Senators are punting a major cybersecurity bill to at least September after reaching an agreement Wednesday afternoon lining up the initial amendments to be offered.
The Cybersecurity Information Sharing Act (CISA), which facilitates the exchange of cyber threat information between companies and the government, is meant to help the nation prop up its faltering digital defenses.
The deal on amendments was struck just hours after it appeared negotiations might totally fall apart. Under the accord, privacy advocates will be able to offer a number of amendments without a limit on the debate time, a key provision for Senate Democrats.
Democratic Sens. Ron WydenRonald (Ron) Lee WydenDemocrats calls on Biden administration to ease entry to US for at-risk Afghans Schumer opted for modest rules reform after pushback from moderates Sanders, 50 Democrats unveil bill to send N95 masks to all Americans MORE (Ore.), Patrick LeahyPatrick Joseph LeahySenate panel advances bill blocking tech giants from favoring own products Former US attorney considering Senate run in Vermont as Republican The Hill's 12:30 Report: Sen. Kaine, drivers stranded in I-95 backup MORE (Vt.) and Al FrankenAlan (Al) Stuart FrankenMeet the Democrats' last best hope of preserving a House majority Franken rules out challenge against Gillibrand for Senate seat Franken targets senators from both parties in new comedy tour MORE (Minn.) will get to propose four of their desired edits.
“A couple of days ago it was my fear that this bill would be brought up — it’s a badly flawed bill — and it would be brought up with no opportunity for senators on both sides of the aisle to fix the legislation,” Wyden said on the floor just after the agreement was announced.
“There is going to be a real debate,” he added. “That’s of course what the United States Senate is all about.”
Civil liberties-minded Republican Sens. Dean HellerDean Arthur HellerSeven most vulnerable governors facing reelection in 2022 Nevada becomes early Senate battleground Nevada governor Sisolak injured in car accident, released from hospital MORE and Rand PaulRandal (Rand) Howard PaulI'm furious about Democrats taking the blame — it's time to fight back Rand Paul cancels DirecTV subscription after it drops OAN Trump slams Biden, voices unsubstantiated election fraud claims at first rally of 2022 MORE will also get to offer one amendment each.
None of Paul's non cyber-related amendments — including a measure to limit federal funding for immigration “sanctuary cities” and an amendment to audit the Federal Reserve — will see the floor to start. Several people with knowledge of the recent negotiations said these proposed add-ons were slowing a deal.
In total, Democrats will put forward 11 amendments, while Republicans will get to offer 10. But Senate aides said the two parties could agree to allow more amendments after wrapping up the initial set.
While CISA supporters argue enhancing cyber threat information sharing is a necessity to better understand and repel potential cyberattacks, privacy advocates believe the bill will simply funnel more sensitive data on American citizens to government intelligence agencies.
Despite bipartisan support, a White House endorsement and industry backing, Senate leaders have been unable to move CISA for months, even after catastrophic hacks at the Office of Personnel Management (OPM) left over 22 million people’s sensitive data exposed.
Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellBiden stiff arms progressives on the Postal Service Biden clarifies any Russian movement into Ukraine 'is an invasion' The Hill's Morning Report - Presented by Facebook - Biden talks, Senate balks MORE (R-Ky.) said the final pact would “set up expedited” consideration of CISA when the upper chamber returns in September.
But September is packed. Senators are facing multiple budget deadlines and a fight over the Iran nuclear deal, causing some to wonder whether lawmakers will be able to find floor time for CISA.
Senators on Wednesday said they were trying to tie the CISA amendments pact to an agreement to structure floor debate on Iran.
"We need a schedule for debate and votes on two major issues [Iran and cyber], plus we’ve got a whole September full of cliffs," Senate Armed Services Committee Chairman John McCainJohn Sidney McCainRedistricting reform key to achieving the bipartisanship Americans claim to want Kelly takes under-the-radar approach in Arizona Senate race Voting rights, Trump's Big Lie, and Republicans' problem with minorities MORE (R-Ariz.) told reporters.
CISA has been stuck in the upper chamber since it cleared the Senate Intelligence Committee in March by a 14-1 vote. A jammed schedule and a toxic debate over digital privacy have sidetracked work on the measure.
Even after the House easily passed its two complementary pieces of companion legislation in April, the Senate’s measure got pulled into a bruising debate over reforming the National Security Agency (NSA) that dragged into June.
Weeks later, the OPM data breach forced Congress to shift its focus back to cybersecurity.
The cyberattacks, believed to be part of a Chinese espionage scheme, highlighted federal networks’ woefully deficient cyber defenses. Lawmakers bashed the Obama administration for sluggishly responding to years of inspector general warnings that the government’s computer systems were not safe from hackers.
In response, McConnell moved to link CISA’s language to a defense authorization bill. Democrats and a few Republicans revolted, angry they wouldn’t be allowed to amend CISA’s text, and blocked the maneuver.
With Wednesday's deal, they now have their chance.
The privacy-minded cohort, led by Wyden, is hoping to restrict the sensitive data on Americans that might be shared with the government under the bill.
Franken’s edit, for example, would narrow the definition of “cyber threat indicator,” a broad category for the data companies will pass to federal agencies.
Wyden’s first alteration would insert stricter requirements for companies to inspect and strip personal details from cyber threat data. The second would mandate a process to notify people whose personal information may have been inappropriately shared.
Heller’s desired edit would also raise the standard on companies for removing sensitive data before sharing it with the government.
“Information sharing without vigorous, robust privacy safeguards will not be considered by millions of Americans to be a cybersecurity bill,” Wyden said. “Millions of Americans will say, ‘That legislation is a surveillance bill.’”
Sen. Barbara MikulskiBarbara Ann MikulskiTwo women could lead a powerful Senate spending panel for first time in history Harris invites every female senator to dinner next week Will the real Lee Hamiltons and Olympia Snowes please stand up? MORE (D-Md.), the top Democrat on the Senate Appropriations Committee, will also get to offer her provision that would bump up the OPM’s cybersecurity funding by $37 million between now and September 2017.
From the right, Sen. Tom CottonTom Bryant CottonSenate's antitrust bill would raise consumer prices and lower our competitiveness Sinema scuttles hopes for filibuster reform Republicans threaten floor takeover if Democrats weaken filibuster MORE (R-Ark.) will push a change that is likely to raise the ire of privacy advocates. Cotton is backing an amendment that would shield firms from legal culpability when sharing data directly with the FBI and Secret Service. As written, CISA only provides such protections when companies share data directly with the Department of Homeland Security (DHS).
Privacy advocates believe companies should only go through the DHS, which is seen as having the government’s best data privacy procedures.
With the battle lines hardening Wednesday, senators will now get at least a month to mull over which side they plan to fight for.
This story was updated at 6:10 p.m.