[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Page S6247]

                             CYBER SECURITY

  Mr. McCONNELL. Mr. President, I recently shared an AP news story with 
my colleagues, and I think it is worth sharing again.
  Here is the headline: ``Federal Agencies Are Wide Open to Hackers, 
  I will read just a little bit of what it says.

       The federal government, which holds secrets and sensitive 
     information ranging from nuclear blueprints to the tax 
     returns of hundreds of millions of Americans, has for years 
     failed to take basic steps to protect data from hackers and 
     thieves, records show. In the latest example, the Office of 
     Personnel Management is under fire for allowing its databases 
     to be plundered by suspected Chinese cyberspies in what is 
     being called one of the worst breaches in U.S. history. OPM 
     repeatedly neglected to implement basic cybersecurity 
     protections, its internal watchdog told Congress.

  That story should worry every one of us, Democrats and Republicans 
alike. The AP referred to the massive cyber attack that recently struck 
the Obama administration as ``one of the worst breaches in U.S. 
history.'' But while this massive breach may have been ``one of the 
worst,'' it certainly--unless the administration can be rescued from 
the cyber security Dark Ages--will not be the last.
  So the Senate will be considering bipartisan cyber security 
legislation this week that would help the public and private sectors 
defeat cyber attacks. The modern tools it contains, through the sharing 
of threat information, would provide for the construction of stronger 
defenses. The top Democrat on the Intelligence Committee says this 
bipartisan bill would also protect ``individual privacy and civil 
liberties.'' She is right. It contains strong measures to limit the 
use, retention, and diffusion of consumers' personal information. 
Information sharing with the government would also be voluntary under 
this bipartisan legislation.
  No wonder my colleague from California joined virtually every other 
Democrat and every other Republican to endorse this bipartisan bill 
overwhelmingly in committee 14 to 1. No wonder this bipartisan bill is 
backed by a diverse coalition of supporters, too--everyone from the 
U.S. Chamber of Commerce to farm supply stores, to your local community 
  This is a strong bipartisan, transparent bill that has been 
meticulously vetted by both parties in committee and that has been 
available online for literally months for anyone to read. My friend the 
Democratic leader has also publicly declared that the Senate could 
finish this bill in ``a couple of days.''
  ``In a couple of days,'' he said, ``at the most.''
  So with cooperation, we can pass the bipartisan bill this week. There 
will also be an opportunity for Members of both parties to offer 
amendments. I urge colleagues who wish to do so to begin working with 
the bill managers right now.
  This legislation is the work of many Members. I mentioned Ranking 
Member Feinstein earlier, who has been a key player on this issue. I 
also wish to thank Chairman Burr for his strong leadership and his hard 
work across the aisle in developing this bipartisan bill. I urge the 
Senate to allow us to act and pass it this week.
  The House of Representatives has already passed two similar White 
House-backed cyber security bills. The sooner we pass ours, the sooner 
we conference with the House to finally get a good cyber security law 
on the books, and the sooner our country can be better protected from 
more of these types of attacks.


[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Pages S6256-S6263]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]


  The PRESIDING OFFICER. Under the previous order, the Senate will 
resume consideration of the motion to proceed to S. 754, which the 
clerk will report.
  The legislative clerk read as follows:

       Motion to proceed to Calendar No. 28, S. 754, a bill to 
     improve cybersecurity in the United States through enhanced 
     sharing of information about cybersecurity threats, and for 
     other purposes.

  The PRESIDING OFFICER (Mr. Lee). The Senator from California.
  Mrs. FEINSTEIN. Mr. President, I would like to speak in support of 
the Cybersecurity Information Sharing Act. I had hoped Senator Burr, 
the chairman of the committee, would be able to deliver the remarks 
initially. However, he has been unfortunately delayed, and so I will go 
ahead with my remarks as vice chairman of the committee.
  There is no legislative or administrative step we can take that will 
end all cyber crime and cyber warfare, but as members of the Senate 
Intelligence Committee, we have heard over the course of several years 
now that improving the exchange of information and the sharing of that 
information, company to company and company to the government, can be 
very helpful and yield a real and significant improvement to cyber 
  Regrettably, this is the third attempt to pass a cyber security 
information sharing bill. In the almost 5 years that I have been 
working on this issue, two things have become abundantly clear about 
passing the bill. First, it must be bipartisan. In 2012, I cosponsored 
the Lieberman-Collins Cybersecurity Act, which included a title on

[[Page S6258]]

