The US Senate Tuesday passed cybersecurity legislation aimed at facilitating sharing of attack threats, a measure backed by the US administration but opposed by many tech giants and privacy activists.
The 74-21 vote sends the measure to the House of Representatives, which earlier this year approved a similar bill.
Backers said the Cybersecurity Information Sharing Act would make it easier to share information between the government and private sector on cyber threats, but critics said it opened the door to greater surveillance.
“This landmark bill finally better secures Americans private information from foreign hackers,” said Senator Richard Burr, head of the chamber’s intelligence committee.
“American businesses and government agencies face cyber-attacks on a daily basis. We cannot sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information… This legislation gives the government and US companies new voluntary collaborative tools so that they can work together against hackers.”
To enact the measure, the two chambers will need to reconcile differences and send the bill to the White House.
‘Step backward for privacy’
The Center for Democracy & Technology’s senior counsel Greg Nojeim said the measure puts privacy at risk by giving companies free rein to share personal information with the FBI and National Security Agency (NSA).
“Passage of CISA is a huge step backwards for privacy rights in the United States,” Nojeim said.
“Now, more personal information will be shared with the NSA and with law enforcement agencies, and that information will certainly be used for purposes other than enhancing cybersecurity.”
President Barack Obama has been for years seeking a cybersecurity bill that allows companies to share information on threats without fear of liability. But some activists argued that the bill encroaches on civil liberties in its bid to improve cybersecurity.
The passage comes just months after Congress voted to rein in the powers of the NSA following revelations of vast surveillance programs in documents leaked by former intelligence contractor Edward Snowden.
Snowden, who has been granted asylum in Russia, weighed in on the latest bill this week, saying on Twitter that “gives companies legal immunity for violating privacy laws if they give your information to the government.”
“CISA isn’t a cybersecurity bill. It’s not going to stop any attacks,” Snowden said in a Reddit post.
“It’s not going to make us any safer. It’s a surveillance bill. What it allows is for the companies you interact with every day — visibly, like Facebook, or invisibly, like AT&T — to indiscriminately share private records about your interactions and activities with the government.”
The bill was also opposed by tech trade groups representing Microsoft, Twitter, Yelp and other companies, and Apple expressed its opposition in a letter to The Washington Post.
But other trade groups supported the bill including US Telecom, representing telecommunications companies, and the American Bankers Association.
