Sen. Dianne Feinstein (D-Calif.) took the floor Wednesday to directly address those opposing her cyber bill.
“I do this because there are kinds of rumors beginning to circulate,” she said, “that are not correct.”
The Cybersecurity Information Sharing Act (CISA), which would encourage businesses to share data on hacking threats with the government, has drawn the ire of privacy advocates and a growing number of tech companies.
While CISA backers argue the measure is the necessary first step to help the nation better understand and repel cyberattacks, privacy advocates have long claimed the bill would merely shuttle more personal data on Americans to government surveillance agencies.
Feinstein and Sen. Richard Burr (R-N.C.), CISA’s other co-sponsor, on Tuesday introduced an expanded manager’s amendment that includes nearly two dozen edits to the bill.
During a nearly 30-minute speech, Feinstein delineated each of the alterations in her manager’s package, which is expected to pass.
Various provisions within the package restrict the data that companies can share with the government, eliminate controversial government uses of that data and set up a more robust government scrub of any personal information it accidentally receives, Feinstein said.
“It makes important changes to the bill,” Feinstein said, “to address privacy concerns about the legislation.”
Feinstein, who is the Senate Intelligence Committee’s top Democrat, highlighted one clause that forbids the government from using any cyber-threat data to investigate unrelated “serious violent felonies.”
She called the alteration a “very significant privacy change.”
“The provision had been used by privacy groups to claim that this is a surveillance bill,” Feinstein said. “It is not.”
“So please let’s not speak of it as something it isn’t,” she added.
Feinstein also pointed to an amendment from Sen. Tom Carper (D-Del.), which she said would create “a fast, real-time filter” at the Department of Homeland Security “that can do an additional scrub” for personal specifics such as Social Security numbers before cyber-threat data is shared government-wide.
“This should be very meaningful to the privacy community; I really hope it is,” she said. “I want to believe that their actions aren’t just to kill that bill.”
The California Democrat also called out a number of prominent tech companies headquartered in her own state, such as Apple and Twitter, that have made late pushes to oppose the bill.
Feinstein said it was “hard for me to understand” why these companies aren’t supporting the bill.
CISA is voluntary, she insisted. And the manager’s amendment would reinforce the bill’s optional nature.
“If you don’t like the bill, you don’t have to do it,” she said emphatically.
Feinstein’s pleadings seem unlikely to win over privacy advocates, who have already indicated that the possible CISA amendments wouldn’t fully quell their concerns.
Tech companies may be a more receptive audience. The Computer & Communications Industry Association (CCIA), which made waves recently when it came out against the unedited version of CISA, has said it sees potential benefits in the bill.
“People like to have clarity when they’re doing this kind of sharing,” said Bijan Madhani, regulatory counsel at the CCIA, which represents companies such as Amazon, Facebook, Google and Yahoo. “Right now information gets shared, but it’s sort of less structured.”