CISA is the Senate version of the House's equally-unpopular CISPA bill that passed earlier this year in a 288-127 vote but which the Senate has refused to take up. CISA was reintroduced by the Senate Select Committee on Intelligence after Sony's massive data breach debacle earlier this year.
While it is worded so that companies would have the authority to share information regarding cyber-attacks with one another and the government, privacy advocates and a number of technology industry heavyweights contend that the initiative would allow the government to more easily spy on Americans.
The Wyden Amendment, put forth by Sen. Ron Wyden (D-OR) would require companies to remove any personally identifiable information (PII) so long as it doesn't relate to the investigation at hand and its removal does not hinder law enforcement efforts. The Wyden Amendment failed 41 - 55.
The Heller Amendment, which was only voted upon because the Wyden Amendment failed, similarly strengthened PII protections, but only applies to federal entities. That means corporations which have been hacked would theoretically be allowed to share your PII (name, address, SSN) with other companies at will, with no recourse for the person whose information has been shared. It failed 47 - 49.
The Coons Amendment, named after Sen. Chris Coons (D-DE), would incorporate additional safeguards that users' personal data would be expunged from any shared information. The original bill states that the DHS has to share data with other federal investigative agencies; this amendment would have changed the wording to "as quickly as operationally possible" thereby actually giving the DHS the time needed to protect consumer privacies. It failed with a final vote of 41 - 54.
The Franken Amendment, introduced by Sen. Al Franken (D - MN), sought to narrow the definition of "cybersecurity threats" and "cyber threat indicators." It failed overwhelmingly, 35 - 60.
Finally, the Leahy Amendment from Sen. Pat Leahy (D-VT) would have eliminated the bill's blanket FOIA exemption. It failed 37 to 59. As it stands now, not only will companies and the federal government be able to swap the PIIs of any American caught up in a major cyber attack, neither those affected nor the media will be able to inquire as to what actually happened -- thereby eliminating any sort of governmental transparency in these matters.
[Image Credit: AFP/Getty Images]