[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Senate]
[Page S6247]
CYBER SECURITY
Mr. McCONNELL. Mr. President, I recently shared an AP news story with
my colleagues, and I think it is worth sharing again.
Here is the headline: ``Federal Agencies Are Wide Open to Hackers,
Cyberspies.''
I will read just a little bit of what it says.
The federal government, which holds secrets and sensitive
information ranging from nuclear blueprints to the tax
returns of hundreds of millions of Americans, has for years
failed to take basic steps to protect data from hackers and
thieves, records show. In the latest example, the Office of
Personnel Management is under fire for allowing its databases
to be plundered by suspected Chinese cyberspies in what is
being called one of the worst breaches in U.S. history. OPM
repeatedly neglected to implement basic cybersecurity
protections, its internal watchdog told Congress.
That story should worry every one of us, Democrats and Republicans
alike. The AP referred to the massive cyber attack that recently struck
the Obama administration as ``one of the worst breaches in U.S.
history.'' But while this massive breach may have been ``one of the
worst,'' it certainly--unless the administration can be rescued from
the cyber security Dark Ages--will not be the last.
So the Senate will be considering bipartisan cyber security
legislation this week that would help the public and private sectors
defeat cyber attacks. The modern tools it contains, through the sharing
of threat information, would provide for the construction of stronger
defenses. The top Democrat on the Intelligence Committee says this
bipartisan bill would also protect ``individual privacy and civil
liberties.'' She is right. It contains strong measures to limit the
use, retention, and diffusion of consumers' personal information.
Information sharing with the government would also be voluntary under
this bipartisan legislation.
No wonder my colleague from California joined virtually every other
Democrat and every other Republican to endorse this bipartisan bill
overwhelmingly in committee 14 to 1. No wonder this bipartisan bill is
backed by a diverse coalition of supporters, too--everyone from the
U.S. Chamber of Commerce to farm supply stores, to your local community
bank.
This is a strong bipartisan, transparent bill that has been
meticulously vetted by both parties in committee and that has been
available online for literally months for anyone to read. My friend the
Democratic leader has also publicly declared that the Senate could
finish this bill in ``a couple of days.''
``In a couple of days,'' he said, ``at the most.''
So with cooperation, we can pass the bipartisan bill this week. There
will also be an opportunity for Members of both parties to offer
amendments. I urge colleagues who wish to do so to begin working with
the bill managers right now.
This legislation is the work of many Members. I mentioned Ranking
Member Feinstein earlier, who has been a key player on this issue. I
also wish to thank Chairman Burr for his strong leadership and his hard
work across the aisle in developing this bipartisan bill. I urge the
Senate to allow us to act and pass it this week.
The House of Representatives has already passed two similar White
House-backed cyber security bills. The sooner we pass ours, the sooner
we conference with the House to finally get a good cyber security law
on the books, and the sooner our country can be better protected from
more of these types of attacks.
____________________
[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Senate]
[Pages S6256-S6263]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
CYBERSECURITY INFORMATION SHARING ACT OF 2015--MOTION TO PROCEED
The PRESIDING OFFICER. Under the previous order, the Senate will
resume consideration of the motion to proceed to S. 754, which the
clerk will report.
The legislative clerk read as follows:
Motion to proceed to Calendar No. 28, S. 754, a bill to
improve cybersecurity in the United States through enhanced
sharing of information about cybersecurity threats, and for
other purposes.
[...]
The PRESIDING OFFICER (Mr. Lee). The Senator from California.
Mrs. FEINSTEIN. Mr. President, I would like to speak in support of
the Cybersecurity Information Sharing Act. I had hoped Senator Burr,
the chairman of the committee, would be able to deliver the remarks
initially. However, he has been unfortunately delayed, and so I will go
ahead with my remarks as vice chairman of the committee.
There is no legislative or administrative step we can take that will
end all cyber crime and cyber warfare, but as members of the Senate
Intelligence Committee, we have heard over the course of several years
now that improving the exchange of information and the sharing of that
information, company to company and company to the government, can be
very helpful and yield a real and significant improvement to cyber
security.
Regrettably, this is the third attempt to pass a cyber security
information sharing bill. In the almost 5 years that I have been
working on this issue, two things have become abundantly clear about
passing the bill. First, it must be bipartisan. In 2012, I cosponsored
the Lieberman-Collins Cybersecurity Act, which included a title on
[[Page S6258]]
information sharing based on a bill I had introduced. It was an
important piece of legislation, but it received almost no Republican
support and could not gain the 60 votes needed to invoke cloture. It
became clear to me then that no cyber security legislation could pass
without broad bipartisan support.
The second lesson that has been learned is, it must be narrowly
focused. The Lieberman-Collins bill sought to address many critical
challenges to our Nation's cyber security. Then-Majority Leader Harry
Reid, brought the chairmen of all committees of jurisdiction on our
side together and asked them to draft legislation on cyber security in
their areas. It soon became clear that addressing so many complex
issues makes a bill very difficult to pass. That bill died on the
Senate floor in late 2012.
Based on these lessons, we have tried to take a bipartisan and
focused approach so Congress can pass a cyber security information
sharing bill. In the last Congress, in 2013 and 2014, then-vice
chairman of the Intelligence Committee Saxby Chambliss and I sought to
draft legislation on information sharing that would attract bipartisan
support. We worked through a number of difficult issues together, and
we were able to produce a bill that I believed would pass the Senate.
The Intelligence Committee approved the bill in 2014 by a strong
bipartisan vote of 12 to 3, but it never reached the Senate floor due
to privacy concerns about the legislation.
This year, Chairman Burr and I have drafted legislation that both
sides can and should support. This bill is bipartisan, it is narrowly
focused, and it puts in place a number of privacy protections, many of
which I will outline shortly. The bill's bipartisan vote of 14 to 1 in
the Senate Intelligence Committee in March underscores this fact.
I would like to thank Senator Burr for his leadership and his
willingness to negotiate a bipartisan bill that can and should receive
a strong vote. As he often says, neither one of us would have written
this bill this way if we were doing it ourselves. This Senator believes
it is also true that by negotiating this draft, we will get
substantially more votes than either of us can get on our own. I very
much hope that is true.
I note that this bill has strong support from the private sector
because it creates incentives for improving cyber security and protects
companies that take responsible steps to do so. Companies are shielded
from lawsuits if they properly use the authorities provided for in this
bill. They can be confident that sharing information with other
companies or with the government will not subject them to inappropriate
regulatory action.
For these reasons, this bill has the support of over 40 business
groups, and it is the first bill that has the support of the U.S.
Chamber of Commerce. It also has the support of the most important
cyber security and critical infrastructure companies in the Nation.
Mr. President, I would like to ask unanimous consent to have those
letters printed into the Record.
There being no objection, the material was ordered to be printed in
the Record, as follows:
August 3, 2015.
Hon. Mitch McConnell,
U.S. Senate,
Washington, DC.
Hon. Harry Reid,
U.S. Senate,
Washington, DC.
Dear Majority Leader McConnell and Minority Leader Reid: On
behalf of our diverse members, we write today in strong
support of the Cybersecurity Information Sharing Act (S.
754), a bipartisan bill approved earlier this year on a near-
unanimous basis by the Select Committee on Intelligence. We
strongly urge you to bring up S. 754 as expeditiously as
possible, defeat any amendments that would undermine this
important legislation, and support the underlying bill.
The threat of cyber-attacks is a real and omnipresent
danger to our sector, our members' customers and clients, and
to critical infrastructure providers upon which we--and the
nation as a whole--rely. S. 754 would enhance our ability to
defend the financial services sector and the sensitive data
of hundreds of millions of Americans. It is critical that
Congress get cybersecurity information sharing legislation to
the President's desk before the next crisis, not after.
Our members and the broader financial services industry are
dedicated to improving our capacity to protect customers and
their sensitive information but as it stands today, our laws
do not do enough to foster information sharing and establish
clear lines of communication with the various government
agencies responsible for cybersecurity. If adopted and signed
into law, this legislation will strengthen the nation's
ability to defend against cyber-attacks and better protect
all Americans by encouraging the business community and the
government to quickly and effectively share critical
information about these threats while ensuring privacy. More
effective information sharing provides some of the strongest
protections of privacy, as it is sensitive information from
our member firms' customers that we are asking Congress to
protect from those who attempt to steal or destroy that
information.
Each of our organizations and our respective member firms
has made cybersecurity a top priority and we are committed to
continuing to work with you and your colleagues in the Senate
so that effective cyber threat information sharing
legislation can be enacted into law.
Sincerely,
American Bankers Association; American Insurance
Association; The Clearing House; Financial Services
Institute; Financial Services Roundtable; Investment
Company Institute; NACHA--The Electronic Payments
Association; The National Association of Mutual
Insurance Companies; Property Casualty Insurers
Association of America; Securities Industry and
Financial Markets Association.
____
August 3, 2015.
Hon. Mitch McConnell,
Majority Leader, U.S. Senate,
Washington, DC.
Hon. Harry Reid,
Minority Leader, U.S. Senate,
Washington, DC.
Dear Majority Leader McConnell and Minority Leader Reid:
The undersigned organizations reiterate their support for
cybersecurity information sharing and liability protection
legislation and urge the Senate to promptly take up and pass
S. 754, the Cybersecurity Information Sharing Act (CISA) of
2015. Enactment of such legislation is urgently needed to
further enhance and encourage communication among the federal
government, the North American electric power sector, and
other critical infrastructure sectors, thus improving our
ability to defend against cyber attacks.
While the electric sector already engages in significant
information sharing activities and has in place mandatory and
enforceable reliability and cybersecurity standards, there
remains an urgent need for the government and industry to
better share actionable security information in a timely and
confidential manner, including protections against public
disclosure of sensitive security information. CISA provides a
framework to help foster even more meaningful information
sharing while maintaining a critical balance between
liability and privacy protections.
