Senate downs cyber bill's contested FBI amendment

Senate downs cyber bill's contested FBI amendment

The Senate on Tuesday blocked a hotly contested amendment to a major cybersecurity bill that some of the its backers supported, but were afraid might derail the measure at the last minute.

The Senate is barrelling toward a final vote later in the afternoon on the Cybersecurity Information Sharing Act (CISA), a bill years in the works that would give companies legal protections to encourage them to share more data on hackers with the government.  


The controversial amendment, from Sen. Tom CottonTom Bryant CottonIs the Navy totally at sea? The Hill's Morning Report - Presented by Altria - House debt vote today; Biden struggles to unite Arkansas legislature splits Little Rock in move that guarantees GOP seats MORE (R-Ark.), would have facilitated a direct transfer of cyber threat data between businesses and the FBI and Secret Service. CISA as written encourages companies to go through the Department of Homeland Security (DHS), or through their regulatory agency.

"Many businesses, especially retailers ... don’t have a regulator, thus they must report to DHS," Cotton said on the floor shortly before the vote. "They have no choice, they must report to DHS even if they have long-standing ties to the FBI."

Sen. Richard BurrRichard Mauze BurrDemocratic incumbents bolster fundraising advantage in key Senate races McConnell gets GOP wake-up call Senate approves short-term debt ceiling increase MORE (R-N.C.), a CISA co-sponsor, fired right back. 

"This is a deal killer," he insisted. "Be real honest, this kills the deal."

Funnelling the vast majority of CISA data through DHS was a key compromise the bill's backers struck to win the support of on-the-fence lawmakers.

CISA's other co-sponsor, Sen. Dianne FeinsteinDianne Emiel Feinstein Ban on new offshore drilling must stay in the Build Back Better Act Senate GOP signals they'll help bail out Biden's Fed chair Jane Fonda to push for end to offshore oil drilling in California MORE (D-Calif.), sent the same grave message hours earlier, in an attempt to build momentum to oppose Cotton's efforts.

"This amendment would basically undo one of the core concepts of the bill," she said.

Despite support on both sides of the aisle, Cotton's proposal fell far short in a 22-73 vote.

Many industry groups, lawmakers and the White House believe CISA is needed to help the country better defend itself against cyberattacks. But privacy advocates have criticized the bill as a surveillance measure that will simply shuttle more of Americans’ personal data to the government.

As privacy advocates came to terms with the fact that CISA would likely pass, they turned their derision toward Cotton’s amendment in the hopes of reducing the damage they believed the bill would cause.

The White House even cautioned senators not to adopt Cotton’s proposal, saying it could threaten the administration's hard-won CISA endorsement, issued late last week.

“The administration will strongly oppose any amendments that would provide additional liability-protected sharing channels, including expanding any exceptions to the DHS portal,” the White House said.

Industry proponents argued the edit would allow them to communicate efficiently with law enforcement partners critical to fighting cyber crime.

“Forcing retailers in time-critical situations to abandon these established partnerships with federal law enforcement and work through the new DHS bureaucracy will only add uncertainty and delays,” said Paul Martino, senior policy counsel at the National Retail Federation, one of 10 industry groups that sent a joint letter to senators last week.

The fight spilled onto the floor on Tuesday, with Cotton reiterating the belief that businesses should have the power to choose the FBI or Secret Service.

"I want to strengthen" CISA, he said.

Feinstein warned that the alteration would have the opposite effect.

“This change runs afoul of one of the most important privacy proteictions in the bill, which was to limit direct sharing of this cyber information with the intelligence community or law enforcement," she said.

Funnelling data through the DHS ensures it will "receive an additional scrub to remove any residual personal information," she added.