information sharing based on a bill I had introduced. It was an 
important piece of legislation, but it received almost no Republican 
support and could not gain the 60 votes needed to invoke cloture. It 
became clear to me then that no cyber security legislation could pass 
without broad bipartisan support.
  The second lesson that has been learned is, it must be narrowly 
focused. The Lieberman-Collins bill sought to address many critical 
challenges to our Nation's cyber security. Then-Majority Leader Harry 
Reid, brought the chairmen of all committees of jurisdiction on our 
side together and asked them to draft legislation on cyber security in 
their areas. It soon became clear that addressing so many complex 
issues makes a bill very difficult to pass. That bill died on the 
Senate floor in late 2012.
  Based on these lessons, we have tried to take a bipartisan and 
focused approach so Congress can pass a cyber security information 
sharing bill. In the last Congress, in 2013 and 2014, then-vice 
chairman of the Intelligence Committee Saxby Chambliss and I sought to 
draft legislation on information sharing that would attract bipartisan 
support. We worked through a number of difficult issues together, and 
we were able to produce a bill that I believed would pass the Senate. 
The Intelligence Committee approved the bill in 2014 by a strong 
bipartisan vote of 12 to 3, but it never reached the Senate floor due 
to privacy concerns about the legislation.
  This year, Chairman Burr and I have drafted legislation that both 
sides can and should support. This bill is bipartisan, it is narrowly 
focused, and it puts in place a number of privacy protections, many of 
which I will outline shortly. The bill's bipartisan vote of 14 to 1 in 
the Senate Intelligence Committee in March underscores this fact.
  I would like to thank Senator Burr for his leadership and his 
willingness to negotiate a bipartisan bill that can and should receive 
a strong vote. As he often says, neither one of us would have written 
this bill this way if we were doing it ourselves. This Senator believes 
it is also true that by negotiating this draft, we will get 
substantially more votes than either of us can get on our own. I very 
much hope that is true.
  I note that this bill has strong support from the private sector 
because it creates incentives for improving cyber security and protects 
companies that take responsible steps to do so. Companies are shielded 
from lawsuits if they properly use the authorities provided for in this 
bill. They can be confident that sharing information with other 
companies or with the government will not subject them to inappropriate 
regulatory action.
  For these reasons, this bill has the support of over 40 business 
groups, and it is the first bill that has the support of the U.S. 
Chamber of Commerce. It also has the support of the most important 
cyber security and critical infrastructure companies in the Nation.
  Mr. President, I would like to ask unanimous consent to have those 
letters printed into the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:
                                                   August 3, 2015.
     Hon. Mitch McConnell,
     U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: On 
     behalf of our diverse members, we write today in strong 
     support of the Cybersecurity Information Sharing Act (S. 
     754), a bipartisan bill approved earlier this year on a near-
     unanimous basis by the Select Committee on Intelligence. We 
     strongly urge you to bring up S. 754 as expeditiously as 
     possible, defeat any amendments that would undermine this 
     important legislation, and support the underlying bill.
       The threat of cyber-attacks is a real and omnipresent 
     danger to our sector, our members' customers and clients, and 
     to critical infrastructure providers upon which we--and the 
     nation as a whole--rely. S. 754 would enhance our ability to 
     defend the financial services sector and the sensitive data 
     of hundreds of millions of Americans. It is critical that 
     Congress get cybersecurity information sharing legislation to 
     the President's desk before the next crisis, not after.
       Our members and the broader financial services industry are 
     dedicated to improving our capacity to protect customers and 
     their sensitive information but as it stands today, our laws 
     do not do enough to foster information sharing and establish 
     clear lines of communication with the various government 
     agencies responsible for cybersecurity. If adopted and signed 
     into law, this legislation will strengthen the nation's 
     ability to defend against cyber-attacks and better protect 
     all Americans by encouraging the business community and the 
     government to quickly and effectively share critical 
     information about these threats while ensuring privacy. More 
     effective information sharing provides some of the strongest 
     protections of privacy, as it is sensitive information from 
     our member firms' customers that we are asking Congress to 
     protect from those who attempt to steal or destroy that 
       Each of our organizations and our respective member firms 
     has made cybersecurity a top priority and we are committed to 
     continuing to work with you and your colleagues in the Senate 
     so that effective cyber threat information sharing 
     legislation can be enacted into law.
         American Bankers Association; American Insurance 
           Association; The Clearing House; Financial Services 
           Institute; Financial Services Roundtable; Investment 
           Company Institute; NACHA--The Electronic Payments 
           Association; The National Association of Mutual 
           Insurance Companies; Property Casualty Insurers 
           Association of America; Securities Industry and 
           Financial Markets Association.

                                                   August 3, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     Minority Leader, U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: 
     The undersigned organizations reiterate their support for 
     cybersecurity information sharing and liability protection 
     legislation and urge the Senate to promptly take up and pass 
     S. 754, the Cybersecurity Information Sharing Act (CISA) of 
     2015. Enactment of such legislation is urgently needed to 
     further enhance and encourage communication among the federal 
     government, the North American electric power sector, and 
     other critical infrastructure sectors, thus improving our 
     ability to defend against cyber attacks.
       While the electric sector already engages in significant 
     information sharing activities and has in place mandatory and 
     enforceable reliability and cybersecurity standards, there 
     remains an urgent need for the government and industry to 
     better share actionable security information in a timely and 
     confidential manner, including protections against public 
     disclosure of sensitive security information. CISA provides a 
     framework to help foster even more meaningful information 
     sharing while maintaining a critical balance between 
     liability and privacy protections.
       The electric power sector takes very seriously its 
     responsibility to maintain the reliability, safety, and 
     security of the electric grid. Beyond mandatory standards, 
     the industry maintains an all-hazards ``defense in depth'' 
     mitigation strategy that combines preparation, prevention, 
     resiliency, and response and recovery efforts. We also work 
     closely with the federal government and other critical 
     infrastructure sectors on which the electric sector depends 
     through the Electricity Subsector Coordinating Council, and 
     share electric sector threat information through the 
     Electricity Sector Information Sharing and Analysis Center. 
     Passage of CISA will enhance these activities.
         American Public Power Association (APPA); Canadian 
           Electric Association (CEA); Edison Electric Institute 
           (EEI); Electric Power Supply Association (EPSA); 
           GridWise Alliance; Large Public Power Council (LPPC); 
           National Rural Electric Cooperative Association 
           (NRECA); National Association of Regulatory Utility 
           Commissioners (NARUC); Transmission Access Policy Study 
           Group (TAPS).

                                 American Bankers Association,

                                   Washington, DC, August 3, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Richard Burr,
     U.S. Senate, Washington, DC.
     Hon. Harry Reid,
     Minority Leader, U.S. Senate,
     Washington, DC.
     Hon. Dianne Feinstein,
     U.S. Senate, Washington, DC.
       Dear Senators: I am writing on behalf of the members of the 
     American Bankers Association (ABA) to urge you to support the 
     Cybersecurity Information Sharing Act (CISA, S. 754) when it 
     is brought to the Senate floor, and to defeat any amendments 
     that would undermine this critically needed legislation.
       CISA is bipartisan legislation introduced by Chairman 
     Richard Burr and Vice Chairman Dianne Feinstein, and reported 
     by a strong bipartisan 14-1 vote in the Senate Intelligence 
     Committee. It will enhance ongoing efforts by the private 
     sector and the Federal government to better protect our 
     critical infrastructure and protect Americans from all walks 
     of life from cyber criminals. Importantly, CISA facilitates 
     increased cyber intelligence information sharing between the 
     private and public sectors, and strikes the appropriate 
     balance between protecting consumer privacy and allowing 
     information sharing on serious threats to our nation's 
     critical infrastructure.

[[Page S6259]]

       Cybersecurity is a top priority for the financial services 
     industry. Banks invest hundreds of millions of dollars every 
     year to put in place multiple layers of security to protect 
     sensitive data. Protecting customers has always been and will 
     remain our top priority and CISA will help us work more 
     effectively with the Federal government and other sectors of 
     the economy to better protect them from cyber attacks.
       We urge you to support this important legislation and pass 
     it as soon as possible to better protect America's 
     cybersecurity infrastructure against current and future 
     James C. Ballentine.