The electric power sector takes very seriously its
responsibility to maintain the reliability, safety, and
security of the electric grid. Beyond mandatory standards,
the industry maintains an all-hazards ``defense in depth''
mitigation strategy that combines preparation, prevention,
resiliency, and response and recovery efforts. We also work
closely with the federal government and other critical
infrastructure sectors on which the electric sector depends
through the Electricity Subsector Coordinating Council, and
share electric sector threat information through the
Electricity Sector Information Sharing and Analysis Center.
Passage of CISA will enhance these activities.
American Public Power Association (APPA); Canadian
Electric Association (CEA); Edison Electric Institute
(EEI); Electric Power Supply Association (EPSA);
GridWise Alliance; Large Public Power Council (LPPC);
National Rural Electric Cooperative Association
(NRECA); National Association of Regulatory Utility
Commissioners (NARUC); Transmission Access Policy Study
Group (TAPS).
____
American Bankers Association,
Washington, DC, August 3, 2015.
Hon. Mitch McConnell,
Majority Leader, U.S. Senate,
Washington, DC.
Hon. Richard Burr,
U.S. Senate, Washington, DC.
Hon. Harry Reid,
Minority Leader, U.S. Senate,
Washington, DC.
Hon. Dianne Feinstein,
U.S. Senate, Washington, DC.
Dear Senators: I am writing on behalf of the members of the
American Bankers Association (ABA) to urge you to support the
Cybersecurity Information Sharing Act (CISA, S. 754) when it
is brought to the Senate floor, and to defeat any amendments
that would undermine this critically needed legislation.
CISA is bipartisan legislation introduced by Chairman
Richard Burr and Vice Chairman Dianne Feinstein, and reported
by a strong bipartisan 14-1 vote in the Senate Intelligence
Committee. It will enhance ongoing efforts by the private
sector and the Federal government to better protect our
critical infrastructure and protect Americans from all walks
of life from cyber criminals. Importantly, CISA facilitates
increased cyber intelligence information sharing between the
private and public sectors, and strikes the appropriate
balance between protecting consumer privacy and allowing
information sharing on serious threats to our nation's
critical infrastructure.
[[Page S6259]]
Cybersecurity is a top priority for the financial services
industry. Banks invest hundreds of millions of dollars every
year to put in place multiple layers of security to protect
sensitive data. Protecting customers has always been and will
remain our top priority and CISA will help us work more
effectively with the Federal government and other sectors of
the economy to better protect them from cyber attacks.
We urge you to support this important legislation and pass
it as soon as possible to better protect America's
cybersecurity infrastructure against current and future
threats.
Sincerely,
James C. Ballentine.
____
Information Technology
Industry Council,
Washington, DC, July 23, 2015.
Hon. Mitch McConnell,
Majority Leader, U.S. Senate,
Washington, DC.
Hon. Harry Reid,
Democratic Leader, U.S. Senate,
Washington, DC.
Dear Majority Leader McConnell and Democratic Leader Reid:
On behalf of the members of the Information Technology
Industry Council (ITI), I write to express our support for S.
754, the Cybersecurity Information Sharing Act of 2015
(CISA), and urge you to bring it to the Senate floor for
debate and vote. Given the importance of cybersecurity threat
information sharing to the high-tech industry, we will
consider scoring votes in support of CISA in our 114th
Congressional Voting Guide.
ITI members contribute to making the U.S. information and
communication technology (ICT) industry the strongest in the
world in innovative cybersecurity practices and solutions. We
firmly believe that passing legislation to help increase
voluntary cybersecurity threat information sharing between
the private sector and the federal government, and within the
private sector, is an important step Congress can take to
enable all stakeholders to address threats, stem losses, and
shield their systems, partners and customers. It is important
that the Senate act now to pass CISA and continue to move the
legislative process forward, so that Congress can reconcile
CISA with the House cybersecurity legislation, H.R. 1560, the
Protecting Cyber Networks Act, and H.R. 1731, the National
Cybersecurity Protection Advancement Act of 2015, and send a
bill to the president.
ITI believes that legislation to promote greater
cybersecurity threat information sharing should:
Affirm that cybersecurity threat information sharing be
voluntary;
Promote multidirectional cybersecurity threat information
sharing, allowing private-to-private, private-to-government
and government-to-private sharing relationships;
Include targeted liability protections;
Utilize a civilian agency interface for private-to-
government information sharing to which new liability
protections attach;
Promote technology-neutral mechanisms that enable
cybersecurity threat information to be shared in as close to
real-time as possible;
Require all entities to take reasonable steps to remove
personally identifiable information from information shared
through data minimization; and
Ensure private sector use of information received through
private-to-private sharing is only for cybersecurity
purposes, and government use of information received from the
private sector is limited to cybersecurity purposes and used
by law enforcement only:
For the investigation and prosecution of cyber crimes;
For the protection of individuals from the danger of death
or serious bodily harm and the investigation and prosecution
of crimes involving such danger; and
For the protection of minors from child pornography.
We appreciate the progress made by the Senate Intelligence
Committee to include provisions that would protect personally
identifiable information while also allowing for a
cybersecurity threat information sharing framework that will
enhance our ability to protect and defend our networks.
We look forward to working closely with you, your committee
leadership, and the House of Representatives to further
address outstanding issues in conference to ensure it adheres
to our above cybersecurity threat information sharing
principles. ITI remains committed to refining the legislation
and supporting a final product that can best achieve our goal
of promoting greater cybersecurity.
Sincerely,
Dean C. Garfield,
President & CEO.
____
BSA/The Software Alliance,
Washington, DC, July 21, 2015.
Hon. Mitch McConnell,
Senate Majority Leader,
Washington, DC.
Hon. Harry Reid,
Senate Minority Leader,
Washington, DC.
Dear Majority Leader McConnell and Minority Leader Reid: On
behalf of BSA/The Software Alliance, I write in support of
bringing the Cybersecurity Information Sharing Act of 2015
(S. 754) to the Senate floor for a robust debate. Enactment
of bipartisan legislation that enhances voluntary cyber
threat information sharing while ensuring privacy protection
will be an important step in bolstering our nation's
cybersecurity capabilities.
Our members are on the front lines defending against cyber
attacks. Every day, bad actors are attacking networks to
extract valuable private and commercial information. We
believe it is now more important than ever to enact
legislation to break down the legal barriers that currently
discourage cyber threat information sharing between and among
the public and private sectors. Increased awareness will
enhance the ability of businesses, consumers, and critical
infrastructure to better defend themselves against attacks
and intrusions. We are confident that all of these goals can
be accomplished without comprising the privacy of an
individual's information.
I appreciate your leadership on moving this important
legislation forward to a successful outcome in the Senate. We
support this bipartisan effort and look forward to working
with you in the process to ultimately move a cyber threat
information sharing bill to the President's desk for
signature.
Sincerely,
Victoria A. Espinel,
President and CEO.
____
Protecting America's
Cyber Networks Coalition,
July 21, 2015.
To the Members of the United States Senate: The Protecting
America's Cyber Networks Coalition (the coalition) urges the
Senate to take up and pass S. 754, the Cybersecurity
Information Sharing Act (CISA) of 2015. Passing cybersecurity
information-sharing legislation is a top policy priority of
the coalition, which is a partnership of leading business
associations representing nearly every sector of the U.S.
economy.
In March, the Select Committee on Intelligence passed CISA
by a strong bipartisan vote (14-1). The Senate can build on
the momentum generated in the House to move CISA forward. In
April, the House passed two cybersecurity information-sharing
bills--H.R. 1560, the Protecting Cyber Networks Act (PCNA),
and H.R. 1731, the National Cybersecurity Protection
Advancement Act (NCPAA) of 2015--with robust majorities from
both parties and broad industry support.
Our organizations believe that Congress needs to send a
bill to the president that gives businesses legal certainty
that they have safe harbor against frivolous lawsuits when
voluntarily sharing and receiving threat indicators and
defensive measures in real time and taking actions to
mitigate cyberattacks.
The legislation also needs to offer protections related to
public disclosure, regulatory, and antitrust matters in order
to increase the timely exchange of information among public
and private entities. Coalition members also believe that
legislation needs to safeguard privacy and civil liberties
and establish appropriate roles for government agencies and
departments. CISA reflects sound compromises among many
stakeholders on these issues.
Recent cyber incidents underscore the need for legislation
to help businesses improve their awareness of cyber threats
and to enhance their protection and response capabilities in
collaboration with government entities. Cyberattacks aimed at
U.S. businesses and government bodies are increasingly being
launched from sophisticated hackers, organized crime, and
state-sponsored groups. These attacks are advancing in scope
and complexity.
The coalition is committed to working with lawmakers and
their staff members to get cybersecurity information-sharing
legislation quickly enacted to strengthen our national
security and the protection and resilience of U.S. industry.
Congressional action cannot come soon enough.
Sincerely,
Agricultural Retailers Association (ARA); Airlines for
America (A4A); Alliance of Automobile Manufacturers;
American Bankers Association (ABA); American Cable
Association (ACA); American Council of Life Insurers
(ACLI); American Fuel & Petrochemical Manufacturers
(AFPM); American Gaming Association; American Gas
Association (AGA); American Insurance Association
(AIA); American Petroleum Institute (API); American
Public Power Association (APPA); American Water Works
Association (AWWA); ASIS International; Association of
American Railroads (AAR); BITS--Financial Services
Roundtable; College of Healthcare Information
Management Executives (CHIME); CompTIA--The Computing
Technology Industry Association; CTIA--The Wireless
Association; Edison Electric Institute (EEI);
Federation of American Hospitals (FAH); Food Marketing
Institute (FMI).
GridWise Alliance; HIMSS--Healthcare Information and
Management Systems Society; HITRUST--Health Information
Trust Alliance; Large Public Power Council (LPPC);
National Association of Chemical Distributors (NACD);
National Association of Manufacturers (NAM); National
Association of Mutual Insurance Companies (NAMIC);
National Association of Water Companies (NAWC);
National Business Coalition on e-Commerce & Privacy;
National Cable & Telecommunications Association (NCTA);
National Rural Electric Cooperative Association
(NRECA).
