The U.S. Senate easily passed legislation on Tuesday aimed at bolstering the country’s cyber defenses, advancing the first serious attempt in Congress to combat computer hacks that have hit a growing number of businesses and government agencies in recent years.
The bill, which would expand liability protections to companies that choose to voluntarily share cyber-threat data with the government, must be reconciled with two similar information-sharing measures that passed the House of Representatives earlier this year. It cleared the Senate by a vote of 74-21 with strong bipartisan support.
The White House announced support last week for the Senate bill, although it stated a desire for some revisions before it lands on President Barack Obama’s desk.
The Cybersecurity Information Sharing Act, or CISA, is a proposal that languished in the Senate for several years partly because of privacy groups’ concerns it would shuttle more personal information into the hands of the National Security Agency and other government spies.
But business interests, including the Chamber of Commerce, have argued an information-sharing law is necessary to allow the private sector to cooperate more closely with the government on detecting and minimizing cyber threats without fear of lawsuits.
A round of amendments intended to strengthen some of the bill’s privacy protections failed on Tuesday as the bill’s bipartisan sponsors warned last-minute changes could upset the balanced language that was the culmination of years of negotiations.
Skeptics of CISA have said it would do little to prevent malicious breaches like the kind that crippled Sony Pictures last year, which the Obama administration publicly blamed on North Korea, or recent thefts of data from companies like Target, Home Depot or Anthem Insurance.
Even some of the bill’s supporters have conceded the bill is a small first step to shore up U.S. cyber defenses, which are constantly under assault by hacking groups and foreign nation-states like China and Russia, according to government officials.
Senate Democratic leader Harry Reid said on Tuesday that CISA was “far too weak.”
The bill’s passage through the Senate was a defeat for digital privacy activists who celebrated the passage in June of a law effectively ending the NSA’s bulk collection of U.S. call metadata.
The curtailment of that program, which had been exposed in 2013 by former NSA contractor Edward Snowden, represented the first significant restriction of the U.S. government’s intelligence-gathering capabilities since the Sept. 11, 2001, attacks.
(Reporting by Dustin Volz; Editing by Peter Cooney)