                                            Information Technology

                                             Industry Council,

                                    Washington, DC, July 23, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     Democratic Leader, U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Democratic Leader Reid: 
     On behalf of the members of the Information Technology 
     Industry Council (ITI), I write to express our support for S. 
     754, the Cybersecurity Information Sharing Act of 2015 
     (CISA), and urge you to bring it to the Senate floor for 
     debate and vote. Given the importance of cybersecurity threat 
     information sharing to the high-tech industry, we will 
     consider scoring votes in support of CISA in our 114th 
     Congressional Voting Guide.
       ITI members contribute to making the U.S. information and 
     communication technology (ICT) industry the strongest in the 
     world in innovative cybersecurity practices and solutions. We 
     firmly believe that passing legislation to help increase 
     voluntary cybersecurity threat information sharing between 
     the private sector and the federal government, and within the 
     private sector, is an important step Congress can take to 
     enable all stakeholders to address threats, stem losses, and 
     shield their systems, partners and customers. It is important 
     that the Senate act now to pass CISA and continue to move the 
     legislative process forward, so that Congress can reconcile 
     CISA with the House cybersecurity legislation, H.R. 1560, the 
     Protecting Cyber Networks Act, and H.R. 1731, the National 
     Cybersecurity Protection Advancement Act of 2015, and send a 
     bill to the president.
       ITI believes that legislation to promote greater 
     cybersecurity threat information sharing should:
       Affirm that cybersecurity threat information sharing be 
       Promote multidirectional cybersecurity threat information 
     sharing, allowing private-to-private, private-to-government 
     and government-to-private sharing relationships;
       Include targeted liability protections;
       Utilize a civilian agency interface for private-to-
     government information sharing to which new liability 
     protections attach;
       Promote technology-neutral mechanisms that enable 
     cybersecurity threat information to be shared in as close to 
     real-time as possible;
       Require all entities to take reasonable steps to remove 
     personally identifiable information from information shared 
     through data minimization; and
       Ensure private sector use of information received through 
     private-to-private sharing is only for cybersecurity 
     purposes, and government use of information received from the 
     private sector is limited to cybersecurity purposes and used 
     by law enforcement only:
       For the investigation and prosecution of cyber crimes;
       For the protection of individuals from the danger of death 
     or serious bodily harm and the investigation and prosecution 
     of crimes involving such danger; and
       For the protection of minors from child pornography.
       We appreciate the progress made by the Senate Intelligence 
     Committee to include provisions that would protect personally 
     identifiable information while also allowing for a 
     cybersecurity threat information sharing framework that will 
     enhance our ability to protect and defend our networks.
       We look forward to working closely with you, your committee 
     leadership, and the House of Representatives to further 
     address outstanding issues in conference to ensure it adheres 
     to our above cybersecurity threat information sharing 
     principles. ITI remains committed to refining the legislation 
     and supporting a final product that can best achieve our goal 
     of promoting greater cybersecurity.
                                                 Dean C. Garfield,
     President & CEO.

                                    BSA/The Software Alliance,

                                    Washington, DC, July 21, 2015.
     Hon. Mitch McConnell,
     Senate Majority Leader,
     Washington, DC.
     Hon. Harry Reid,
     Senate Minority Leader,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: On 
     behalf of BSA/The Software Alliance, I write in support of 
     bringing the Cybersecurity Information Sharing Act of 2015 
     (S. 754) to the Senate floor for a robust debate. Enactment 
     of bipartisan legislation that enhances voluntary cyber 
     threat information sharing while ensuring privacy protection 
     will be an important step in bolstering our nation's 
     cybersecurity capabilities.
       Our members are on the front lines defending against cyber 
     attacks. Every day, bad actors are attacking networks to 
     extract valuable private and commercial information. We 
     believe it is now more important than ever to enact 
     legislation to break down the legal barriers that currently 
     discourage cyber threat information sharing between and among 
     the public and private sectors. Increased awareness will 
     enhance the ability of businesses, consumers, and critical 
     infrastructure to better defend themselves against attacks 
     and intrusions. We are confident that all of these goals can 
     be accomplished without comprising the privacy of an 
     individual's information.
       I appreciate your leadership on moving this important 
     legislation forward to a successful outcome in the Senate. We 
     support this bipartisan effort and look forward to working 
     with you in the process to ultimately move a cyber threat 
     information sharing bill to the President's desk for 
                                              Victoria A. Espinel,
     President and CEO.

                                              Protecting America's

                                     Cyber Networks Coalition,

                                                    July 21, 2015.
       To the Members of the United States Senate: The Protecting 
     America's Cyber Networks Coalition (the coalition) urges the 
     Senate to take up and pass S. 754, the Cybersecurity 
     Information Sharing Act (CISA) of 2015. Passing cybersecurity 
     information-sharing legislation is a top policy priority of 
     the coalition, which is a partnership of leading business 
     associations representing nearly every sector of the U.S. 
       In March, the Select Committee on Intelligence passed CISA 
     by a strong bipartisan vote (14-1). The Senate can build on 
     the momentum generated in the House to move CISA forward. In 
     April, the House passed two cybersecurity information-sharing 
     bills--H.R. 1560, the Protecting Cyber Networks Act (PCNA), 
     and H.R. 1731, the National Cybersecurity Protection 
     Advancement Act (NCPAA) of 2015--with robust majorities from 
     both parties and broad industry support.
       Our organizations believe that Congress needs to send a 
     bill to the president that gives businesses legal certainty 
     that they have safe harbor against frivolous lawsuits when 
     voluntarily sharing and receiving threat indicators and 
     defensive measures in real time and taking actions to 
     mitigate cyberattacks.
       The legislation also needs to offer protections related to 
     public disclosure, regulatory, and antitrust matters in order 
     to increase the timely exchange of information among public 
     and private entities. Coalition members also believe that 
     legislation needs to safeguard privacy and civil liberties 
     and establish appropriate roles for government agencies and 
     departments. CISA reflects sound compromises among many 
     stakeholders on these issues.
       Recent cyber incidents underscore the need for legislation 
     to help businesses improve their awareness of cyber threats 
     and to enhance their protection and response capabilities in 
     collaboration with government entities. Cyberattacks aimed at 
     U.S. businesses and government bodies are increasingly being 
     launched from sophisticated hackers, organized crime, and 
     state-sponsored groups. These attacks are advancing in scope 
     and complexity.
       The coalition is committed to working with lawmakers and 
     their staff members to get cybersecurity information-sharing 
     legislation quickly enacted to strengthen our national 
     security and the protection and resilience of U.S. industry. 
     Congressional action cannot come soon enough.
         Agricultural Retailers Association (ARA); Airlines for 
           America (A4A); Alliance of Automobile Manufacturers; 
           American Bankers Association (ABA); American Cable 
           Association (ACA); American Council of Life Insurers 
           (ACLI); American Fuel & Petrochemical Manufacturers 
           (AFPM); American Gaming Association; American Gas 
           Association (AGA); American Insurance Association 
           (AIA); American Petroleum Institute (API); American 
           Public Power Association (APPA); American Water Works 
           Association (AWWA); ASIS International; Association of 
           American Railroads (AAR); BITS--Financial Services 
           Roundtable; College of Healthcare Information 
           Management Executives (CHIME); CompTIA--The Computing 
           Technology Industry Association; CTIA--The Wireless 
           Association; Edison Electric Institute (EEI); 
           Federation of American Hospitals (FAH); Food Marketing 
           Institute (FMI).
         GridWise Alliance; HIMSS--Healthcare Information and 
           Management Systems Society; HITRUST--Health Information 
           Trust Alliance; Large Public Power Council (LPPC); 
           National Association of Chemical Distributors (NACD); 
           National Association of Manufacturers (NAM); National 
           Association of Mutual Insurance Companies (NAMIC); 
           National Association of Water Companies (NAWC); 
           National Business Coalition on e-Commerce & Privacy; 
           National Cable & Telecommunications Association (NCTA); 
           National Rural Electric Cooperative Association 
         NTCA--The Rural Broadband Association; Property Casualty 
           Insurers Association of America (PCI); The Real Estate 
           Roundtable; Securities Industry and Financial Markets 
           Association (SIFMA); Society of Chemical Manufacturers 
           & Affiliates (SOCMA); Telecommunications Industry 
           Association (TIA); Transmission Access Policy Study 
           Group (TAPS); United States Telecom Association 