NTCA--The Rural Broadband Association; Property Casualty
Insurers Association of America (PCI); The Real Estate
Roundtable; Securities Industry and Financial Markets
Association (SIFMA); Society of Chemical Manufacturers
& Affiliates (SOCMA); Telecommunications Industry
Association (TIA); Transmission Access Policy Study
Group (TAPS); United States Telecom Association
(USTelecom);
[[Page S6260]]
U.S. Chamber of Commerce; Utilities Telecom Council
(UTC).
____
Chamber of Commerce of
the United States of America,
February 14, 2015.
To the Members of the United States Senate: As the Senate
prepares to consider S. 754, the ``Cybersecurity Information
Sharing Act of 2015,'' the U.S. Chamber of Commerce, the
world's largest business federation representing the
interests of more than three million businesses of all sizes,
sectors, and regions, as well as state and local chambers and
industry associations, and dedicated to promoting,
protecting, and defending America's free enterprise system,
writes to express our strong opposition to the adoption of
amendments that would weaken or overly complicate this
important bipartisan bill, including issues related to data
security, breach notification, or commercial privacy, which
are best addressed in other contexts.
The Chamber believes that all provisions of S. 754 must
support the important goal of protecting critical
infrastructure. Unrelated issues, such as data security,
breach notification, and commercial privacy legislation, have
not yet received any consideration in the committees of
jurisdiction and are not ready for consideration by the full
Senate. These sensitive topics should proceed through the
legislative process following regular order to ensure
complete and deliberate consideration separate from the
pending floor debate on cybersecurity information sharing
legislation.
Cybersecurity information sharing legislation meets a dire
national security need, and though the Chamber would like to
see meaningful data security, breach notification, and
commercial privacy legislation become law, for the benefit of
businesses and consumers alike, we are equally steadfast in
our belief that cybersecurity information sharing legislation
is important for national security and should be Congress's
immediate priority.
There are 47 separate state laws which deal directly with
data security and breach notification. The business community
has been working with members of Congress in both chambers
and on both sides of the aisle to find the right path toward
passage of a national data security and breach notification
law. However, much work remains to be done, as disagreement
continues regarding certain provisions which would be
contained in federal legislation. This disagreement is
evident in virtually every one of the significantly different
data security bills which have been introduced in the Senate
during the last several Congresses.
The Chamber has appreciated the opportunity to comment on
and offer edits to the various bills and looks forward to
working with their authors and cosponsors as legislation
works its way through the committee process. However, data
security legislation deserves its own due consideration and
deliberate debate, separate from the complicated and pressing
national security issue of cybersecurity information sharing.
For example, the House Energy and Commerce committee has held
multiple hearings on proposed legislation in addition to a
subcommittee markup and planned mark up at the full committee
level. Though there are issues which need to be resolved in
that legislation, the Chamber appreciates the process and
consideration given and that the bill has worked its way
through the proper channels.
Given the work that still needs to be done on data security
proposals, the Chamber urges you to keep them separate and
apart from cybersecurity information sharing legislation and
not rush to make changes to the current landscape of state
data security, data breach, and commercial privacy laws.
Doing so would have a fundamentally negative impact on a
broad segment of the American business community.
Sincerely,
R. Bruce Josten.
Mrs. FEINSTEIN. At the same time, the bill includes numerous privacy
protections beyond those contained in last year's bill. Senator Burr
and I worked together to address the specific concerns raised by the
administration, some of our Senate colleagues, and other key
stakeholders. Because of these changes, the administration said
yesterday that ``cyber security is an important national security issue
and the Senate should take up this bill as soon as possible and pass
it.''
I believe this is a good bill and will allow companies and the
government to improve the security of their computer networks, but this
is just a first-step bill. It will not bring an end to successful cyber
attacks or thefts, but it will help to address the problem.
What does this bill do? It provides clear direction for the
government to share cyber threat information and defensive measures
with the private sector.
Two, it authorizes private companies to monitor their computer
networks and to share cyber threat information and defensive measures
with other companies and with the Federal, State, local, and tribal
government.
And three, it creates a process and rules to limit how the Federal
Government will and will not use the information it receives.
Companies are granted liability protection for the appropriate
monitoring for cyber threats and for sharing and receiving cyber threat
information. This liability protection exists for both company-to-
company sharing as well as company-to-government sharing consistent
with the bill's terms. Companies are also authorized to use defensive
measures on their own networks for cyber security purposes.
Since the bill is complicated, let me describe what the bill does in
more detail.
First, it recognizes that the Federal Government has information
about cyber threats that it can and should share with the private
sector and with State, local, and tribal governments. The bill requires
the Director of National Intelligence to put in place a process that
will increase the sharing of information on cyber threats already in
the government's hands with the private sector and help protect an
individual or a business.
Importantly, as the first order of business, there will be a
managers' amendment which makes changes to specifically limit the ways
the government can use the cyber security information it receives. This
amendment was distributed on Friday. I would urge everyone to look at
it because under the amendment, this bill can only be used for cyber
security purposes--no others. It is not a surveillance bill; it is
strictly related to cyber security. The bill previously allowed the
government to use the information to investigate and prosecute serious
violent felonies. That has drawn substantial opposition, and we have
removed it in the managers' package.
I would now like to take a minute to go over some of the privacy
protections in the bill.
No. 1, the bill is strictly voluntary. It does not require companies
to do anything they choose not to do. There is no requirement to share
information with another company or with the government. The government
cannot compel any sharing by the private sector. It is completely
voluntary.
No. 2, it narrowly defines the term ``cyber threat indicator'' to
limit the amount of information that may be shared under the bill.
Companies do not share information under this bill unless it is
specifically about a cyber threat or a cyber defense--nothing else.
No. 3, the authorizations are clear but limited. Companies are fully
authorized to do three things: monitor their networks or provide
monitoring services to their customers to identify cyber threats; use
limited defensive measures to protect against cyber threats on their
networks; and to share and receive information with each other and with
Federal, State, and local governments.
No. 4, there are mandatory steps companies must take, before sharing
any cyber threat information with other companies or the government, to
review the information for irrelevant privacy information. In other
words, the companies must do a privacy scrub. They are required to
remove any personal information that is found. Companies cannot, as it
has been alleged, simply hand over customer information.
No. 5, the bill requires that the Attorney General establish
mandatory guidelines to protect privacy for any information the
government receives. These guidelines will be public, and they will
include consultation with the private sector prior to them being put
together.
The bill requires them to limit how long the government can retain
any information and provide notification and a process to destroy
mistakenly shared information. It also requires the Attorney General to
create sanctions for any government official who does not follow these
mandatory privacy guidelines.
No. 6, the Department of Homeland Security, not the Department of
Defense or the intelligence community, is the primary recipient of
cyber information. In the managers' amendment, we strengthen the role
the Secretary of Homeland Security has in deciding how information
sharing will take place.
No. 7, once the managers' amendment is adopted, the bill will
restrict the government's use of voluntarily shared information, so the
government cannot use this information for law enforcement purposes
unrelated to cyber security and cyber crime.
[[Page S6261]]
No. 8, the bill limits liability protections to monitoring for cyber
threats and sharing information about them and only--and only--if a
company complies with the bill's privacy requirements. The bill
explicitly excludes protection for gross negligence or willful
misconduct.
No. 9, above and beyond these mandatory protections, there are a
number of oversight mechanisms in the bill, including reports by heads
of agencies, inspectors general, and the Privacy and Civil Liberties
Oversight Board.
In sum, this bill allows for strictly voluntary sharing of cyber
security information and many layers of privacy protection.
It is my understanding that the chairman of our committee is here, so
I would like to skip to the conclusion of my remarks and then be able
to turn this over to him.
The House of Representatives has already passed two bills this year
to improve cyber security information sharing. The Intelligence
Committee has crafted a carefully balanced bill that passed by a 14-to-
1 vote in March and it has improved significantly since then through
the managers' amendment.
We very much need to take this first step on cyber security to
address the almost daily reports of hacking and cyber threats. I very
much hope the Senate will take action now.
Now I will yield the floor. I want to thank the chairman. It has been
a pleasure, Mr. Chairman, to work with you. I think I speak for every
member of the committee. I am very pleased we have this bill on the
floor. God willing and the Members willing, we will be able to pass it
one day.
I yield the floor to the chair of the Intelligence Committee.
The PRESIDING OFFICER. The Senator from North Carolina.
Mr. BURR. Mr. President, I want to thank my good friend and vice
chair of the Intelligence Committee, Senator Feinstein. She has been in
the trenches working on cyber security legislation longer than I have.
Her passion is displayed in the product that has come out. There has
been no person more outspoken on privacy than Dianne Feinstein. There
is no person who has been more outspoken on the need for us to get this
right than Senator Feinstein.
Daily, she and I look at some of the most sensitive intelligence
information that exists in this country. We are charged as a
committee--15 individuals out of a body of 100--to provide the
oversight to an intelligence community to make sure they live within
the letters of the law or the boundaries set by Executive order. Every
day we try to fulfill that job.
We are sometimes tasked with producing legislation, and that is why
we are here today with the cyber security bill. It has been referred to
that we are here because OPM got hacked. No. We are here because the
American people's data will be in jeopardy if government does not help
to find a way to help minimize the loss.
So where is the threat? The threat is to business, it is to
government, and it is to individuals. There is no part of America that
is left out of this. The legislation we are proposing affects everybody
in this country--big and small business, State and Federal governments,
and individuals, no matter where they live or how much they are worth.
I think it is safe to say today that business and government have both
been attacked, they have been penetrated, and data has been lost. In
some cases that intent was criminal; in some cases the intent was
nation-states. It was towards credit cards on one side or Social
Security numbers, and on the other side it was plans for the next
military platform or intellectual property that was owned by a company.
