Five players to watch in Senate cyber fight

Five players to watch in Senate cyber fight
© Getty

The final battle over the Senate’s biggest cybersecurity bill in years is slated to take place Tuesday on the floor of the upper chamber.

And the fever pitch over the Cybersecurity Information Sharing Act (CISA) — which would offer legal liability protections to encourage companies to share data on hacking threats with the government — is reaching its apex just days ahead of a crucial vote.


Privacy-minded senators, civil rights groups and a growing number of tech companies are warning the legislation will merely shuttle more of Americans’ personal data to the government without actually bolstering cyber defenses.

But CISA proponents — including a large bipartisan coalition of lawmakers, many industry groups and the White House — insist the bill is a necessary first step if businesses and the government want to stop the deluge of cyberattacks.

These opposing forces will clash on the Senate floor during an action-packed Tuesday, as each side gets to debate their preferred amendments.

In total, eight amendments are scheduled for votes throughout the day, including one manager’s package from CISA co-sponsors Sens. Richard BurrRichard Mauze BurrSenate GOP opens door to smaller coronavirus deal as talks lag Hillicon Valley: Google extending remote work policy through July 2021 | Intel community returns final Russia report to Senate committee after declassification | Study finds election officials vulnerable to cyberattacks Intel community returns final Russia report volume to Senate after declassification review MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinSenate Democrats demand answers on migrant child trafficking during pandemic Yates spars with GOP at testy hearing Democrats want Biden to debate Trump despite risks MORE (D-Calif.), that pulled together nearly two dozen edits and amendments from various lawmakers.

After that, Senate leaders will likely move to end debate and try to pass the bill.

Here’s who to watch for as CISA nears the once-elusive finish line.

1. Sen. Ron WydenRonald (Ron) Lee WydenTrump signs executive orders after coronavirus relief talks falter Senate Democrats demand answers on migrant child trafficking during pandemic Hillicon Valley: Facebook removes Trump post | TikTok gets competitor | Lawmakers raise grid safety concerns MORE (D-Ore.)

Wyden, a staunch privacy advocate beloved by many in the tech sector, has been leading the crusade against CISA in the upper chamber.

The Oregon Democrat was the lone dissenting vote on CISA when the bill passed out of the Senate Intelligence Committee in March. He has since spent months organizing opposition to the bill, while trying to amend it himself.

Wyden succeeded in getting one of his proposals attached to the manager’s amendment offered by Burr and Feinstein. That measure is widely expected to pass on Tuesday.

But Wyden’s push to heighten the requirements for companies to remove personal details before sharing cyber threat data with the government faces long odds as a standalone amendment.

CISA “creates an incentive for companies to dump large quantities of data over to the government with only a cursory review," Wyden argued on the floor this week.

The CISA critic is holding out hope he can collect enough votes for his alternative language, although many are skeptical.

“I think you’re going to see additional people coming out against this,” he told reporters. “When you have a reactive congress — we’ve all seen these cyber attacks — and somebody says here’s a cybersecurity bill, you always have a big educational challenge.”

2. Sen. Tom CottonTom Bryant CottonOn The Trail: Pence's knives come out Sunday shows preview: White House, congressional Democrats unable to breach stalemate over coronavirus relief The Hill's Morning Report - Presented by the Air Line Pilots Association - Negotiators 'far apart' as talks yield little ahead of deadline MORE (R-Ark.)

Perhaps the most divisive amendment will come from Cotton. It's also the standalone amendment with the best chance of passing.

The Arkansas Republican’s proposal would facilitate a direct transfer of cyber threat data between businesses and the FBI and Secret Service. Currently, the bill encourages companies to go through the Department of Homeland Security (DHS), with some limited exceptions.

Industry proponents argue the edit would allow them to communicate efficiently with long-standing law enforcement partners critical to fighting cyber crime.

“The Cotton amendment recognizes that retailers and the FBI and Secret Service are longstanding partners in working together to prevent cyber-attacks,” said Paul Martino, senior policy counsel at the National Retail Federation, one of 10 industry groups that sent a joint letter to senators this week. “Forcing retailers in time-critical situations to abandon these established partnerships with federal law enforcement and work through the new DHS bureaucracy will only add uncertainty and delays.”

But privacy advocates warn the provision would merely let companies and the government skirt important DHS privacy protections. The White House urged lawmakers to oppose Cotton’s offering in the administration's official CISA endorsement, issued late Thursday.

“The administration will strongly oppose any amendments that would provide additional liability-protected sharing channels, including expanding any exceptions to the DHS portal,” the White House cautioned.

Some CISA backers have even worried the Cotton amendment could cause senators and the White House to pull CISA support, possibly derailing the bill altogether. The concern has led many, including supporters, to believe the proposal will ultimately fail.