[[Page S6260]]

            U.S. Chamber of Commerce; Utilities Telecom Council 

                                            Chamber of Commerce of

                                 the United States of America,

                                                February 14, 2015.
       To the Members of the United States Senate: As the Senate 
     prepares to consider S. 754, the ``Cybersecurity Information 
     Sharing Act of 2015,'' the U.S. Chamber of Commerce, the 
     world's largest business federation representing the 
     interests of more than three million businesses of all sizes, 
     sectors, and regions, as well as state and local chambers and 
     industry associations, and dedicated to promoting, 
     protecting, and defending America's free enterprise system, 
     writes to express our strong opposition to the adoption of 
     amendments that would weaken or overly complicate this 
     important bipartisan bill, including issues related to data 
     security, breach notification, or commercial privacy, which 
     are best addressed in other contexts.
       The Chamber believes that all provisions of S. 754 must 
     support the important goal of protecting critical 
     infrastructure. Unrelated issues, such as data security, 
     breach notification, and commercial privacy legislation, have 
     not yet received any consideration in the committees of 
     jurisdiction and are not ready for consideration by the full 
     Senate. These sensitive topics should proceed through the 
     legislative process following regular order to ensure 
     complete and deliberate consideration separate from the 
     pending floor debate on cybersecurity information sharing 
       Cybersecurity information sharing legislation meets a dire 
     national security need, and though the Chamber would like to 
     see meaningful data security, breach notification, and 
     commercial privacy legislation become law, for the benefit of 
     businesses and consumers alike, we are equally steadfast in 
     our belief that cybersecurity information sharing legislation 
     is important for national security and should be Congress's 
     immediate priority.
       There are 47 separate state laws which deal directly with 
     data security and breach notification. The business community 
     has been working with members of Congress in both chambers 
     and on both sides of the aisle to find the right path toward 
     passage of a national data security and breach notification 
     law. However, much work remains to be done, as disagreement 
     continues regarding certain provisions which would be 
     contained in federal legislation. This disagreement is 
     evident in virtually every one of the significantly different 
     data security bills which have been introduced in the Senate 
     during the last several Congresses.
       The Chamber has appreciated the opportunity to comment on 
     and offer edits to the various bills and looks forward to 
     working with their authors and cosponsors as legislation 
     works its way through the committee process. However, data 
     security legislation deserves its own due consideration and 
     deliberate debate, separate from the complicated and pressing 
     national security issue of cybersecurity information sharing. 
     For example, the House Energy and Commerce committee has held 
     multiple hearings on proposed legislation in addition to a 
     subcommittee markup and planned mark up at the full committee 
     level. Though there are issues which need to be resolved in 
     that legislation, the Chamber appreciates the process and 
     consideration given and that the bill has worked its way 
     through the proper channels.
       Given the work that still needs to be done on data security 
     proposals, the Chamber urges you to keep them separate and 
     apart from cybersecurity information sharing legislation and 
     not rush to make changes to the current landscape of state 
     data security, data breach, and commercial privacy laws. 
     Doing so would have a fundamentally negative impact on a 
     broad segment of the American business community.
                                                  R. Bruce Josten.

