Feinstein: Cyber bill edits address privacy concerns

Feinstein: Cyber bill edits address privacy concerns
© Greg Nash

Sen. Dianne FeinsteinDianne Emiel FeinsteinThis week: Democrats, White House set for infrastructure, budget talks Senate confirms Rosen for No. 2 spot at DOJ Senate confirms controversial 9th Circuit pick without blue slips MORE (D-Calif.) took the floor Wednesday to directly address those opposing her cyber bill.

“I do this because there are kinds of rumors beginning to circulate,” she said, “that are not correct.”

The Cybersecurity Information Sharing Act (CISA), which would encourage businesses to share data on hacking threats with the government, has drawn the ire of privacy advocates and a growing number of tech companies.

While CISA backers argue the measure is the necessary first step to help the nation better understand and repel cyberattacks, privacy advocates have long claimed the bill would merely shuttle more personal data on Americans to government surveillance agencies.

Feinstein and Sen. Richard BurrRichard Mauze BurrOvernight Defense: Congressional leaders receive classified briefing on Iran | Trump on war: 'I hope not' | Key Republican calls threats credible | Warren plan targets corporate influence at Pentagon Key Republican 'convinced' Iran threats are credible Congressional leaders receive classified Iran briefing MORE (R-N.C.), CISA’s other co-sponsor, on Tuesday introduced an expanded manager’s amendment that includes nearly two dozen edits to the bill.

During a nearly 30-minute speech, Feinstein delineated each of the alterations in her manager’s package, which is expected to pass.

Various provisions within the package restrict the data that companies can share with the government, eliminate controversial government uses of that data and set up a more robust government scrub of any personal information it accidentally receives, Feinstein said.

“It makes important changes to the bill,” Feinstein said, “to address privacy concerns about the legislation.”

Feinstein, who is the Senate Intelligence Committee’s top Democrat, highlighted one clause that forbids the government from using any cyber-threat data to investigate unrelated “serious violent felonies.”

She called the alteration a “very significant privacy change.”

“The provision had been used by privacy groups to claim that this is a surveillance bill,” Feinstein said. “It is not.”

“So please let’s not speak of it as something it isn’t,” she added.

Feinstein also pointed to an amendment from Sen. Tom CarperThomas (Tom) Richard CarperOvernight Energy: EPA watchdog finds Pruitt spent 4K on 'excessive' travel | Agency defends Pruitt expenses | Lawmakers push EPA to recover money | Inslee proposes spending T for green jobs Lawmakers take EPA head to task for refusing to demand Pruitt repay travel expenses Dems request investigation of lobbyist-turned-EPA employee who met with former boss MORE (D-Del.), which she said would create “a fast, real-time filter” at the Department of Homeland Security “that can do an additional scrub” for personal specifics such as Social Security numbers before cyber-threat data is shared government-wide.

“This should be very meaningful to the privacy community; I really hope it is,” she said. “I want to believe that their actions aren’t just to kill that bill.”

The California Democrat also called out a number of prominent tech companies headquartered in her own state, such as Apple and Twitter, that have made late pushes to oppose the bill.

Feinstein said it was “hard for me to understand” why these companies aren’t supporting the bill.

CISA is voluntary, she insisted. And the manager’s amendment would reinforce the bill’s optional nature.

“If you don’t like the bill, you don’t have to do it,” she said emphatically.

Feinstein’s pleadings seem unlikely to win over privacy advocates, who have already indicated that the possible CISA amendments wouldn't fully quell their concerns.

Tech companies may be a more receptive audience. The Computer & Communications Industry Association (CCIA), which made waves recently when it came out against the unedited version of CISA, has said it sees potential benefits in the bill.

“People like to have clarity when they’re doing this kind of sharing,” said Bijan Madhani, regulatory counsel at the CCIA, which represents companies such as Amazon, Facebook, Google and Yahoo. “Right now information gets shared, but it’s sort of less structured.”