But we are where we are, and now we have a proposal as to how we
minimize.
Let me emphasize this. You heard it from the vice chairman. This bill
does not prevent cyber attacks. I am not sure that we could craft
anything that would do that. What this bill does is for the first time
it allows us a pathway to minimizing the amount of data that is lost
and for the first time empowering government, once they get the
pertinent information, to push out to the rest of business and to
individuals and to governments: Here is the type of attack that is
happening. Here is the tool they are using. Here is the defensive
mechanism you can put on your system that will provide you comfort that
they cannot penetrate you and provide the company that has been
attacked comfort that it might be able to minimize in real time the
amount of data that is lost.
So, as the vice chairman said, these are key points on this piece of
legislation: It is voluntary. There is no entity in America that is
forced to report. It is a purely voluntary system. To have
participation in a voluntary system, you have to listen to the folks
who are the subjects of these attacks as to what they need to act in
real time and to provide pertinent data.
It is an information-sharing bill. It is not a surveillance bill. I
say to those who have characterized it that way that we have done
everything we can to clarify with the managers' amendment that there is
no surveillance. The only thing we are after is minimizing the loss of
data that exists.
Here is how it works. I want to break it into three categories.
This bill covers private to private. It says that if I am a private
company and my IT system gets hacked and I get penetrated, I can
automatically pick up the phone and call the IT people at my
competitor's business, and I am protected under antitrust, that we can
carry out a conversation so that I can figure out whether they got
hacked, and if they did but they did not get penetrated, what software
did they have on their system that secured their data. I can
immediately go and put that on my system, and I can minimize the loss
of any additional data. So we protect for that private-to-private
conversation only for the purposes of sharing cyber information.
We also have private to government. We allow any company, in real
time--at the same time they are talking to a competitor, they can
transmit electronically the pertinent data that it takes to do the
forensics of what happened. What tool did they use? They can transfer
that to government, and they are protected from a liability standpoint
for the transfer of that--the vice chairman got into all of this, so I
do not want to rehash it--with the correct protections of personal
data. The company is required not to send personal data. Any government
agency that is the recipient of this data, as they go through it, if
they see personal data that is not relevant to the determination of
what type of attack, what type of tool, what type of response, then
they have to minimize that data so it is not released.
In addition, we have government to private, which is the third leg.
It amazed me that the government did not have the authority to push out
a lot of information. What we do is we empower the government to
analyze the attack, to determine the tool that was used, to find the
most appropriate defensive software mechanism, and then to say to
business broadly: There is an attack that has happened in America. This
is the tool they used. This is the defensive mechanism that will
protect the data at your company.
If you ask me, I think this is what we are here for. This is what the
Congress of the United States is supposed to do--facilitate, through
minor tweaks, a voluntary participation to close the door and minimize
potential loss. That is all we are attempting to do.
I want to loop back to where the vice chairman was. We are now at the
point where we are asking our colleagues for unanimous consent to come
to the floor and actually take up this bill. Moving to the bill allows
our colleagues to come to the floor with relevant amendments to the
bill, where they can be debated and voted on.
I actually believe, Vice Chairman, if we could do that now, we could
process this entire bill and all of the amendments that are relevant by
this time tomorrow. That would mean we would have to work and we would
have to talk and we would have to vote, but we could do it because I
think when we look at the array of relevant amendments, they are pretty
well defined. Some of them are duplications of others that people have
planned to talk about.
But to suggest that this is a problem, which it is--we have seen it
with over 22 million government workers whose personal data and in some
cases, because of the forms they had to fill out for security
clearance, their most sensitive data has gotten out of the OPM system.
[[Page S6262]]
Just because OPM was the last one, don't think that somebody wasn't
serious. Don't think that Anthem Blue Cross wasn't serious. Don't think
that some of the attacks that only acquired credit card information
aren't serious.
What we are attempting to do is to minimize the degree of that loss.
All we need is the cooperation of every Member of the Senate to say: I
am willing to move to the bill. I am willing to bring up amendments--
relevant amendments--willing to debate them and willing to vote on
them.
Process is where we are. At the end of the day, we can determine
whether this is a bill that is worthy to move on. It is not the end of
the road because once we get through in the Senate we have to
conference the bill with the House of Representatives. As the vice
chairman pointed out, they have produced multiple pieces of
legislation. It is the Senate that is now holding us back.
I urge my colleagues: Let's agree to move to the bill. Let's agree to
relevant amendments, and let's process this cyber security bill so that
when we come back from August, we can actually sit down with our
colleagues in the House, conference a bill, and provide the American
people with a little bit of security, knowing that we are going to
minimize the amount of data that is lost, because of a voluntary
program between the private sector and the government.
I think the vice chairman shares my belief that we are not scared to
have a debate on relevant amendments on this bill. We understand there
are more views than just ours. But we have to get on the bill to be
able to offer amendments, to be able to share what we know that might
not necessarily support the amendment.
Right now, we are sort of frozen because we cannot offer amendments,
including the managers' amendment, which I would say to my colleagues--
and the vice chairman said this in a very specific way--if you will
read the managers' amendment, a lot of the concerns that people have
will vanish. Nobody will call it a surveillance bill because we have
addressed the issues that people were concerned with. Although we
didn't think they were problems before, we clarified it in a way that
it is limited only to cyber security. I could make a tremendous case
that through the cyber security forensic process, if we found another
criminal act, the American people probably would want that reported--
without a doubt.
Mr. McCAIN. Will the Senator yield for a question?
Mr. BURR. I am pleased to yield for a question.
Mr. McCAIN. In light of recent events that have dominated the news,
including the breach of millions of Americans' privileged information,
which could be used in ways to harm them, do you think it is a good
idea for the Senate to go out into a month-long recess without at least
having debates, votes, and amendments on this issue?
Does the Senator know of an issue right now that impacts the lives of
everyday Americans such as this threat of cyber security attacks on the
citizens of the United States?
Mr. BURR. I thank the Senator for the question, and I think he knows
the answer.
We should dispose of this. The easiest way, as I shared earlier, is
that if we get on this bill and we process amendments, if we really
wanted to, we could finish tomorrow. The reality is that it doesn't
take a long time to debate amendments, to vote on amendments, and to be
done.
At the end of the day, every Member would have to make a decision as
to whether they are supportive or against the bill. But not getting on
the bill, not offering amendments cheats the American people.
Mr. McCAIN. I will just ask one more question.
It is obvious that the Senator from California and the Senator from
North Carolina have worked very closely together on this issue. They
are the two leaders on intelligence now for a number of years.
Wouldn't it seem logical that with a bipartisan piece of legislation
that addresses an issue--I guess my question is this: How many
Americans have been affected most recently by cyber attacks, and what
would this legislation do to try to prohibit that from happening again?
Don't we have some obligation to try to address the vulnerabilities of
average American everyday citizens?
Mr. BURR. I think the answer is there have been millions of Americans
whose private data has been breached for numerous reasons. The Senator
from Arizona is correct. We have an obligation to do what we can to
minimize that loss.
Mr. McCAIN. And isn't this a bipartisan product?
Mr. BURR. Well, this is very much a bipartisan bill, and I think it
is a bicameral effort. It is not as if this is a limb we are walking
out on and the House isn't already out there. Emphatically, I implore
my colleagues: Let's get on the bill. Let's come and offer relevant
amendments, and let's process those amendments as quickly as we can. I
think we can accommodate both, the need to leave for August and to go
see the people we are married to and get away from the people we see
every day who influence us in numerous ways--I am speaking of the
Senator from Arizona right now, and I know he is anxious to go
somewhere other than here--and to process this bill, which is to do our
work. To not get on the bill, to not offer amendments is to ignore the
responsibilities that we have.
Mr. McCAIN. I wish to just finally say to the Senator from North
Carolina that I appreciate the hard work he and the Senator from
California have put in on this issue. It has been said by our military
leaders that right now one of the greatest vulnerabilities to national
security is the possibility or likelihood of cyber attacks. The
implications of that far exceed that of the invasion of someone's
privacy.
I thank him and the Senator from California for their hard work on
this. I think it at least deserves debate and amendments, and hopefully
we can pass it before we go out for the recess.
Mr. BURR. I thank the Senator from Arizona, who has worked closely
with us since the beginning to try to move this bill together.
Hopefully, at our lunches today, we will have an opportunity to talk to
our Members in the hopes that we can come back from lunch and maybe get
started on this bill.
With that, I yield the floor.
The PRESIDING OFFICER. The Senator from Virginia.
Mr. KAINE. Mr. President, I ask unanimous consent to speak for up to
10 minutes, recognizing that it is after 12:30 p.m.
The PRESIDING OFFICER. Is there objection?
Without objection, it is so ordered.
____________________
[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Senate]
[Pages S6263-S6270]
CYBERSECURITY INFORMATION SHARING ACT OF 2015--MOTION TO PROCEED--
Continued
The PRESIDING OFFICER. The Senator from Arizona.
Mr. McCAIN. Mr. President, I would like to thank my friend from
Florida, Senator Nelson, for allowing me to speak for 5 minutes. I ask
unanimous consent that he be recognized immediately following me--not
the Senator from New Mexico, the Senator from Florida.
The PRESIDING OFFICER. Without objection, it is so ordered.
Mr. McCAIN. Mr. President, I rise in strong support of S. 754, the
Cybersecurity Information Sharing Act. I want to thank my colleagues
Chairman Burr and Vice Chairman Feinstein for their leadership on this
critically important legislation. This bill, of which I am an original
cosponsor, was overwhelmingly approved by a 14-to-1 vote in the Senate
Select Committee on Intelligence in March.
Enacting legislation to confront the accumulating dangers of cyber
threats must be among the highest national security priorities of the
Congress. Cyber attacks on our Nation have become disturbingly common.
