If you've been following our Happening Now page, you've probably seen a few stories this month about something called CISA, or the Cybersecurity Information Sharing Act. The Senate put it together in response to the string of high-profile hacks and data breaches of the last few years, including the Office of Personnel Management hack that exposed information of 22 million government employees.
The goal of CISA is to reduce future threats by increasing the level of sharing between private companies and the government. So, a company that got hacked could warn other companies and the government about the method the hacker was using. That way, everyone could shore up their defenses. It makes sense, but there are some concerns.
The biggest concern is that when companies share information with the government, they can include whatever user information they want. In a letter to the Senate, the Computer and Communications Industry Association said that while they agreed with the overall idea, there were too few privacy safeguards for consumers. The association is made of up companies like Google, Facebook, Amazon, Microsoft, eBay and others.
Several senators are also worried and tried to include an amendment that would limit how much user information the government could request or receive. Unfortunately, that amendment didn't get added.
Instead, the Senate passed the bill yesterday, as-is, by a 74-21 vote. From here it goes to the House where it needs to mesh up with two similar bills the House already passed.
If it gets past there, the White House that says it supports the general idea, but that the bill will need some unspecified tweaks before the president will sign it. Hopefully, those tweaks include better privacy protections.
Want a refresher on how a bill becomes a law? Here's a fun video you probably remember that explains it.