WASHINGTON, Aug. 4 (UPI) -- As the Senate moves to take on a controversial cybersecurity bill just days before its August recess, the U.S. Department of Homeland Security warned the proposed legislation could slow responses to cyberattacks and stomp on civil liberties.
Monday, Senate Majority Leader Mitch McConnell, R-Ky., took steps to set up the first procedural vote on the Cybersecurity Information Sharing Act. At the same time, the DHS warned the bill, which authorizes the private sector to share cyberthreat information with any federal agency, would "increase the complexity and difficulty of a new information sharing program" and "sweep away important privacy protections."
In a letter to Sen. Al Franken, D-Minn., DHS Deputy Secretary Alejandro Mayorkas said information sharing across agencies would mean the "inefficiency of any information sharing program will markedly increase; developing a single, comprehensive picture of the range of cyber threats faced daily will become more difficult."
The CISA passed the Senate Intelligence Committee nearly unanimously in March, but some lawmakers, security experts and privacy advocates have since raised questions and concerns, including Franken, an outspoken privacy advocate. Franken said the CISA is not yet ready for a vote.
"The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," he said in a written statement.
The bill creates incentives for companies to share with the federal government information about their cyberthreats. Supporters of the bill believe sharing information will bolster defenses against computer attacks. The White House and many lawmakers on both sides of the aisle support the bill.
But privacy advocates and some tech firms believe it will make it easier for the National Security Agency to obtain personal and corporate information that has little to do with cybersecurity. To win more backing Monday, Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., rolled out a package of changes that would put limits on the bill, including preventing the government from using the information shared from companies to prosecute "serious violent felonies," among other things.
"It takes out any subsidiary use of the data—it means you can't use it for violent crime or anything else. You can only use it strictly for cybersecurity purposes," Feinstein said, adding the changes "settles some problems that we've known were there." Burr emphasized that information sharing is voluntary, an important sticking point for many companies wary of participating.
With remaining unanswered questions, Democrats and some Republicans want to debate parts of the bill, but time is not on their side. Once the summer recess begins later this week, the Senate will not convene again until September. By then, several pressing issues will be on the agenda, including the Iran nuclear deal and legislation to extend government funding beyond Sept. 30. That means the cybersecurity bill can be pushed even further down the road, perhaps into 2016.