tirades against government surveillance during the NSA debate.
But aside from a brief floor speech shortly before the Senate passed its cyber bill, Paul was mostly absent from the overall debate.
Sen. Ron Wyden (D-Ore.)
Wyden led the charge against the cyber bill in the upper chamber, solidifying his tech bona fides and his place as a favorite ally of the digital rights community.
In speech after speech, Wyden ranted against the bill’s lack of privacy provisions, arguing the measure would boost government surveillance without improving cyber defenses.
Ultimately, Wyden failed in his bid to alter the text. But his favored amendments received more support than many expected, which Wyden saw as evidence he was getting through to some senators in Congress.
“When you have a reactive Congress — we’ve all seen these cyberattacks — and somebody says here’s a cybersecurity bill, you always have a big educational challenge,” he told reporters just before the Senate bill passed.
Major Silicon Valley players such as Apple, Twitter and Yelp all came out against the Senate's measure before it passed.
Several prominent tech trade groups, including the Computer & Communications Industry Association (CCIA), joined them in a push to alter the bill.
A number of the group’s requested changes were made through the Burr-Feinstein manager’s package that was adopted as an amendment.
Despite this, none of these tech companies or trade groups ultimately supported the final bill.
Numerous top tech firms and social media have indicated they will simply not participate in the information-sharing program set up under the bill.