  Mrs. FEINSTEIN. At the same time, the bill includes numerous privacy 
protections beyond those contained in last year's bill. Senator Burr 
and I worked together to address the specific concerns raised by the 
administration, some of our Senate colleagues, and other key 
stakeholders. Because of these changes, the administration said 
yesterday that ``cyber security is an important national security issue 
and the Senate should take up this bill as soon as possible and pass 
  I believe this is a good bill and will allow companies and the 
government to improve the security of their computer networks, but this 
is just a first-step bill. It will not bring an end to successful cyber 
attacks or thefts, but it will help to address the problem.
  What does this bill do? It provides clear direction for the 
government to share cyber threat information and defensive measures 
with the private sector.
  Two, it authorizes private companies to monitor their computer 
networks and to share cyber threat information and defensive measures 
with other companies and with the Federal, State, local, and tribal 
  And three, it creates a process and rules to limit how the Federal 
Government will and will not use the information it receives.
  Companies are granted liability protection for the appropriate 
monitoring for cyber threats and for sharing and receiving cyber threat 
information. This liability protection exists for both company-to-
company sharing as well as company-to-government sharing consistent 
with the bill's terms. Companies are also authorized to use defensive 
measures on their own networks for cyber security purposes.
  Since the bill is complicated, let me describe what the bill does in 
more detail.
  First, it recognizes that the Federal Government has information 
about cyber threats that it can and should share with the private 
sector and with State, local, and tribal governments. The bill requires 
the Director of National Intelligence to put in place a process that 
will increase the sharing of information on cyber threats already in 
the government's hands with the private sector and help protect an 
individual or a business.
  Importantly, as the first order of business, there will be a 
managers' amendment which makes changes to specifically limit the ways 
the government can use the cyber security information it receives. This 
amendment was distributed on Friday. I would urge everyone to look at 
it because under the amendment, this bill can only be used for cyber 
security purposes--no others. It is not a surveillance bill; it is 
strictly related to cyber security. The bill previously allowed the 
government to use the information to investigate and prosecute serious 
violent felonies. That has drawn substantial opposition, and we have 
removed it in the managers' package.
  I would now like to take a minute to go over some of the privacy 
protections in the bill.
  No. 1, the bill is strictly voluntary. It does not require companies 
to do anything they choose not to do. There is no requirement to share 
information with another company or with the government. The government 
cannot compel any sharing by the private sector. It is completely 
  No. 2, it narrowly defines the term ``cyber threat indicator'' to 
limit the amount of information that may be shared under the bill. 
Companies do not share information under this bill unless it is 
specifically about a cyber threat or a cyber defense--nothing else.
  No. 3, the authorizations are clear but limited. Companies are fully 
authorized to do three things: monitor their networks or provide 
monitoring services to their customers to identify cyber threats; use 
limited defensive measures to protect against cyber threats on their 
networks; and to share and receive information with each other and with 
Federal, State, and local governments.
  No. 4, there are mandatory steps companies must take, before sharing 
any cyber threat information with other companies or the government, to 
review the information for irrelevant privacy information. In other 
words, the companies must do a privacy scrub. They are required to 
remove any personal information that is found. Companies cannot, as it 
has been alleged, simply hand over customer information.
  No. 5, the bill requires that the Attorney General establish 
mandatory guidelines to protect privacy for any information the 
government receives. These guidelines will be public, and they will 
include consultation with the private sector prior to them being put 
  The bill requires them to limit how long the government can retain 
any information and provide notification and a process to destroy 
mistakenly shared information. It also requires the Attorney General to 
create sanctions for any government official who does not follow these 
mandatory privacy guidelines.
  No. 6, the Department of Homeland Security, not the Department of 
Defense or the intelligence community, is the primary recipient of 
cyber information. In the managers' amendment, we strengthen the role 
the Secretary of Homeland Security has in deciding how information 
sharing will take place.
  No. 7, once the managers' amendment is adopted, the bill will 
restrict the government's use of voluntarily shared information, so the 
government cannot use this information for law enforcement purposes 
unrelated to cyber security and cyber crime.

[[Page S6261]]

  No. 8, the bill limits liability protections to monitoring for cyber 
threats and sharing information about them and only--and only--if a 
company complies with the bill's privacy requirements. The bill 
explicitly excludes protection for gross negligence or willful 
  No. 9, above and beyond these mandatory protections, there are a 
number of oversight mechanisms in the bill, including reports by heads 
of agencies, inspectors general, and the Privacy and Civil Liberties 
Oversight Board.
  In sum, this bill allows for strictly voluntary sharing of cyber 
security information and many layers of privacy protection.
  It is my understanding that the chairman of our committee is here, so 
I would like to skip to the conclusion of my remarks and then be able 
to turn this over to him.
  The House of Representatives has already passed two bills this year 
to improve cyber security information sharing. The Intelligence 
Committee has crafted a carefully balanced bill that passed by a 14-to-
1 vote in March and it has improved significantly since then through 
the managers' amendment.
  We very much need to take this first step on cyber security to 
address the almost daily reports of hacking and cyber threats. I very 
much hope the Senate will take action now.
  Now I will yield the floor. I want to thank the chairman. It has been 
a pleasure, Mr. Chairman, to work with you. I think I speak for every 
member of the committee. I am very pleased we have this bill on the 
floor. God willing and the Members willing, we will be able to pass it 
one day.
  I yield the floor to the chair of the Intelligence Committee.
  The PRESIDING OFFICER. The Senator from North Carolina.
  Mr. BURR. Mr. President, I want to thank my good friend and vice 
chair of the Intelligence Committee, Senator Feinstein. She has been in 
the trenches working on cyber security legislation longer than I have. 
Her passion is displayed in the product that has come out. There has 
been no person more outspoken on privacy than Dianne Feinstein. There 
is no person who has been more outspoken on the need for us to get this 
right than Senator Feinstein.
  Daily, she and I look at some of the most sensitive intelligence 
information that exists in this country. We are charged as a 
committee--15 individuals out of a body of 100--to provide the 
oversight to an intelligence community to make sure they live within 
the letters of the law or the boundaries set by Executive order. Every 
day we try to fulfill that job.
  We are sometimes tasked with producing legislation, and that is why 
we are here today with the cyber security bill. It has been referred to 
that we are here because OPM got hacked. No. We are here because the 
American people's data will be in jeopardy if government does not help 
to find a way to help minimize the loss.
  So where is the threat? The threat is to business, it is to 
government, and it is to individuals. There is no part of America that 
is left out of this. The legislation we are proposing affects everybody 
in this country--big and small business, State and Federal governments, 
and individuals, no matter where they live or how much they are worth. 
I think it is safe to say today that business and government have both 
been attacked, they have been penetrated, and data has been lost. In 
some cases that intent was criminal; in some cases the intent was 
nation-states. It was towards credit cards on one side or Social 
Security numbers, and on the other side it was plans for the next 
military platform or intellectual property that was owned by a company. 
But we are where we are, and now we have a proposal as to how we 
  Let me emphasize this. You heard it from the vice chairman. This bill 
does not prevent cyber attacks. I am not sure that we could craft 
anything that would do that. What this bill does is for the first time 
it allows us a pathway to minimizing the amount of data that is lost 
and for the first time empowering government, once they get the 
pertinent information, to push out to the rest of business and to 
individuals and to governments: Here is the type of attack that is 
happening. Here is the tool they are using. Here is the defensive 
mechanism you can put on your system that will provide you comfort that 
they cannot penetrate you and provide the company that has been 
attacked comfort that it might be able to minimize in real time the 
amount of data that is lost.
  So, as the vice chairman said, these are key points on this piece of 
legislation: It is voluntary. There is no entity in America that is 
forced to report. It is a purely voluntary system. To have 
participation in a voluntary system, you have to listen to the folks 
who are the subjects of these attacks as to what they need to act in 
real time and to provide pertinent data.
  It is an information-sharing bill. It is not a surveillance bill. I 
say to those who have characterized it that way that we have done 
everything we can to clarify with the managers' amendment that there is 
no surveillance. The only thing we are after is minimizing the loss of 
data that exists.
  Here is how it works. I want to break it into three categories.
  This bill covers private to private. It says that if I am a private 
company and my IT system gets hacked and I get penetrated, I can 
automatically pick up the phone and call the IT people at my 
competitor's business, and I am protected under antitrust, that we can 
carry out a conversation so that I can figure out whether they got 
hacked, and if they did but they did not get penetrated, what software 
did they have on their system that secured their data. I can 
immediately go and put that on my system, and I can minimize the loss 
of any additional data. So we protect for that private-to-private 
conversation only for the purposes of sharing cyber information.
  We also have private to government. We allow any company, in real 
time--at the same time they are talking to a competitor, they can 
transmit electronically the pertinent data that it takes to do the 
forensics of what happened. What tool did they use? They can transfer 
that to government, and they are protected from a liability standpoint 
for the transfer of that--the vice chairman got into all of this, so I 
do not want to rehash it--with the correct protections of personal 
data. The company is required not to send personal data. Any government 
agency that is the recipient of this data, as they go through it, if 
they see personal data that is not relevant to the determination of 
what type of attack, what type of tool, what type of response, then 
they have to minimize that data so it is not released.
  In addition, we have government to private, which is the third leg. 
It amazed me that the government did not have the authority to push out 
a lot of information. What we do is we empower the government to 
analyze the attack, to determine the tool that was used, to find the 
most appropriate defensive software mechanism, and then to say to 
business broadly: There is an attack that has happened in America. This 
is the tool they used. This is the defensive mechanism that will 
protect the data at your company.
  If you ask me, I think this is what we are here for. This is what the 
Congress of the United States is supposed to do--facilitate, through 
minor tweaks, a voluntary participation to close the door and minimize 
potential loss. That is all we are attempting to do.
  I want to loop back to where the vice chairman was. We are now at the 
point where we are asking our colleagues for unanimous consent to come 
to the floor and actually take up this bill. Moving to the bill allows 
our colleagues to come to the floor with relevant amendments to the 
bill, where they can be debated and voted on.
  I actually believe, Vice Chairman, if we could do that now, we could 
process this entire bill and all of the amendments that are relevant by 
this time tomorrow. That would mean we would have to work and we would 
have to talk and we would have to vote, but we could do it because I 
think when we look at the array of relevant amendments, they are pretty 
well defined. Some of them are duplications of others that people have 
planned to talk about.
  But to suggest that this is a problem, which it is--we have seen it 
with over 22 million government workers whose personal data and in some 
cases, because of the forms they had to fill out for security 
clearance, their most sensitive data has gotten out of the OPM system.

