A controversial cybersecurity bill passed the U.S. Senate yesterday by a 74-21 vote, despite opposition from organizations and businesses that claimed the measure does not support the idea of a free and open Internet.
The Cybersecurity Information Sharing Act (CISA), if signed into law by President Barack Obama, would allow businesses and government agencies to share information related to hackers and their methods. The goal of the bill is to use shared information related to cybersecurity attacks from business to business to assist organizations and agencies alike to defend themselves from hackers or cyber criminals.
Fight for the Future (FFTF), a digital rights group, is strongly against CISA and said the bill has been discredited by experts, tech companies, and advocacy groups across a wide spectrum of industries. Evan Greer, campaign director of FFTF, said if Obama does not veto the bill, he will be showing he “never cared about the open Internet.”
(Related: Twitter joins fight against CISA)
“This vote will go down in history as the moment that lawmakers decided not only what sort of Internet our children and our children’s children will have, but what sort of world they will live in,” said Greer in a statement. “Every Senator who voted for CISA has voted for a world without freedom of expression, a world without true democracy, a world without basic human rights.”
Critics of CISA are concerned about the liability and privacy issues that companies will be exposing themselves to when handling data such as customer records and personal information. But recent amendments to the bill require businesses and government agencies to scrub records of data that can be used to identify individuals, according to Jason Kratovil, vice president of government affairs for payments at the Financial Services Roundtable, an organization that represents financial services companies.
“[Companies think] CISA is a surveillance program, and that it’s turning over personal information to the government,” he said. “They made those arguments, but I think the votes made it pretty clear that they are not based in the realities of the legislation. The legislation is clear that personal information must not be part of the sharing equation.”
Kratovil also said that CISA is voluntary, and if a company does not want to participate, there is nothing to “compel a company” to do so; only if they are willing.