3. Sens. Chris CoonsChristopher (Chris) Andrew CoonsWary GOP eyes Meadows shift from brick-thrower to dealmaker On The Money: Pessimism grows as coronavirus talks go down to the wire | Jobs report poised to light fire under COVID-19 talks | Tax preparers warn unemployment recipients could owe IRS Senators introduce bill to block Trump armed drone sale measure MORE (D-Del.), Al FrankenAlan (Al) Stuart FrankenCNN publishes first Al Franken op-ed since resignation Political world mourns loss of comedian Jerry Stiller Maher to Tara Reade on timing of sexual assault allegation: 'Why wait until Biden is our only hope?' MORE (D-Minn.) and Dean HellerDean Arthur HellerOn The Trail: Democrats plan to hammer Trump on Social Security, Medicare Lobbying World Democrats spend big to put Senate in play MORE (R-Nev.)

This trio of senators is backing three long-shot amendments favored by privacy advocates.

Each has raised red flags about CISA's broad definitions and what they view as inadequate provisions dictating how the government will handle the data it gets.

“Major concerns,” Sen. Al Franken (D-Minn.) said on the floor Thursday, “still have not been resolved.”

Franken is backing an amendment that would narrow the definition of “cybersecurity threat,” limiting the type of data the government would receive.

The current definition, Franken said, “actually threatens to undermine security by increasing the amount of unreliable information shared with the government.”

Sen. Dean Heller (R-Nev.) is behind a proposal to heighten the bar for government agencies when stripping personal details from the data it receives. The edit, he said this week, would “hold the federal government accountable."

Sen. Chris Coons (D-Del.) has a similar amendment that he believes would create a stricter privacy standard for DHS when it reviews cyber threat data.

Privacy advocates say these edits, plus Wyden’s desired change, could help the bill, though they would still oppose the measure.

4. The White House hopefuls

Two of the Senate’s four White House candidates have staked out positions against CISA.

Sen. Rand PaulRandal (Rand) Howard PaulTrump-backed Hagerty wins Tennessee GOP Senate primary Senators introduce bill to block Trump armed drone sale measure The Hill's Campaign Report: Trump's visit to battleground Ohio overshadowed by coronavirus MORE has been the most vocal. The Kentucky Republican has a CISA section on his campaign website where he claims the bill “would transform websites into government spies.”

But his last-ditch bid to alter the bill was stuck down Thursday. Paul was pushing an amendment that would have rescinded CISA’s legal liability protections for companies if those firms violated a user or privacy agreement when sharing its cyber threat data with the government.

CISA “makes your privacy agreement not really worth the paper it’s written on," he said shortly before the vote.

Some have wondered whether Paul, who initially made a name for his 2016 campaign by speaking out on government surveillance, will take a stand on the Senate floor this week to further denounce the bill.

Sen. Bernie SandersBernie SandersTrump is fighting the wrong war Michelle Obama, Sanders, Kasich to be featured on first night of Democratic convention: report The Memo: Trump team pounces on Biden gaffes MORE (I-Vt.) has also come out against CISA, although he has not made it a talking point on the Senate floor.

A third candidate, Sen. Ted CruzRafael (Ted) Edward CruzOn The Trail: Pence's knives come out Pat Fallon wins GOP nomination in race to succeed DNI Ratcliffe The Hill's Morning Report - Presented by the Air Line Pilots Association - Negotiators 'far apart' as talks yield little ahead of deadline MORE, has drawn heat from the tech community after a video surfaced from Oct. 15 showing the Texas Republican acknowledging his unfamiliarity with CISA.  

“I will confess that that is not a bill that I have studied,” he told a crowd in Iowa.

On Thursday, Cruz voted in favor of Paul’s amendment, but also in favor of ending debate on the Burr-Feinstein manager’s package, the first procedural hurdle in getting CISA to a final vote.

Sen. Lindsey GrahamLindsey Olin GrahamSeveral GOP lawmakers express concern over Trump executive orders Graham says he appreciates Trump orders, but 'would much prefer a congressional agreement' Sunday shows preview: White House, congressional Democrats unable to breach stalemate over coronavirus relief MORE (R-S.C.) has not been vocal in the CISA debate — and wasn’t present for Thursday's votes. But the presidential candidate has long touted the need for cybersecurity legislation and increased cyber defense funding.

5. Apple

A growing number of tech companies have been taking increasingly bold public stances against CISA in recent weeks.

After quietly opposing the bill for weeks, Apple stepped out on Tuesday with a public statement.

"The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy," the California-based company said in a statement to The Washington Post.

Apple was the latest in a last-minute landslide of individual tech companies that started opposing the bill after several prominent tech industry groups came out out against an unedited CISA. Wikimedia, Yelp, Salesforce and reddit all recently spoke out against CISA, and more could be on the way.

Their opposition has become a leading point of contention on the Senate floor, with Wyden and Franken using tech industry opposition as a central point in their speeches.

Tech firms “have to make sure they’re protecting both cybersecurity and individual privacy,” Wyden said. “Those companies, they know that customer confidence is their lifeblood.”

Feinstein fired back that she was struggling to understand “the moaning and groaning” about a voluntary bill.

“I say if you don’t want to participate, don’t participate,” she said.

Tech companies should want legislation that helps them protect their data, Burr added.

“They are the richest depositories of data in the world,” he said. “I hope they wake up and smell the roses."

— Updated 3:50 p.m.