Battle lines are forming in the debate over the major cybersecurity bill the Senate wants to punch through before the August recess.
While privacy-minded Democrats push to alter the legislation, Sen. Tom Cotton (R-Ark.) is seeking to strengthen some of the industry protections that have frustrated those same Democrats.
{mosads}The Cybersecurity Information Sharing Act (CISA) is meant to boost the exchange of data on hackers between the private sector and the government. Under the measure, companies would receive liability protections when sharing information.
As CISA barrels towards the floor this week, privacy advocates are scrambling to amend provisions they believe would allow the government to collect troves of personal data on American citizens, while letting companies off the hook for violating their customers’ right to privacy.
But others, like Cotton, are also moving in the opposite direction, attempting to expand liability protections for companies.
Cotton is backing an amendment that would shield firms from legal culpability when sharing data directly with the FBI and Secret Service.
Companies want a degree of immunity from shareholder lawsuits or regulatory action based on the cyber threat information they give the government.
As written, CISA only provides such protections when companies share data directly with the Department of Homeland Security (DHS). The clause is an effort to encourage all private firms to give their cyber threat information to the DHS, which is seen as having the best data privacy procedures.
But many industry groups want to go straight to agencies like the FBI and Secret Service. A coalition of retailers, food wholesalers and convenience stores wrote Senate leaders Monday night in support of Cotton’s proposed edit.
“This amendment recognizes the reality that for non-critical infrastructure sectors, the FBI and Secret Service are our longstanding partners and primary points of contact in fighting cyberattacks,” said the letter. “Anything that hinders essential real-time communication cedes the field to our nation’s adversaries and weakens our economic security.”
Further complicating the matter, the DHS on Monday came out against encouraging companies to share with multiple agencies, arguing such an approach “could sweep away important privacy protections.”
Senate leaders are trying to strike a major deal that would limit how many amendments could be offered on CISA. With dwindling floor time before the month-long break, it’s the only realistic way for the upper chamber to get to a vote on the bill.
But with senators pushing such opposing amendments, it’s unclear whether such a pact is possible.