[[Page S6262]]

  Just because OPM was the last one, don't think that somebody wasn't 
serious. Don't think that Anthem Blue Cross wasn't serious. Don't think 
that some of the attacks that only acquired credit card information 
aren't serious.
  What we are attempting to do is to minimize the degree of that loss. 
All we need is the cooperation of every Member of the Senate to say: I 
am willing to move to the bill. I am willing to bring up amendments--
relevant amendments--willing to debate them and willing to vote on 
  Process is where we are. At the end of the day, we can determine 
whether this is a bill that is worthy to move on. It is not the end of 
the road because once we get through in the Senate we have to 
conference the bill with the House of Representatives. As the vice 
chairman pointed out, they have produced multiple pieces of 
legislation. It is the Senate that is now holding us back.
  I urge my colleagues: Let's agree to move to the bill. Let's agree to 
relevant amendments, and let's process this cyber security bill so that 
when we come back from August, we can actually sit down with our 
colleagues in the House, conference a bill, and provide the American 
people with a little bit of security, knowing that we are going to 
minimize the amount of data that is lost, because of a voluntary 
program between the private sector and the government.
  I think the vice chairman shares my belief that we are not scared to 
have a debate on relevant amendments on this bill. We understand there 
are more views than just ours. But we have to get on the bill to be 
able to offer amendments, to be able to share what we know that might 
not necessarily support the amendment.
  Right now, we are sort of frozen because we cannot offer amendments, 
including the managers' amendment, which I would say to my colleagues--
and the vice chairman said this in a very specific way--if you will 
read the managers' amendment, a lot of the concerns that people have 
will vanish. Nobody will call it a surveillance bill because we have 
addressed the issues that people were concerned with. Although we 
didn't think they were problems before, we clarified it in a way that 
it is limited only to cyber security. I could make a tremendous case 
that through the cyber security forensic process, if we found another 
criminal act, the American people probably would want that reported--
without a doubt.
  Mr. McCAIN. Will the Senator yield for a question?
  Mr. BURR. I am pleased to yield for a question.
  Mr. McCAIN. In light of recent events that have dominated the news, 
including the breach of millions of Americans' privileged information, 
which could be used in ways to harm them, do you think it is a good 
idea for the Senate to go out into a month-long recess without at least 
having debates, votes, and amendments on this issue?
  Does the Senator know of an issue right now that impacts the lives of 
everyday Americans such as this threat of cyber security attacks on the 
citizens of the United States?
  Mr. BURR. I thank the Senator for the question, and I think he knows 
the answer.
  We should dispose of this. The easiest way, as I shared earlier, is 
that if we get on this bill and we process amendments, if we really 
wanted to, we could finish tomorrow. The reality is that it doesn't 
take a long time to debate amendments, to vote on amendments, and to be 
  At the end of the day, every Member would have to make a decision as 
to whether they are supportive or against the bill. But not getting on 
the bill, not offering amendments cheats the American people.
  Mr. McCAIN. I will just ask one more question.
  It is obvious that the Senator from California and the Senator from 
North Carolina have worked very closely together on this issue. They 
are the two leaders on intelligence now for a number of years.
  Wouldn't it seem logical that with a bipartisan piece of legislation 
that addresses an issue--I guess my question is this: How many 
Americans have been affected most recently by cyber attacks, and what 
would this legislation do to try to prohibit that from happening again? 
Don't we have some obligation to try to address the vulnerabilities of 
average American everyday citizens?
  Mr. BURR. I think the answer is there have been millions of Americans 
whose private data has been breached for numerous reasons. The Senator 
from Arizona is correct. We have an obligation to do what we can to 
minimize that loss.
  Mr. McCAIN. And isn't this a bipartisan product?
  Mr. BURR. Well, this is very much a bipartisan bill, and I think it 
is a bicameral effort. It is not as if this is a limb we are walking 
out on and the House isn't already out there. Emphatically, I implore 
my colleagues: Let's get on the bill. Let's come and offer relevant 
amendments, and let's process those amendments as quickly as we can. I 
think we can accommodate both, the need to leave for August and to go 
see the people we are married to and get away from the people we see 
every day who influence us in numerous ways--I am speaking of the 
Senator from Arizona right now, and I know he is anxious to go 
somewhere other than here--and to process this bill, which is to do our 
work. To not get on the bill, to not offer amendments is to ignore the 
responsibilities that we have.
  Mr. McCAIN. I wish to just finally say to the Senator from North 
Carolina that I appreciate the hard work he and the Senator from 
California have put in on this issue. It has been said by our military 
leaders that right now one of the greatest vulnerabilities to national 
security is the possibility or likelihood of cyber attacks. The 
implications of that far exceed that of the invasion of someone's 
  I thank him and the Senator from California for their hard work on 
this. I think it at least deserves debate and amendments, and hopefully 
we can pass it before we go out for the recess.
  Mr. BURR. I thank the Senator from Arizona, who has worked closely 
with us since the beginning to try to move this bill together. 
Hopefully, at our lunches today, we will have an opportunity to talk to 
our Members in the hopes that we can come back from lunch and maybe get 
started on this bill.
  With that, I yield the floor.
  The PRESIDING OFFICER. The Senator from Virginia.
  Mr. KAINE. Mr. President, I ask unanimous consent to speak for up to 
10 minutes, recognizing that it is after 12:30 p.m.
  The PRESIDING OFFICER. Is there objection?
  Without objection, it is so ordered.


