The Senate comfortably passed a controversial cyber security bill on Tuesday, bringing legislation about sharing information on hacking threats to the verge of approval after six years of intense debate in Congress.
Motivated in part by the spate of high-profile cyber attacks in recent months which have hit private companies and the US government, the Senate voted 74 to 21 in favour of the bill which sets up a legal framework for companies and the government to swap data about intrusions on their systems.
The bill, which has been one of the Obama administration’s priorities, must now be reconciled with a separate piece of legislation that was passed by the House of Representatives earlier this year. The White House has indicated that it will work to change some of the language in the Senate bill during the reconciliation process.
The strong support in the Senate nearly brings to an end a longstanding debate about how to protect companies against cyber-hacking. The debate has pitted mainstream business groups such as the US Chamber of Commerce and the Financial Services Roundtable that support the legislation, against technology companies such as Apple and Facebook and privacy activists who fear that it could allow companies to hand over sensitive customer information to the government.
Among the critics of the bill, known by the acronym of Cisa, is Edward Snowden, the former National Security Agency contractor whose leaks about government surveillance had a major impact on the debate about the legislation.
Supporters of the bill say that sharing information about cyber threats will give companies much greater awareness of the risks they face and a greater ability to take steps to secure their systems from hackers.
Until now, many companies have been reluctant to share details about cyber attacks, for fear they might open themselves up to litigation for potential breaches of privacy rules without the liability protections in the legislation. Bill sponsors say the information that will be exchanged will largely be technical data about malware used by hackers.
Under the legislation, the Department of Homeland Security will act as a hub for sharing information about cyber threats within the government and with the private sector.
An amendment proposed by Republican senator Tom Cotton that would have extended liability protection to companies sharing data with law enforcement authorities was defeated by a large margin. The Senate also defeated an amendment which would have removed restrictions the bill places on Freedom of Information Requests about data that companies share with the government.
(Published by Financial Times - October 28, 2015)