More recently, it was the Office of Personnel Management. A few weeks
before that, it was the Pentagon network, the White House, and the
State Department. Before that it was Anthem and Sony--just to name a
few. The status quo is unacceptable, and Congress needs to do its part
in passing this legislation. But the President, as our Nation's
Commander in Chief, must also do his part to deter the belligerence of
our adversaries in cyber space.
The threats from China, Russia, North Korea, and Iran--not to mention
the aspirations of terrorist organizations like ISIL and Al Qaeda--are
steadily growing in number and severity. And our national security
leadership has warned us repeatedly that we could face a cyber attack
against our Nation's critical infrastructure in the not too distant
future. I believe our response to such an attack, or lack thereof,
could define the future of warfare.
To date, the U.S. response to cyber attacks has been tepid at best,
and nonexistent at worst. Unless and until
[[Page S6264]]
the President uses the authorities he has to deter, defend, and respond
to the growing number and severity of cyber attacks, we will risk not
just more of the same but emboldened adversaries and terrorist
organizations that will continuously pursue more severe and destructive
cyber attacks.
As ADM Mike Rogers, the commander of U.S. Cyber Command, told
listeners at the Aspen Security Forum a couple weeks ago, ``to date
there is little price to pay for engaging in some pretty aggressive
behaviors.'' According to James Clapper, the Director of National
Intelligence, ``we will see a progression or expansion of that envelope
until such time as we create both a substance and psychology of
deterrence. And today we don't have that.''
According to the Chairman of the Joint Chiefs of Staff, General
Dempsey, our military enjoys ``a significant military advantage'' in
every domain except for one--cyber space. As General Dempsey said,
cyber ``is a level playing field. And that makes this chairman very
uncomfortable.'' Efforts are currently underway to begin addressing
some of our strategic shortfalls in cyber space, including the training
of a 6,200-person cyber force. However, these efforts will be
meaningless unless we make the tough policy decisions to establish
meaningful cyber deterrence. The President must take steps now to
demonstrate to our adversaries that the United States takes cyber
attacks seriously and is prepared to respond.
This legislation before us is one piece of that overall deterrent
strategy, and it is long past time that Congress move forward on
information sharing legislation. The voluntary information sharing
framework in this legislation is critical to addressing these threats
and ensuring that the mechanisms are in place to identify those
responsible for costly and crippling cyber attacks and, ultimately,
deter future attacks.
Many of us have spent countless hours crafting and debating cyber
legislation back to 2012. Mr. President, 2012 was the last time we
attempted to pass major cyber legislation. This body has come a long
way since that time. We understand that we cannot improve our cyber
posture by shackling the private sector, which operates the majority of
our country's critical infrastructure, with government mandates. As I
argued at that time, heavyhanded regulations and government bureaucracy
will do more harm than good in cyber space. The voluntary framework in
this legislation represents the progress we have made in defining the
role of the private sector and the role of the government in sharing
threat information, defending networks, and deterring cyber attacks.
This legislation also complements actions we have taken in the
National Defense Authorization Act, or NDAA, currently in conference
with the House. As chairman of the Armed Services Committee, cyber
security is one of my top priorities. That is why the NDAA includes a
number of critical cyber provisions designed to ensure the Department
of Defense has the capabilities it needs to deter aggression, defend
our national security interests, and, when called upon, defeat our
adversaries in cyber space.
The NDAA authorizes the Secretary of Defense to develop, prepare,
coordinate, and, when authorized by the President, conduct a military
cyber operation in response to malicious cyber activity carried out
against the United States or a United States person by a foreign power.
The NDAA also authorizes $200 million for the Secretary of Defense to
assess the cyber vulnerabilities of every major DOD weapons system.
Finally, Congress required the President to submit an integrated policy
to deter adversaries in cyber space in the fiscal year 2014 NDAA. We
are still waiting on that policy, and this year's NDAA includes funding
restrictions that will remain in place until it is delivered.
Every day that goes by, I fear our Nation grows more vulnerable, our
privacy and security are at greater risk, and our adversaries are
further emboldened. These are the stakes, and that is why it is
essential that we come together and pass the Cybersecurity Information
Sharing Act.
Mr. President, I thank again my friend from Florida, who is a valued
member of the Senate Armed Services Committee, for his indulgence to
allow me to speak. I thank my colleague.
I yield the floor.
[...]
The PRESIDING OFFICER. The majority leader.
Mr. McCONNELL. Mr. President, our government was recently struck by a
devastating cyber attack that has been described as one of the worst
breaches in U.S. history. It was a major blow to the privacy of
millions of Americans. We know the private sector is vulnerable to
attack as well. The House has already passed two White House-backed
cyber security bills to help address the issue. Similar legislation is
now before the Senate. It is strong, bipartisan, and transparent. It
has been vetted and overwhelmingly endorsed 14 to 1 by both parties in
committee.
It would help both the public and private sectors to defeat cyber
attacks. The top Senate Democrat on this issue reminds us it would
protect individual privacy and civil liberties too. Now is the time to
allow the Senate to debate and then pass this bipartisan bill.
In just a moment, I will offer a fair consent request to allow the
Senate to do just that. The Democratic leader previously said that both
he and the senior Senator from Oregon believe the Senate should be able
to finish the bill ``in a couple of days . . . at the most.'' And just
today he said the Democrats remain willing to proceed to this
bipartisan bill if allowed to offer some relevant amendments. The
senior Senator from New York has also said that Democrats want to get
to the bill and that they want to get a few amendments too.
Our friends across the aisle will be glad to know that the UC I am
about to offer would allow 10 relevant amendments per side to be
offered and made pending. That is a good and fair start that exceeds
the request from our friends across the aisle.
Now that we have a path forward that gives both sides what they said
they need, I would invite our colleagues to join us now in moving
forward on this bill. I invite our colleagues to allow the Senate to
cooperate in a spirit of good faith to pass a bill this week so we can
help protect the American people from more devastating cyber attacks.
I notified the Democratic leader that I would propound the following
consent request: I ask unanimous consent that the cloture motion on the
motion to proceed to calendar No. 28, S. 754, be withdrawn and that the
Senate immediately proceed to its consideration. I further ask that
Senator Burr then be recognized to offer the Burr-Feinstein substitute
amendment and that it be in order during today's session of the Senate
for the bill managers, or their designees, to offer up to 10 first-
degree amendments relevant to the substitute per side.
The PRESIDING OFFICER. Is there objection?
Mr. REID. Reserving the right to object.
The PRESIDING OFFICER. The minority leader.
Mr. REID. The Republican leader is my friend, and I don't mean in any
way to disparage him, other than to bring out a little bit of history.
I can't imagine how he can make this offer with a straight face. Have
amendments pending? That is like nothing. We tried that before, as
recently as the highway bill. Having amendments pending doesn't mean
anything.
We want to pass a good cyber security bill. We have a bill that has
been crafted in the intelligence committee. Other committees have been
interested in participating in what we have here on the floor, but they
are willing to say: OK. We have a bill from the intelligence committee.
There have been no public committee hearings, no public markups.
There has been nothing done other than a rule XIV which, of course, my
friend said he would not do if he got to be the leader and there would
be a robust amendment process. Having a robust amendment process has
nothing to do with having amendments pending.
We want to pass a good bill. But we want to have a reasonable number
of amendments, and there will be votes on those amendments. We are not
asking for longtime agreements. The Republican leader's proposal would
not lead to votes on the amendments. He would allow the amendments to
be pending, but if the Republican leader were to file cloture, as he
has done repeatedly the last few months--and an example is what he did
with the recent highway bill--all amendments that were not strictly
germane would fall.
Remember, we are not asking for germane amendments. We are asking for
relevant amendments. We are willing to enter into an agreement that
provides votes on a reasonable number of amendments that would be
germane in nature, and we should be working on that agreement.
In contrast, if we fail to get that agreement, we are going to have a
cloture vote an hour after we come in in the morning, and 30 hours
after that--sometime late Thursday afternoon or early Thursday
evening--he would have to file cloture on that. That puts us right into
the work period when we get back on September 8.
When we get back, we have the 8th to the 17th, including weekends and
a holiday that is celebrated every year that we always take off, which
includes 2 days. It is a Jewish holiday. I can't imagine why we would
want this to interfere with what we are trying to do in the month of
September.
We are willing to do this bill. We can start working on these
amendments right now if we can have votes on them, but we are not going
to agree to some arrangement like this. If the Republicans are going to
push this, we can come in here tomorrow, and we will vote. The 30 hours
of time will go by--and we know how to use 30 hours; we were taught how
to do that--30 hours of postcloture time. And Thursday afternoon, the
leader can make whatever decision is necessary.
We want a cyber bill. This bill is not the phoenix of all cyber
bills, but it certainly is better than nothing. We should--following
the recommendation and the suggestion and what the Republican leader
has said he would do--be allowed some amendments to vote on. We can
start that today. Today is Tuesday. We can finish these amendments--I
would hope on the Democratic side--in a fairly short order of time.
As for the Republicans, I don't know. All I heard following the
caucus is one Republican Senator wanted to offer an amendment on the
cyber bill dealing with auditing the Fed. I can't imagine why that has
anything to do with this bill.
We are serious about legislating. We want to do something that is
good, we believe, for the country, good for the order of the Senate.
Otherwise, we will look at each other around here until Thursday
afternoon, and the Republican leader can look forward to this being the
first thing we take up when we get back in September. We are willing to
be fair and reasonable to finish this, with our amendments, in a very
short period of time. So I object.
The PRESIDING OFFICER. Objection is heard.
Mr. McCONNELL. Mr. President, let me say, I think there may well be a
way forward here. What I thought I heard the Democratic leader say is
that they are interested in passing a bill. That is important. He said
when it was offered on the defense authorization bill that it was a 2-
day bill, and we could agree to a limited number of amendments.
I think we both agree this is an important subject. I can't imagine
that either the Democrats or the Republicans want to leave here for a
month and not pass the cyber security bill. I think there is enough
interest on both sides to try to continue to discuss the matter and see
if there is a way forward. That would be in the best interest of the
country if we could come together and do this. This bill came out of
the intelligence committee 14 to 1.
