The U.S. Senate blocked a proposal to shield companies from lawsuits when they share cyber-attack information with each other and federal agencies after Democrats opposed adding it to a defense-funding bill.
The Senate on Thursday voted 56-40, falling short of the 60 votes required to advance the measure, which Majority Leader Mitch McConnell decided to bring up as an amendment to the annual defense policy bill.
Democrats, including ranking intelligence committee member Senator Dianne Feinstein, of California, are demanding that the Senate consider it separately from the defense legislation.
“The cyber measure is so serious that you shouldn’t deal with it by stapling it to something else,” Senator Ron Wyden, an Oregon Democrat, said before the vote.
McConnell’s decision to pair the bills threatens to place President Barack Obama and congressional Democrats -- who have urged swift action by Congress to boost the nation’s cyber defenses -- in an awkward position.
The Senate now could consider the measure separately or McConnell could attempt to convince some of his colleagues to drop their opposition and then move to reconsider Thursday’s failed vote.
While there is broad agreement that companies should get legal protections for sharing data about online threats, the Obama administration has privately raised concerns about parts of the measure and privacy advocates warn it may create a government surveillance regime that violates privacy rights.
Obama has threatened to veto the underlying defense bill because it exceeds agreed-upon budget caps for military spending.
Seven Democrats joined McConnell and most other Republicans in supporting the amendment, while three Republicans -- including 2016 presidential contender Rand Paul of Kentucky -- voted to block the proposal.
The cybersecurity proposal “would likely pass quickly” if McConnell brought it to the floor as a standalone measure, Adam Jentleson, spokesman for Senate Minority Leader Harry Reid, said after the vote. He added that it “deserves thoughtful consideration, debate and amendment votes.”
The Senate intelligence committee in March approved the legislation, 14-1. Banks, technology and retail trade groups that support the measure say it assures companies exchanging data about hacking attacks won’t be sued by customers or accused of violating antitrust laws.
Efforts to pass cyber legislation have stalled or failed during the past four years in part due to concerns over privacy and government spying.
Obama, company executives and cybersecurity specialists have seized on recent high-profile hacking attacks to bolster their case for legislation. Anthem Inc. announced in February an assault that exposed personal data on about 80 million customers, and Sony Pictures Entertainment was the victim last year of an attack that crippled thousands of computers.
Companies have resisted providing data to the government about hacking attacks out of concern they could be sued if they accidentally included private information about their customers. They’re also concerned about violating antitrust laws if they share information with competitors. Information sharing is needed to help prevent attacks that are growing more sophisticated and dangerous, according to the Obama administration.
Under the bill, companies would be required to remove personal information before data is voluntarily shared with the government, and agencies will be restricted to only use the data for cybersecurity purposes, counter-terrorism efforts or to investigate serious crimes, Feinstein said. The bill also limits the types of defensive actions that companies can take to defend their networks.
For more, read this QuickTake: Cybersecurity