In case you weren't already convinced that CISA is a surveillance bill masquerading as a cybersecurity bill, today the Senate rejected four separate amendments to the bill that attempted to better protect the privacy of Americans. Senator Wyden had an amendment to require the removal of personal information before information could be shared, which was voted down 55 to 41. Senator Heller had an amendment that was basically a backstop against the Wyden amendment, saying that if the Wyden amendment didn't pass, Homeland Security would be responsible for removing such personal information. That amendment also failed by a 49 to 47 vote. Senator Leahy had an amendment that would have removed FOIA exemptions in the bill (making it much less transparent how CISA was used). That amendment was voted down 59 to 37. Senator Franken then had an amendment that would have "tightened" the definition of cybersecurity threats, so that the shared information needed to be "reasonably likely" to cause damage, as opposed to the current "may" cause damage. And (you guess it, because you're good at this), it was also voted down by a 60 to 35 vote.
Meanwhile, Marcy Wheeler notes that the revised version of the bill by Senators Burr and Feinstein, which claimed to incorporate greater transparency requirements proposed by Senator Tester, actually takes away a lot of transparency and actually makes it more difficult for Congress to learn whether or not CISA is being used for domestic surveillance:
That Burr and DiFi watered down Tester’s measures so much makes two things clear. First, they don’t want to count some of the things that will be most important to count to see whether corporations and agencies are abusing this bill. They don’t want to count measures that will reveal if this bill does harm.
Most importantly, though, they want to keep this information from Congress. This information would almost certainly not show up to us in unclassified form, it would just be shared with some members of Congress (and on the House side, just be shared with the Intelligence Committee unless someone asks nicely for it).
But Richard Burr and Dianne Feinstein want to ensure that Congress doesn’t get that information. Which would suggest they know the information would reveal things Congress might not approve of.
Once again, these kinds of actions really only make sense if CISA is being used to justify warrantless domestic surveillance. Which once again raises the question of why Congress is willing to move forward with such a surveillance bill. We just went through a whole process showing that the public is not comfortable with secret laws and secret interpretations that lead to surveillance. Why would they immediately push for a new secret law that expands surveillance and reject any and all attempts at protecting the privacy of the American public or any sort of transparency and accountability in how the bill is used?
The bill is positioned as a cybersecurity bill, but good luck finding a single computer security expert who actually thinks the bill is either useful or necessary. I've been trying and so far I can't find any.