[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Pages S6263-S6270]


  The PRESIDING OFFICER. The Senator from Arizona.
  Mr. McCAIN. Mr. President, I would like to thank my friend from 
Florida, Senator Nelson, for allowing me to speak for 5 minutes. I ask 
unanimous consent that he be recognized immediately following me--not 
the Senator from New Mexico, the Senator from Florida.
  The PRESIDING OFFICER. Without objection, it is so ordered.
  Mr. McCAIN. Mr. President, I rise in strong support of S. 754, the 
Cybersecurity Information Sharing Act. I want to thank my colleagues 
Chairman Burr and Vice Chairman Feinstein for their leadership on this 
critically important legislation. This bill, of which I am an original 
cosponsor, was overwhelmingly approved by a 14-to-1 vote in the Senate 
Select Committee on Intelligence in March.
  Enacting legislation to confront the accumulating dangers of cyber 
threats must be among the highest national security priorities of the 
Congress. Cyber attacks on our Nation have become disturbingly common. 
More recently, it was the Office of Personnel Management. A few weeks 
before that, it was the Pentagon network, the White House, and the 
State Department. Before that it was Anthem and Sony--just to name a 
few. The status quo is unacceptable, and Congress needs to do its part 
in passing this legislation. But the President, as our Nation's 
Commander in Chief, must also do his part to deter the belligerence of 
our adversaries in cyber space.
  The threats from China, Russia, North Korea, and Iran--not to mention 
the aspirations of terrorist organizations like ISIL and Al Qaeda--are 
steadily growing in number and severity. And our national security 
leadership has warned us repeatedly that we could face a cyber attack 
against our Nation's critical infrastructure in the not too distant 
future. I believe our response to such an attack, or lack thereof, 
could define the future of warfare.
  To date, the U.S. response to cyber attacks has been tepid at best, 
and nonexistent at worst. Unless and until

[[Page S6264]]

the President uses the authorities he has to deter, defend, and respond 
to the growing number and severity of cyber attacks, we will risk not 
just more of the same but emboldened adversaries and terrorist 
organizations that will continuously pursue more severe and destructive 
cyber attacks.
  As ADM Mike Rogers, the commander of U.S. Cyber Command, told 
listeners at the Aspen Security Forum a couple weeks ago, ``to date 
there is little price to pay for engaging in some pretty aggressive 
behaviors.'' According to James Clapper, the Director of National 
Intelligence, ``we will see a progression or expansion of that envelope 
until such time as we create both a substance and psychology of 
deterrence. And today we don't have that.''
  According to the Chairman of the Joint Chiefs of Staff, General 
Dempsey, our military enjoys ``a significant military advantage'' in 
every domain except for one--cyber space. As General Dempsey said, 
cyber ``is a level playing field. And that makes this chairman very 
uncomfortable.'' Efforts are currently underway to begin addressing 
some of our strategic shortfalls in cyber space, including the training 
of a 6,200-person cyber force. However, these efforts will be 
meaningless unless we make the tough policy decisions to establish 
meaningful cyber deterrence. The President must take steps now to 
demonstrate to our adversaries that the United States takes cyber 
attacks seriously and is prepared to respond.
  This legislation before us is one piece of that overall deterrent 
strategy, and it is long past time that Congress move forward on 
information sharing legislation. The voluntary information sharing 
framework in this legislation is critical to addressing these threats 
and ensuring that the mechanisms are in place to identify those 
responsible for costly and crippling cyber attacks and, ultimately, 
deter future attacks.
  Many of us have spent countless hours crafting and debating cyber 
legislation back to 2012. Mr. President, 2012 was the last time we 
attempted to pass major cyber legislation. This body has come a long 
way since that time. We understand that we cannot improve our cyber 
posture by shackling the private sector, which operates the majority of 
our country's critical infrastructure, with government mandates. As I 
argued at that time, heavyhanded regulations and government bureaucracy 
will do more harm than good in cyber space. The voluntary framework in 
this legislation represents the progress we have made in defining the 
role of the private sector and the role of the government in sharing 
threat information, defending networks, and deterring cyber attacks.
  This legislation also complements actions we have taken in the 
National Defense Authorization Act, or NDAA, currently in conference 
with the House. As chairman of the Armed Services Committee, cyber 
security is one of my top priorities. That is why the NDAA includes a 
number of critical cyber provisions designed to ensure the Department 
of Defense has the capabilities it needs to deter aggression, defend 
our national security interests, and, when called upon, defeat our 
adversaries in cyber space.
  The NDAA authorizes the Secretary of Defense to develop, prepare, 
coordinate, and, when authorized by the President, conduct a military 
cyber operation in response to malicious cyber activity carried out 
against the United States or a United States person by a foreign power. 
The NDAA also authorizes $200 million for the Secretary of Defense to 
assess the cyber vulnerabilities of every major DOD weapons system. 
Finally, Congress required the President to submit an integrated policy 
to deter adversaries in cyber space in the fiscal year 2014 NDAA. We 
are still waiting on that policy, and this year's NDAA includes funding 
restrictions that will remain in place until it is delivered.
  Every day that goes by, I fear our Nation grows more vulnerable, our 
privacy and security are at greater risk, and our adversaries are 
further emboldened. These are the stakes, and that is why it is 
essential that we come together and pass the Cybersecurity Information 
Sharing Act.
  Mr. President, I thank again my friend from Florida, who is a valued 
member of the Senate Armed Services Committee, for his indulgence to 
allow me to speak. I thank my colleague.
  I yield the floor.


