S. 754: Cybersecurity Information Sharing Act of 2015

This was a vote to pass S. 754 in the Senate.

After years of delay and false starts, Congress may finally be on the verge of passing a bill to address Internet data breaches and cybersecurity. The Senate is once again debating the Cybersecurity Information Sharing Act (S. 754), or CISA, and it appears to have the votes to pass this time around.

The short story

The bill doesn’t contain any provisions that would directly improve computer or network security. Instead it would encourage private entities to share information with the federal government about possible threats to industrial control systems and other computer networks and information technology systems. CISA could help prevent and prosecute “cyber” crimes, but critics are wary of the immunities granted to private entities.

What the bill says

Here’s how it would work. Private entities would be given authority to monitor networks for cybersecurity purposes, and then if they find any “cyber threat indicators” they are encouraged to share that information with the government. Any monitoring or information sharing would be legally immune from privacy laws and contracts (such as user agreements), and any shared information would be exempt from use by the government in pursuing regulatory enforcement actions.

The bill attempts to address privacy concerns by requiring companies that share information with the government to strip out anything that they know at the time of the sharing to be personally identifiable information. There is also an amendment pending from Sen. Ron Wyden (D-OR) that would strengthen this privacy language be making it clear that entities are required to remove as much personal information as is feasible before sharing information.

Cyber threat information would be shared with the government through a portal that is to be set up by the Department of Homeland Security, and all of the information they receive would be automatically shared with other federal departments and the Office of the Director of National Intelligence. The information could be used to investigate and prosecute “cyber” crimes and other offenses, including “an imminent threat of death, serious bodily harm, or serious economic harm,” identity theft, espionage, and theft of trade secrets.

Opponents of CISA — from civil liberties and Internet freedom organizations to top technology companies like Apple, Twitter, and Reddit — say that it could be a step backwards for both privacy and Internet security. Consumers would not have recourse if their personal information is improperly shared with the government, and the legal immunity provisions would discourage companies from working harder on improving their own security measures, they argue.

How we got here

CISA has been around in Congress in some form or another since at least 2011. In the Senate it was originally attached to a larger effort, the Lieberman-Collins Cybersecurity Act, that would have also established cybersecurity standards for companies that own and operate crucial infrastructure, like electric utilities and chemical plants. But the U.S. Chamber of Commerce opposed the standards and Republicans in the Senate voted the bill down, leaving just the immunity-for-information provision for Congress to consider.

The House of Representatives passed their version of the bill, the Protecting Cyber Networks Act, in April by a vote of 307–116. If CISA passes in the Senate, it is expected that a conference committee would be convened to reconcile the measures into a final version that would have to be passed by both chambers once again before being presented to the President for his signature or veto.

Congress
114th Congress
Date
Oct 27, 2015
Chamber
Senate
Number
#291
Question:
On Passage of the Bill in the Senate
Result:
Bill Passed

Key: R Yea D Yea R Nay D Nay
Seat position based on our ideology score.
Totals     Republican     Democrat     Independent
  Yea 74
 
 
 
74%
43 30 1
  Nay 21
 
 
 
21%
6 14 1
Not Voting 5
 
 
 
5%
5 0 0
Required: Simple Majority source: senate.gov

Vote Details

Notes: “Aye” or “Yea”?
Download as CSV | XML | JSON

Statistically Notable Votes

Statistically notable votes are the votes that are most surprising, or least predictable, given how other members of each voter’s party voted and other factors.

All Votes