Chairman Burr and Vice Chair Feinstein have been asking for floor
time. They are anxious to move this bill
[[Page S6267]]
across the floor. I am hoping the Democratic leader and I can continue
to discuss the matter and that we can find a way forward.
The PRESIDING OFFICER. The Democratic leader.
Mr. REID. Mr. President, I look forward to that discussion. Keep in
mind, being reported out of committee--this is a committee that holds
everything in secret. They do nothing public. So having a 14 to 1 vote
in a meeting that takes place in secret doesn't give the other Senators
who are not on that committee a lot of solace.
I look forward to the Republican leader and me and our staffs working
together to try to come up with some way to move forward on this
legislation. We want to do that.
The PRESIDING OFFICER. The majority leader.
Mr. McCONNELL. Mr. President, as my good friend the Democratic leader
used to remind me, the majority leader always gets the last word.
This is not a new issue. It was around during the previous Congress.
Other committees acted--other committee chairmen like what Chairman
Burr and Vice Chair Feinstein have done. Hopefully, we can minimize
sort of manufacturing problems here that keep us from going forward
when it appears to me that both sides really would like to get an
outcome and believe it would be best for the country to get an outcome
before we go into the recess. We will continue to discuss the matter
and hope that we can find a way forward.
The PRESIDING OFFICER (Mr. Lankford). The Senator from Oregon.
Mr. WYDEN. Mr. President, I will be very brief. I understand there
has already been an objection.
I will speak later in the afternoon or early evening in some detail
about why I have significant reservations with respect to this
legislation.
To say--as we heard again and again throughout the day--that this is
about voluntary information sharing is essentially only half true. The
fact is, companies could volunteer to share their customers'
information with the government, but they wouldn't have to ask for
permission from their customers before handing it over. That is one
reason every major organization with expertise and interest on privacy
issues has had reservations about the bill. It may be voluntary for
companies, but it is mandatory for their customers and their consumers.
They are not given the opportunity to opt out.
The legislation has been public for months, and dozens of cyber
security experts have said it wouldn't do much to stop sophisticated,
large-scale attacks such as the horrendous attack at the Office of
Personnel Management.
On Friday, the Department of Homeland Security--an absolutely
essential agency as it relates to this bill--wrote a letter to our
colleague, the distinguished Senator from Minnesota, Mr. Franken, and
said if this bill's approach is adopted, ``the complexity and
inefficiency of any information sharing program will markedly
increase.'' The Department of Homeland Security added that the bill
``could sweep away important privacy protections.'' That is a pretty
strong indictment from the agency that would be in charge of
implementing the legislation.
As I have indicated a couple of times in the last day or so, I think
the managers, Senator Feinstein and Senator Burr, have made several
positive changes, but the bottom line is it doesn't address the very
substantial privacy concerns that relate to this bill. The fact is,
cyber security is a very serious problem in America.
Oregonians know a lot about it because one of our large employers was
hacked by the Chinese. SolarWorld was hacked by the Chinese because
they insisted on enforcing their rights under trade law. In fact, our
government indicted the Chinese for the hack of my constituents and
others.
So cyber security is a serious problem. Information sharing can play
a constructive role, but information sharing without robust privacy
safeguards is really not a cyber security bill. It is going to be seen
by millions of Americans as a surveillance bill, and that is why it is
so important that there be strong privacy guidelines.
The fact is, in the managers' legislation, the section allowing
companies to hand over large volumes of information with only a cursory
review would be essentially unmodified. The Department of Homeland
Security asked for some specific changes to the language, which the
managers' amendment does not include. So my hope is, we are going to
have a chance to have a real debate on this issue. Personally, I would
rather go down a different route with respect to cyber security
legislation. In particular, I recommend the very fine data breach bill
of our colleague from Vermont Senator Leahy, but if Senators have their
hearts set on doing the bill before us, it is going to need some very
substantial amendments, both to ensure that we show the American people
that security and privacy are not mutually exclusive, that we can do
both, and to address the very serious operational reservations the
Department of Homeland Security has raised. Neither set of concerns is
thoroughly addressed by the managers' amendment.
So my hope is that we are going to have a chance to make some very
significant reforms in this legislation. After seeing what has happened
over the last few weeks, where the government isn't exactly doing an
ideal job of securing the data it has, and now we are going to propose
legislation that has private companies, without the permission of their
customers, for example, to dump large quantities of their customers'
data over to the government with only a cursory review--this
legislation is not going to be real attractive to the millions of
Americans who sent us to represent them.
In fact, in just the last few days, I read in the media that some of
the opponents of this legislation have sent something like 6 million
faxes to the Senate--and people wonder if there are still fax machines.
I guess the point is to demonstrate it is important that we understand,
as we look at digital communications, what the challenge is.
I will have more to say about this later in the afternoon and in the
evening, but I wanted to take this opportunity, since we have just
gotten out of the party caucuses, to make some corrections with respect
to what we were told this morning and particularly on this question
about how this is a voluntary bill. Ask millions of Americans whether
it is voluntary when companies can hand over their private information
to the government without their permission.
I yield the floor.
The PRESIDING OFFICER. The Senator from Kansas.
Mr. MORAN. Mr. President, I ask unanimous consent to be recognized as
in morning business.
The PRESIDING OFFICER. Without objection, it is so ordered.
Nuclear Agreement With Iran
Mr. MORAN. Mr. President, cyber security is an important issue, but I
come to the floor to talk for a bit about one of the most consequential
decisions that I, as a Member of the U.S. Senate, and my colleagues
will make, and that concerns the negotiated agreement between the P5+1
and Iran--the proposed Joint Comprehensive Plan of Action with Iran. In
my view, it provides too much relief in return for too few concessions.
The deal implicitly concedes that Iran will become a nuclear power and
will gain the ability and legitimacy to produce a weapon in a matter of
years while gaining wealth and power in the meantime.
I serve on the Senate Banking Committee. The sanctions that were
created by Congress originate from that committee. Those sanctions were
put in place to prevent Iran from becoming a nuclear power--a country
capable of delivering a nuclear weapon across their border. Those
sanctions were not put in place to give Iran a path or a guideline to
become a nuclear-weapon-capable country. The key is to keep nuclear
weapons out of the hands of Iran's Government. The key to that is to
permanently disable Iran from nuclear capability and remove the
technology used to produce nuclear materials. This deal fails to
achieve this goal by allowing Iran to retain nuclear facilities. Though
some of it will be limited in use in the near term, the centrifuges
used to enrich nuclear matter will not be destroyed or removed from the
country. This deal allows Iran's nuclear infrastructure to remain on
standby for nuclear development when the restrictions expire.
Also troubling is the agreement's lack of restrictions on nuclear
research and development. Iran seeks to replace its current enrichment
technology
[[Page S6268]]
with a more advanced centrifuge that more efficiently enriches nuclear
material. By failing to restrict research and development now, we are
priming Iran's nuclear program to hit the ground running toward a bomb
once the restrictions are lifted in a matter of years.
Also, the inspection regime agreed to in this negotiation is
dangerously accommodating. The agreement provides Iran a great deal of
flexibility regarding the inspection of military sites just like those
where Iran's past covert nuclear development work took place. The deal
allows Iran to hold concerned international inspectors at bay for
weeks, if not months, before granting access to a location suspected of
being a site for nuclear development.
The value of any access to suspected Iranian nuclear sites that
international inspectors ultimately do receive will depend upon their
understanding of Iran's past nuclear weapons research. A comprehensive
disclosure of possible military dimensions to Iran's nuclear research
is necessary for inspectors to fully understand Iran's current
infrastructure and is critical to their ability to rule out any future
efforts to produce nuclear weapons.
The International Atomic Energy Agency, IAEA, has not made public its
site agreement with Iran about their previous nuclear developments.
This is an aside, but I would say none of us should agree to this
negotiated agreement without seeing, reading, and knowing the content
of that agreement. Under the proposed deal, that vital full disclosure
of Iran's nuclear past may not occur, diminishing the value of
inspections and increasing the risk that another covert weaponization
of Iran will take place.
Painfully absent from the agreement's requirements is Iran's release
of American hostages: Saeed Abedini, Jason Rezaian, Robert Levinson,
and Amir Hekmati. The freedom of Americans unjustly held in Iran should
have been a strict precondition for sanctions relief instead of an
afterthought.
In return for very limited concessions, this deal gives Iran way too
much. If implemented, the agreement would give Iran near complete
sanctions relief up front. This isn't a Republican or Democratic issue.
Common sense tells us that you don't give away a leverage until you get
the result that you are looking for, and this agreement provides
sanctions relief upfront, delivering billions in frozen assets to the
Iranian Government and boosting the Iranian economy. Included in this
relief are sanctions related to Iran's Revolutionary Guard Corps, which
were to be lifted only when Iran ceased providing support for
international terrorism.
The sanctions relief in this proposal not only fails to require
preconditions and cooperation regarding nuclear disarmament but will
remove sanctions from the Iranian Guard, despite their status as a top
supporter of terrorist groups around the Middle East and globe.
This type of gratuitous flexibility for Iran is found elsewhere in
the agreement. The P5+1 acceptance of Iranian demands for a relaxed
U.N. arms embargo is both perplexing and scary. This deal would relax
trade restrictions on missiles after 8 years, while immediately erasing
limits on missile research and development. It would also lift
restrictions on Iranian centrifuge use and development after just 8 to
10 years. The deal grants Iran the ability to more efficiently produce
nuclear material just as it gains the ability to access the delivery
weapons system.
Earlier this month, the Chairman of the Joint Chiefs of Staff, GEN
Martin Dempsey, said: ``Under no circumstances should we relieve
pressure on Iran relative to ballistic missile capabilities and arms
trafficking.'' Lifting the U.N. arms embargo was ``out of the
question.'' Yet, just 1 week later, negotiators announced the lifting
of the embargo in 5 to 8 years or less. I wonder what has changed.
