After years of political wrangling, the US Senate on Tuesday passed a cybersecurity bill that has drawn praise from business groups and criticism from privacy advocates.
In a 74-to-21 vote, the Cybersecurity Information Sharing Act moved closer to becoming law, a measure proponents say will spur private business and government agencies to share information in a quest to ebb the assault of hackers — an increasingly common occurrence for both business and government alike.
Critics counter that the bill would allow the government to violate privacy boundaries, and that it would not in practice prevent security breaches from hackers at all.
The thinking behind the bill is that sharing information would better prepare the country against hackers, although the bill does not clearly define how information collected would be disseminated or who would ultimately be in control.
The US Chamber of Commerce, the country’s largest business group, lobbied hard for the bill, stating on its website that to overcome obstacles arising from cybersecurity threats, private-public partnerships must form and share information.
“In an interconnected world, economic security and national security are linked,” said Thomas J. Donohue, the chamber's CEO. “To maintain a strong and resilient economy, we must protect against the cyber attacks.
A bevy of big companies and trade associations also supported the bill.
“The legislation passed by the Senate today bolsters our cyber defenses by providing the liability protections needed to encourage the voluntary sharing of cyber threat information,” in a statement released by the Telecommunications Industry Association and quoted in The Guardian.
Technology companies, such as Twitter, Apple and Google, opposed the bill on the grounds it would increase government spying, while the protections currently tendered in the bill do not go far enough to actually work.
The Guardian reported a group of university law professors recently sent an open letter to the Senate, saying the bill would override gains made through the already-installed Freedom of Information Act.
“The Freedom of Information Act would be neutralized,” the professors wrote. “While a cornucopia of federal agencies could have access to the public’s heretofore private-held information with little fear that such sharing would ever be known to those whose information was shared.”
Edward Snowden lent his opinion to the bill’s passage, stating on Twitter that if passed into law it would limit Internet freedoms and give “companies legal immunity for violating privacy laws if they also give your data to the government, ” a reference to a stipulation that would help companies sharing information with the Central Intelligence Agency or Federal Bureau of Investigation protection to avoid legal repercussions.
With a similar bill already having passed in the House in April, both chambers would have to merge their legislation and vote again before President Obama could sign it into law.
Whether Obama will veto such a bill depends on if its final passage meets his own standards on security and privacy, said Nathan White, a senior manager with the digital rights group, Access, to the National Review.
"The administration's policy up to this point has been very clear," he said. "It has supported CISA’s process but expressed concerns that it is currently dangerous to cybersecurity."