The Senate overwhelming approved the so-called Cybersecurity Information Sharing Act (CISA) on Tuesday. The measure would allow companies to share consumers’ data with the US government in the event of security breaches or cyber attacks—all in the name of cybersecurity.
Edward Snowden, the NSA whistleblower, had declared the measure—which now goes to a conference committee between the House and Senate—a “surveillance bill.” In essence, the measure provides corporate America with legal immunity when sharing data about hacks and digital breaches with the Department of Homeland Security. The DHS can then funnel that information to other agencies, including the NSA and FBI.
Senate advocates said there’s nothing in the bill that requires data sharing and that personally identifying information is required to be removed by corporate America if it knows “at the time of sharing” it contains identifying information on their consumers. They say the legislation would help the government and private enterprise coordinate responses to cyber attacks. But some members of Congress don’t see it that way.