Unless the menace of an increased flow of weapons in and out of Iran
somehow substantially decreased during the intervening week, the
consequence of this sudden capitulation should have us all greatly
concerned.
This fear of increased money flow to terror organizations linked to
the Iranian Government is not based upon merely an outside possibility;
it is a likelihood. Last week Iran's Deputy Foreign Minister stated:
``Whenever it's needed to send arms to our allies in the region, we
will do so.'' More money and more weapons in the hands of terrorist
organizations are the fuel for increased violence and further
destabilization in the conflict-torn Middle East.
We have little reason to believe Iran's behavior will change as a
result of this agreement. In fact, their chants of ``Death to America''
become more real.
Since the announcement of the agreement, the leader of Iran has been
openly antagonistic to the United States. Ayatollah Ali Khamenei has
promised to continue to incite unrest and said Iran's ``policy towards
the arrogant U.S. will not change.'' These anti-American statements
come from an Iranian leader whose commitment the Obama administration
is relying on for the nuclear accord to work. It should trouble every
American that the Obama administration is asking us to support a deal
that relies on the total cooperation of those who, as I say, strongly
state their commitment to bringing about ``death to America.''
Given the Obama administration's troubling efforts to push through
this deal to the United Nations and restrict the influence of the
American people through this Congress in the decision, it is all the
more important that we follow through with a serious assessment of this
nuclear agreement. We are faced with a circumstance that, by the
administration's own previous standards, concedes too much and secures
too little.
I strongly oppose this nuclear deal. It is intolerably risky, and the
result will be a new Iran--a legitimized nuclear power with a growing
economy and enhanced means to finance terror, to antagonize, and to
ultimately pursue a nuclear weapons program. I will support the
congressional resolution to express Congress's explicit disapproval.
President Obama has used fear in his agenda in seeking our support
for this agreement. The warning has been that a vote against his policy
is a vote for war with Iran. The President's political scare tactics
are not only untrue but also illogical.
Incidentally, we were not at war with Iran when the agreements were
in place before the negotiation. The absence of agreeing to the
negotiated agreement would not mean we will be at war thereafter.
The President's claims undermine numerous statements his own
administration has made about the negotiation process, the nature of
the Iranian nuclear program, and the proposed agreement's prospects for
success. If true, the President's words concede that his foreign policy
has led America into a dangerous position.
We would expect a President to provide the American people as many
alternatives to war as possible, not just a single narrow and risky one
such as this. According to the President, the only alternative to war
is this agreement--a deal that results in better financed terrorists, a
weakened arms embargo, and the need for boosting U.S. weapons sales to
Iran's regional rivals. If this prospect of war is his concern, the
President would benefit by reevaluating the geopolitical consequences
of the deal and seeking out much better options.
I had hoped these negotiations would result in a strong but fair deal
to dismantle Iran's nuclear infrastructure. Again, the purpose of
placing sanctions on Iran was to get rid of their nuclear capability as
far as delivery of nuclear material across their borders. Yet this
agreement leaves that infrastructure in place and puts them on a
promising path toward that nuclear capability.
Regrettably, that kind of deal was not reached. Now my hope is a
simple one: that we are able to reverse some of the damage that is
already done and that this agreement is rejected.
I would say that there are those who argue that we would be isolated
by rejection of this agreement, that other countries would approve and
the United Nations may approve. This is an issue of such importance
that we need to do everything possible to see that Iran does not become
a nuclear power, and we need to have the moral character and fiber to
say no to this agreement.
Mr. President, I yield the floor.
The PRESIDING OFFICER. The Senator from Washington.
[[Page S6269]]
Mrs. MURRAY. Mr. President, I ask unanimous consent to speak as in
morning business.
The PRESIDING OFFICER. Without objection, it is so ordered.
Economic Security for Our Country's Workers
Mrs. MURRAY. Mr. President, across our country today, so many of our
workers clock in 40 hours a week. They work very hard, and yet they are
unable to provide for their families.
Just last fall, NBC News interviewed a woman named Latoya who worked
in a fast food restaurant. She was protesting as part of a fast food
workers strike. Latoya is raising four children alone on $7.25 an hour.
That is less than $300 a week and is well below the poverty line for
her and her family. For part of last year, she was living in a homeless
shelter. She told the reporter: ``Nobody should work 40 hours a week
and find themselves homeless.'' On top of rock-bottom wages, Latoya
said she and her colleagues experienced unpaid wages, unpredictable
scheduling, and having to make do with broken equipment on the job.
In today's economy, too many of our workers across the country face
the same challenges as Latoya. They are underpaid, they are overworked,
and they are treated unfairly on the job. In short, they lack
fundamental economic security.
Several places around the country and in my home State of Washington
are working to address this at the local level. This Senator believes
we need to bring the Washington State way here to Washington, DC. In
Congress, I believe we need to act to give workers some much needed
relief. We need to grow our economy from the middle out, not the top
down, and we should make sure our country works for all Americans, not
just the wealthiest few.
There is no reason we can't get to work today on legislation to do
just that. That is why I have joined with my colleagues over the past
few months in introducing several bills that will help restore some
much needed economic security and stability to millions of workers.
That is why I am hoping we can move some of these bills forward before
we all go back home to our States.
For too long we have heard from some Republicans the theory--a deeply
flawed theory--that if we would only grant more tax cuts to the
wealthiest Americans and if we would just keep rolling back regulations
on the biggest corporations, those benefits would eventually trickle
down and reach working families in our country. Not only does that
theory not work, as we have seen over the past few decades, that
trickle-down system has done real damage to our Nation's middle class
and our working families. While worker productivity has actually
reached new heights, workers have lost basic protections they once had.
While trickle-down economics allows corporations to post big profits,
too many of our workers are paying the price. Let me give some
examples. Today the Federal minimum wage can leave a family in poverty
even after working full time and even without taking a single day off.
Not only that, today some businesses are using unfair scheduling
practices to keep workers guessing about when they are going to be
called in to work, with no guarantee of how much money they will earn
in a given week. Those types of scheduling abuses take a real toll on
workers' lives and prevent them from getting ahead. Attending college
classes is not an option when someone's work schedule is always in
flux. Taking on a second job to earn more money is nearly impossible
when you can't plan around your first job. And that is not all. Today,
43 million workers in this country don't have paid sick leave. When
they get sick, they have to choose between toughing it out at work and
passing that illness on to others or staying at home and potentially
losing their job. When their child is sick, they have to choose between
losing money on their paycheck or missing out on caring for their son
or daughter. If that is not enough, in our country women are paid just
78 cents for every dollar a man makes. That is not just unfair to
women, by the way; it is bad for families and it hurts our economy.
Many businesses are doing the right thing and are supporting their
workers, but other corporations that don't, put those businesses that
are doing the right thing at a competitive disadvantage by running a
race to the bottom and pulling their workers down with them.
This worker insecurity isn't just devastating for the millions of
workers and their families who are impacted by it, it is also hurting
our economy. Truly robust and strong economic growth comes from the
middle out, not the top down. When our workers lack security, when they
are not treated fairly, they can't invest in themselves and their
children or spend money in their communities or move their families
into a middle-class life.
I believe we have to address this challenge on multiple fronts. We
can start by making sure our workers are treated fairly so they can
earn their way toward rising wages and increased economic security.
There are important things we can do here in Congress to expand
economic security and stability for millions of our working families
today. For starters, we should pass the Paycheck Fairness Act that the
senior Senator from Maryland has championed for so many years to
finally close the pay gap between men and women. The Paycheck Fairness
Act would tackle pay discrimination head-on. This Senator hopes we can
all agree that in the 21st century, workers should be paid fairly for
the work they do, regardless of their gender.
We should also raise the minimum wage to make sure hard work does pay
off. My Raise the Wage Act increases the minimum wage to $12 by 2020
and is enough to lift a family of three out of poverty. It will put
more money in workers' pockets so they can spend it in their local
communities. It will help to build a strong floor--a Federal minimum--
that workers and cities can build off of and go even higher where it
makes sense, like in Seattle in my home State in Washington. It is a
level that Republicans should be able to agree with and start moving
toward right now.
I have also worked on a bill, along with Senators Warren and Murphy,
to crack down on the scheduling abuses I just talked about, so
businesses would no longer keep their workers guessing on when they
would be called in or how many hours they might get in a given week.
In February I introduced the Healthy Families Act to allow workers to
earn up to 7 paid sick days. I want to move forward on that legislation
to give our workers some much needed economic security because no one
should have to sacrifice a day of pay or their job altogether just to
take care of themselves or their sick child.
We as a nation should not turn our backs on empowering our workers
through collective bargaining, especially since strong unions ensure
workers have a strong voice at the table. It is the very thing that
helped so many workers climb into the middle class in this country.
Enacting these critical policies won't solve every problem facing our
workers and their families today. It is not the only way that I and
Senate Democrats will be fighting to protect workers and making sure
the economy is growing from the middle out, not the top down. But these
policies would be very strong steps in the right direction to bring
back that American dream of economic security and a stable middle-class
life for millions of workers who have seen it slip away.
When workers succeed, businesses succeed and thus the economy
succeeds. We know this works. I have seen it in my home State of
Washington where State and local governments have taken the lead on
proposals such as raising the minimum wage and paid sick days. I think
it is time to bring some of that Washington State way right here to
Washington, DC.
I recently heard from a small business owner by the name of Laura.
She owns a small auto repair shop in Renton, WA. She shared something
that I hear all the time from business owners: Doing the right thing by
workers starts a virtuous cycle. Laura said, ``When workers have more
money, businesses have more customers. With more customers, businesses
can hire more workers, which in turn generates more customers.''
Working families in our country have been waiting long enough for
some relief from the trickle-down system that hurts the middle class.
