The 14 — 1 vote in favor of the Cybersecurity Information Sharing Act was the last hurdle for the bill on the way to a full Senate vote. In 2014, another version of the legislation made it through the Intelligence committee but later stalled, as privacy and civil liberties advocates voiced concerns over what they saw as a lack of privacy protections for users whose information would be gathered.
"If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name," wrote Sen. Ron Wyden (D-OR) — the one dissenting vote on the Committee — in a public statement. "It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens."
Those concerned about privacy are up against a rare area of bipartisan agreement however, as both sides of the aisle consider battling cyber security threats — like the one perpetrated against Sony Pictures in 2014 — to be a high priority.
"There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners," President Obama said at the White House Summit on Cybersecurity and Consumer Protection on Feb. 13 where he announced an executive order to promote information sharing.
Of particular concern among activists — who in the past have been successful in blocking other versions of information-sharing legislation — is that the bill obviates the need for a warrant as the government could go directly to a private company to acquire data.
In general, the legislation would make it much easier for the government to collect larger amounts of data which it could then pass on, for example, to the NSA for analysis. The misuse of personal data by the NSA has been of particular concern since the leaking of classified documents by former NSA contractor Edward Snowden in 2013.
— EFF (@EFF) March 12, 2015
The bill would also allow for a certain amount of protection from liability for companies who comply with the government, leading civil liberties activists to question whether those companies would have much motivation to look out for their users' privacy rights.
“[The bill] would provide a blanket authorization for companies to monitor their users’ activities for purposes other than protecting their own networks, as they are currently allowed to do,” wrote Robyn Greene, of the Open Technology Institute, in a recent blog post.
— Robyn Greene (@Robyn_Greene) March 4, 2015
When 2014's bill stalled, that was the fourth time in as many years that Congress had failed to pass cyber security legislation over objections of vociferous opponents. But the legislation — sometimes referred to a "Zombie" bill in its multiple evolving forms — keeps coming back.
Previous versions of the cybersecurity bill — like SOPA and PIPA — were more successful in marshalling opposition because the provisions were more threatening to large corporations like Google, since their anti-piracy stipulations could potentially be used to shut down websites and hurt business' bottom lines. With corporate players less concerned about users' privacy than they were about profits, there isn't as broad a coalition protesting the latest versions of the laws.
The strong — almost unanimous — support for the bill in the Senate Committee gives this bill a better chance of making it through the full Senate. It will then also have to pass the House of Representatives if President Obama is to sign it into law.
