The Senate overwhelmingly passed the Cybersecurity Information Sharing Act (CISA) Tuesday, drawing immediate criticism from privacy advocates who urged President Obama to issue a veto.
The cybersecurity bill, which passed the Senate in a 74 to 21 vote, is designed to help U.S. companies work more closely with law enforcement to fight off hackers. The measure essentially grants legal immunity to companies that share data about hacks with the Department of Homeland Security, who can then send the information to other intelligence agencies, according to Ars Technica.
Opponents, however, have called CISA a surveillance bill that includes "immunity clauses, vague definitions, and aggressive spying authorities," and they claim that it would create a streamlined information pipeline for the NSA, according to the Electronic Frontier Foundation.
The bill now heads to conference committee and still has to be merged with two similar bills that have already passed the House. It will then be sent to President Obama's desk to be signed into law, according to CNN.
"Every senator supporting #CISA today voted against a world with freedom, democracy, and basic human rights," digital rights organization Fight for the Future tweeted. "If President Obama does not veto this bill, he'll be showing that his administration never truly cared about the open Internet." The group added: "This vote will go down as the moment Congress codified the U.S. government's unconstitutional spying. A sad day for the Internet."
Some of the biggest tech companies in the U.S. have also come out against the measure, including Google, Facebook, Amazon, Microsoft and Yahoo, arguing that CISA does not protect users' privacy and would cause "collateral harm" to "innocent third parties," as HNGN previously reported.
The EFF said that it will continue to urge lawmakers to add privacy provisions, though it expressed little confidence that it would have success in doing so, according to Common Dreams.
In an attempt to debunk various myths about perceived surveillance aspects of CISA, Senate advocates released a fact sheet claiming that there is nothing in the bill that requires data sharing, nor is there language in CISA allowing the government to monitor personal records. "CISA requires private companies and the government to review all information prior to sharing in order to remove any irrelevant personally-identifiable information that may be contained in cyber threat indicators or defensive measures," wrote Senate Select Committee on Intelligence Chairman Richard Burr, R-N.C., and Vice Chairman Dianne Feinstein, D-Calif.
On the other side, Sen. Ron Wyden, D-Ore., voted against the measure, promising, "The fight to secure Americans' private, personal data has just begun."
"Today's vote is simply an early, flawed step in what is sure to be a long debate over how the US can best defend itself against cyber threats," Wyden said. "As even the sponsors have acknowledged, this bill will do little to protect Americans from sophisticated hacks. At the same time, it will allow large volumes of Americans' personal data to be unnecessarily shared with government agencies from the NSA to the FBI."