Senate passes CISA; negotiations with House next

Yesterday, after years of contention and literally millions of grassroots messages opposing it, the US Senate passed CISA, the Cybersecurity Information Sharing Act (S. 754), by a vote of 74 – 21.  The senate action comes despite broad public and private sector opposition for many reasons detailed in District Dispatch. As the NY Times reported, the move comes notwithstanding the fact that the bill would do nothing to prevent modern data breaches like those recently perpetrated by criminal rings and nation states against entities like Sony Pictures, the Office of Personnel Management or the Department of Defense’s non-classified email servers. Upon CISA’s passage, ALA released a statement by President Sari Feldman underscoring that:

“CISA won’t prevent cyberattacks like the Office of Personnel Management breach and other high-profile incidents cited by its sponsors. It will, however, weaken the privacy of millions of Americans and expose library and other computer systems to potentially damaging “defensive measures.” Sadly, with CISA, Congress has again traded civil liberty for a mirage of security.”

American flag and gavel

Photo source – abovethelaw.com

Prior to approving the final version of CISA, a “Manager’s Amendment” that made some improvements to the bill as introduced, the Senate also rejected a number of potentially constructive amendments. These included two that ALA and its many coalition partners particularly backed: one by Sen. Patrick Leahy (D-VT) to prevent FOIA from being weakened by adding a new and overbroad exemption, and another by Sen. Al Franken (D-MN) to better protect personal privacy by narrowing the statutory definition of what constitutes a “cyberthreat.” These proposals were rejected by 37 – 59 and 35 – 60, respectively.  Two other pro-privacy amendments also were defeated.

The fight to improve CISA, though now an even more uphill battle will shift to informal talks between the House and Senate, which must reconcile their different approaches to “cybersecurity” as reflected in their disparate bills. To become law, a single bill will need to be reapproved by both chambers of Congress and signed by the President (who backed S. 754). Further action is not anticipated, however, before late this year or early 2016.

Additional Resources:

About Adam Eisgrau

Adam Eisgrau is a 30-year veteran of Washington legal practice, government service, public and private sector lobbying, and strategic communications and policy consulting. Adam first handled digital copyright matters for ALA from 1995 to 1999 and rejoined the Washington Office in September 2014 as managing director of the Office of Government Relations. His issue portfolio includes copyright, privacy and surveillance, cybersecurity, encryption and data security. Adam received a BA in American Studies from Dartmouth College and his JD from Harvard Law.

5 comments

  1. Always an underhanded attempt to force the nation into positions the Republicans can’t sell otherwise! I have cast my last Republican vote – regardless of who in the sorry bunch of nominees makes it through a convention.

Share your thoughts