WASHINGTON–The Senate has shot down the Paul Amendment, which had been attached to the Cybersecurity Information Sharing Act (CISA).
CISA would shield companies from legal liability when sharing cyber-threat data with the government, in an effort to boost the public-private exchange of information on hackers. The Paul Amendment, named after sponsor Sen. Rand Paul (R-KY), would have stripped this liability immunity from any company found breaking a user or privacy agreement with its customers.
Support for CISA is sharply divided between industries, such as financial services and retail, from groups concerned over privacy issues. Sen. Paul has said on his website that CISA “would transform websites into government spies.”
But the amendment was defeated 65-32. The vote followed heavy pressure from a coalition of trade groups, including NAFCU and CUNA, which had prior to the vote sent a letter to the U.S. Senate to “strongly support” CISA, as well as to express opposition to the Paul Amendment (# 2564).
“Protecting consumers' sensitive data and ensuring their privacy is of paramount importance to our member firms, and is also an underlying goal of CISA,” the letter states. “To achieve that goal, and to help defend against those that seek to harm Americans and commit cyber attacks against our critical infrastructure, the legislation provides legal liability protections for companies of all sizes and across all sectors that voluntarily engage in the cyber threat sharing process.
“However, this amendment would undermine these goals by jeopardizing a firm's liability protections for even an inadvertent violation of a terms of service or privacy agreement,” the letter continues. “Moreover, if a company does not anticipate in its terms of service or privacy agreements any circumstance or eventuality in which it may – now or in the future – engage in the sharing or monitoring of cyber threats, it risks losing liability protections and being subject to litigation. This is counter to the goal of CISA and will only discourage firms from participating in the voluntary sharing process, weakening our collective ability to defend against cyber attacks. As such, we encourage you to oppose this amendment.”
In addition to CUNA and NAFCU, the letter is signed by the American Bankers Association, American Cable Association, American Coatings Association, American Gas Association, America’s Health Insurance Plans, American Insurance Association, American Petroleum Institute, American Water Works Association, CompTIA, Consumer Bankers Association, Consumer Data Industry Association, CTIA – The Wireless Association, Electronic Transactions Association, Federation of American Hospitals, Financial Services Roundtable, The GridWise Alliance, HITRUST – Health Information Trust Alliance, Independent Community Bankers of America, NACHA – The Electronic Payments Association, National Association of Manufacturers, National Association of Mutual Insurance Companies, National Business Coalition on E-Commerce & Privacy, National Cable & Telecommunications Association NTCA, The Rural Broadband Association, Property Casualty Insurers Association of America, The Real Estate Roundtable, Securities Industry and Financial Markets Association, The Clearing House, USTelecom Association, U.S. Chamber of Commerce, and Utilities Telecom Council.