WASHINGTON–The U.S. Senate overwhelmingly passed the Cybersecurity Information Sharing Act (CISA), which had the backing of both credit union trade groups but which also had a number of powerful opponents. The legislation passed on a 74-21 vote.
CISA would create a program at the Department of Homeland Security (DHS) through which corporations could share user data in bulk with several U.S. government agencies. In exchange for participating, the companies would receive complete immunity from Freedom of Information Act requests and regulatory action relating to the data they share. DHS would then share the information throughout the government.
NAFCU issued a statement following the vote supporting the legislation.
“NAFCU and our members thank Sens. Burr and Feinstein for their leadership and commitment to shepherding through the Senate this critical legislation,” said EVP and General Counsel Carrie Hunt. “Today’s passage is a positive step forward in safeguarding our nation’s cybersecurity. However, we urge Congress to continue its fight against cyber criminals by advancing legislation that establishes a strong, scalable, national data security standard to safeguard sensitive and personal consumer data, such as the bill proposed by Senators Tom Carper (D-DE) and Roy Blunt (R-MO), the Data Security Act of 2015 (S. 961) and the companion bill, H.R. 2205, proposed by Reps. Randy Neugebauer (R-TX) and John Carney (D-DE). We look forward to continuing to work with Congress to help advance the cybersecurity and data security legislation.”
Several amendments were considered in the bill, including one offered by Sen. Jeff Flake (R-AZ), that would sunset the bill after 10 years and was agreed to by unanimous consent.
NAFCU also signed on to a joint letter with three other financial trades to raise concerns about other proposed amendments, including those introduced by Sens. Patrick Leahy (D-VT) Al Franken (D-MN) and Ron Wyden (D-OR) regarding the definition of a cyber threat and other aspects of the bill. The trades argue that the amendments would create ambiguities and complications in the bill’s language and otherwise undermine the measure. These amendments ultimately failed.
Among those opposing the bill were a group of university professors specializing in tech law, many from the Princeton Center for Information Technology Policy; Edward Snowden, Apple, Reddit, Salesforce, and others.