That is why I
[[Page S6270]]
am going to be asking for unanimous consent to work on the policies
that would restore economic security and stability to more workers.
Let's finally restore some stability and security for workers across
our country. Let's make sure hard work pays off. Let's help more
families make ends meet, expand economic opportunity, and grow our
economy from the middle out.
Thank you, Mr. President.
I yield the floor.
The PRESIDING OFFICER. The Senator from Arizona.
Mr. McCAIN. Mr. President, I ask unanimous consent that I be allowed
to speak for 3 minutes and that I be followed immediately by the
Senator from Idaho.
The PRESIDING OFFICER. Is there objection?
Without objection, it is so ordered.
Mr. McCAIN. Mr. President, is the parliamentary procedure that there
was an objection to the Senate moving forward with the consideration of
the cyber bill? Is that correct?
The PRESIDING OFFICER. There was an objection that was heard to the
request of the majority leader.
Mrs. MURRAY addressed the Chair.
Mr. McCAIN. Mr. President, do I have the floor?
The PRESIDING OFFICER. The Senator from Arizona has the floor.
Mr. McCAIN. I have the floor, I tell the Senator from Washington.
This is unbelievable. It is unbelievable that this body would not
move forward with a cyber bill with the situation of dire consequences
and dire threats to the United States of America. Admiral Rogers, the
commander of U.S. Cyber Command, told listeners at the Aspen Security
Forum that ``to date there is little price to pay for engaging in some
pretty aggressive behaviors.''
According to James Clapper, the Director of National Intelligence,
``we will see a progression or expansion of that envelope until such
time as we create both the substance and psychology of deterrence. And
today we don't have that.''
The Chairman of the Joint Chiefs of Staff, General Dempsey, our
military enjoys ``significant military advantage'' in every domain
except for one--cyber space. General Dempsey said cyber ``is a level
playing field. And that makes this chairman very uncomfortable.'' The
Chairman of the Joint Chiefs of Staff is uncomfortable about the cyber
threats to this Nation.
What just took place is millions of Americans had their privacy
hacked into. God only knows what the consequences of that are. The
other side has decided to object to proceeding with a bill that passed
through the Intelligence Committee by a vote of 14 to 1. This is
disgraceful--this is disgraceful. I tell my colleagues on the other
side of the aisle, by blocking this legislation, you are putting this
Nation in danger. By blocking this legislation, you are putting this
Nation in danger by not allowing the Senate of the United States to act
against a very real threat to our very existence.
I say this is a shameful day in the Senate. I urge the Democratic
leader to come to the floor and allow us to consider amendments, move
forward with this legislation because the security of the United States
of America is in danger.
I thank my colleagues.
I yield the floor.
The PRESIDING OFFICER. The Senator from Idaho.
____________________
[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Senate]
[Pages S6271-S6286]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
CYBERSECURITY INFORMATION SHARING ACT OF 2015--MOTION TO PROCEED--
Continued
Mr. HELLER. Mr. President, I would like to talk about personal
privacy rights for American citizens. It was just 2 months ago that the
Senate took action to restore privacy rights of American citizens
through the USA FREEDOM Act--part of action that was taken, as I
mentioned, just 2 months ago. Both Chambers of Congress and the
President agreed it was time to end the bulk collection of American's
call records pouring into the Federal Government.
I was a proud supporter of the USA FREEDOM Act and believed it was
the right thing to do on behalf of U.S. citizens. My constituents all
across Nevada--from Elko, to Reno, Ely, and Las Vegas--all understand
how important these rights are and will not accept any attempts to
diminish them. Today, I am here to continue protecting these privacy
rights and uphold our civil liberties.
Protecting privacy will always be important to Nevadans. It is
nonnegotiable to me, very important. Similar to many of my colleagues
in the Senate, I believe addressing cyber security is also important.
When I was ranking member of the commerce committee's consumer
protection subcommittee, I worked on these issues in detail. I
understand very well the impact of data breaches, cyber threats. In
fact, back in my State of Nevada, one of the top concerns is identity
theft. Not only can these identity thieves wreak financial havoc on a
consumer's life, but these threats also pose a serious national
security concern.
We saw with OPM's breach that personal information for 21.5 million
Federal employees, even those who received security clearances, was
compromised. In my office, in fact, a member of my staff was breached
three times in just the last 4 years. These thieves cross international
borders. They break and enter into private homes. They hack their way
to intrusion with a keyboard and a simple click of the mouse.
So I share the desire to find a path forward on information sharing
between the Federal Government and the private sector as another tool
in the cyber security toolbox, but I have always stood firm with these
types of efforts that they must also maintain American's privacy
rights.
The bill I see today, including the substitute amendment, does not do
enough to ensure personally identifiable information is stripped out
before sharing. That is why I filed a fix. Let's strengthen the
standard for stripping out this information. Right now, this bill says
the private sector and the Federal Government only have to strip out
personal information if they know--if they know--it is not directly
related to a cyber threat.
I would like to offer some context to that. Let's say you are pulled
over for speeding, not knowing the speed limit does not absolve you of
guilt. If your company fails to follow a Federal law or regulation, not
knowing about the law does not exempt you from the consequences of
violating it. Ignorance is no excuse under the law, so why should this
particular piece of legislation be any different?
My amendments ensure that when personal information is being stripped
out, it is because the entity reasonably believes--not knows but
reasonably believes--it is not related to a cyber threat. One of my
amendments addresses the Federal Government's responsibility to do
this, and the other addresses the private sector's responsibility to do
this.
This term ``reasonably believes''--let me repeat that--``reasonably
believes'' is an important distinction that this bill needs. It creates
a wider protection for personal information by ensuring these entities
are making an effort to take out personal information that is not
necessary for cyber security. Our friends over in the House of
Representatives already agree the private sector should be held to this
standard, which is why they included this language in the cyber
security bill which they passed. I hope to see this important
protection retained in any conference agreement should this bill move
forward.
Furthermore, in a letter to a Senator last week, DHS directly
acknowledged the importance of removing personally identifiable
information and even went so far as to say this removal will allow the
information-sharing regime to function much better. Even DHS agrees
that with this amendment it would function much better. So what it
comes down to is our Nation's commitment to balancing the needs for
sharing cyber security information with the need to protect America's
personal information.
I believe my amendment, No. 2548, to hold the Federal Government
accountable strikes that balance, and I will continue strongly pushing
forward to get this vote. I encourage my colleagues to support this
commonsense effort to strengthen this bill and keep our commitment to
upholding the rights of all U.S. citizens.
As we discuss this issue, I hope we will continue having the
opportunity to truly debate and make improvements to this bill. I
believe that if given the opportunity, we can strengthen this
legislation even more to protect against cyber security threats while
also protecting American citizens' private information.
No bill is perfect, as the Presiding Officer knows, but that is why
we are here and that is why there is an amendment process. That is why
I wish to see
[[Page S6272]]
the Senate openly debate and amend this bill, including my amendment.
The privacy rights of Americans are too important an issue and a very
important issue to all of us.
I acknowledge that some of my colleagues want the opportunity to
debate issues related to the bill and those issues that are unrelated
to the bill. I recognize there are many important issues Members would
like to see addressed before August--or at least the August recess--
such as my friend from Kentucky, who filed an amendment regarding
firearms on bases. Like my colleague, I recognize the importance of
this issue, which is why I introduced this legislation days ago. My
legislation would simply require the Secretary of Defense to establish
a process for base commanders in the United States to authorize a
servicemember to carry a concealed personal firearm while on base. Men
and women who serve our country deserve to feel safe and should be able
to defend themselves while stationed in the United States. That is why
I feel strongly that Congress should give our Nation's base commanders
the authority they need to create a safer environment for our heroes
serving across America.
At this time I recognize it is unclear if there will be an
opportunity to debate this issue on this particular piece of
legislation, but it is an important issue. Once again, I hope that as
we continue to debate this bill that we will find a path forward on all
amendments.
I appreciate the willingness of both Senator Burr and Senator
Feinstein to work with me on my amendments, and I look forward to
continuing this debate.
I yield the floor.
The PRESIDING OFFICER. The Senator from New York.
Mr. SCHUMER. Mr. President, I ask unanimous consent that the next 30
minutes be equally divided between Senators Schumer, Boxer, Whitehouse,
Markey, and Schatz.
The PRESIDING OFFICER. Is there objection?
Mr. WHITEHOUSE. Mr. President, may I ask for a modification that I be
able to speak for 1 minute on the cyber issue before we go into that 30
minutes?
With that modification, I have no objection.
The PRESIDING OFFICER. Is there objection to the request?
Without objection, it is so ordered.
Mr. WHITEHOUSE. Thank you.
Mr. President, in my 1 minute, I just wish to respond to what my
friend, the Senator from Arizona, said. We are very keen to get a good,
strong cyber security bill passed.
My concern about the amendment process is that amendments that will
strengthen the bill and make it a better cyber bill ought to have a
chance to get a vote. I have one that I worked out with Senator Graham,
who I think has good national security credentials and whom Senator
McCain respects, and another one with Senator Blunt, who also has good
national security credentials and whom I think Senator McCain also
respects. I believe both of the bills have now been cleared by the U.S.
Chamber of Commerce, so they don't have a business community objection.
But I also fear that if we followed the majority leader's proposal, he
would file cloture and they wouldn't survive a germaneness test.
So I think our leader's offer, basically, of a specific list of
amendments--none of which are ``gotcha'' amendments, all of which
relate to this bill--would be a very good way to proceed, get on the
bill, and get something passed.
The PRESIDING OFFICER. The Senator from New York.
Mr. SCHUMER. First, I thank my friend from Rhode Island. I think
there is a broad agreement--I certainly do--that we want to move to
this bill and, if given an agreement on a limited number of amendments,
all relevant to cyber security, with no intention to be dilatory, and
with time limits, we can get this done. But it is only fair on a major
bill to offer some amendments and not just to fill the tree and have no
amendments at all.
[...]