  The PRESIDING OFFICER. The majority leader.
  Mr. McCONNELL. Mr. President, our government was recently struck by a 
devastating cyber attack that has been described as one of the worst 
breaches in U.S. history. It was a major blow to the privacy of 
millions of Americans. We know the private sector is vulnerable to 
attack as well. The House has already passed two White House-backed 
cyber security bills to help address the issue. Similar legislation is 
now before the Senate. It is strong, bipartisan, and transparent. It 
has been vetted and overwhelmingly endorsed 14 to 1 by both parties in 
  It would help both the public and private sectors to defeat cyber 
attacks. The top Senate Democrat on this issue reminds us it would 
protect individual privacy and civil liberties too. Now is the time to 
allow the Senate to debate and then pass this bipartisan bill.
  In just a moment, I will offer a fair consent request to allow the 
Senate to do just that. The Democratic leader previously said that both 
he and the senior Senator from Oregon believe the Senate should be able 
to finish the bill ``in a couple of days . . . at the most.'' And just 
today he said the Democrats remain willing to proceed to this 
bipartisan bill if allowed to offer some relevant amendments. The 
senior Senator from New York has also said that Democrats want to get 
to the bill and that they want to get a few amendments too.
  Our friends across the aisle will be glad to know that the UC I am 
about to offer would allow 10 relevant amendments per side to be 
offered and made pending. That is a good and fair start that exceeds 
the request from our friends across the aisle.
  Now that we have a path forward that gives both sides what they said 
they need, I would invite our colleagues to join us now in moving 
forward on this bill. I invite our colleagues to allow the Senate to 
cooperate in a spirit of good faith to pass a bill this week so we can 
help protect the American people from more devastating cyber attacks.
  I notified the Democratic leader that I would propound the following 
consent request: I ask unanimous consent that the cloture motion on the 
motion to proceed to calendar No. 28, S. 754, be withdrawn and that the 
Senate immediately proceed to its consideration. I further ask that 
Senator Burr then be recognized to offer the Burr-Feinstein substitute 
amendment and that it be in order during today's session of the Senate 
for the bill managers, or their designees, to offer up to 10 first-
degree amendments relevant to the substitute per side.
  The PRESIDING OFFICER. Is there objection?
  Mr. REID. Reserving the right to object.
  The PRESIDING OFFICER. The minority leader.
  Mr. REID. The Republican leader is my friend, and I don't mean in any 
way to disparage him, other than to bring out a little bit of history. 
I can't imagine how he can make this offer with a straight face. Have 
amendments pending? That is like nothing. We tried that before, as 
recently as the highway bill. Having amendments pending doesn't mean 
  We want to pass a good cyber security bill. We have a bill that has 
been crafted in the intelligence committee. Other committees have been 
interested in participating in what we have here on the floor, but they 
are willing to say: OK. We have a bill from the intelligence committee.
  There have been no public committee hearings, no public markups. 
There has been nothing done other than a rule XIV which, of course, my 
friend said he would not do if he got to be the leader and there would 
be a robust amendment process. Having a robust amendment process has 
nothing to do with having amendments pending.
  We want to pass a good bill. But we want to have a reasonable number 
of amendments, and there will be votes on those amendments. We are not 
asking for longtime agreements. The Republican leader's proposal would 
not lead to votes on the amendments. He would allow the amendments to 
be pending, but if the Republican leader were to file cloture, as he 
has done repeatedly the last few months--and an example is what he did 
with the recent highway bill--all amendments that were not strictly 
germane would fall.
  Remember, we are not asking for germane amendments. We are asking for 
relevant amendments. We are willing to enter into an agreement that 
provides votes on a reasonable number of amendments that would be 
germane in nature, and we should be working on that agreement.
  In contrast, if we fail to get that agreement, we are going to have a 
cloture vote an hour after we come in in the morning, and 30 hours 
after that--sometime late Thursday afternoon or early Thursday 
evening--he would have to file cloture on that. That puts us right into 
the work period when we get back on September 8.
  When we get back, we have the 8th to the 17th, including weekends and 
a holiday that is celebrated every year that we always take off, which 
includes 2 days. It is a Jewish holiday. I can't imagine why we would 
want this to interfere with what we are trying to do in the month of 
  We are willing to do this bill. We can start working on these 
amendments right now if we can have votes on them, but we are not going 
to agree to some arrangement like this. If the Republicans are going to 
push this, we can come in here tomorrow, and we will vote. The 30 hours 
of time will go by--and we know how to use 30 hours; we were taught how 
to do that--30 hours of postcloture time. And Thursday afternoon, the 
leader can make whatever decision is necessary.
  We want a cyber bill. This bill is not the phoenix of all cyber 
bills, but it certainly is better than nothing. We should--following 
the recommendation and the suggestion and what the Republican leader 
has said he would do--be allowed some amendments to vote on. We can 
start that today. Today is Tuesday. We can finish these amendments--I 
would hope on the Democratic side--in a fairly short order of time.
  As for the Republicans, I don't know. All I heard following the 
caucus is one Republican Senator wanted to offer an amendment on the 
cyber bill dealing with auditing the Fed. I can't imagine why that has 
anything to do with this bill.
  We are serious about legislating. We want to do something that is 
good, we believe, for the country, good for the order of the Senate. 
Otherwise, we will look at each other around here until Thursday 
afternoon, and the Republican leader can look forward to this being the 
first thing we take up when we get back in September. We are willing to 
be fair and reasonable to finish this, with our amendments, in a very 
short period of time. So I object.
  The PRESIDING OFFICER. Objection is heard.
  Mr. McCONNELL. Mr. President, let me say, I think there may well be a 
way forward here. What I thought I heard the Democratic leader say is 
that they are interested in passing a bill. That is important. He said 
when it was offered on the defense authorization bill that it was a 2-
day bill, and we could agree to a limited number of amendments.
  I think we both agree this is an important subject. I can't imagine 
that either the Democrats or the Republicans want to leave here for a 
month and not pass the cyber security bill. I think there is enough 
interest on both sides to try to continue to discuss the matter and see 
if there is a way forward. That would be in the best interest of the 
country if we could come together and do this. This bill came out of 
the intelligence committee 14 to 1.
  Chairman Burr and Vice Chair Feinstein have been asking for floor 
time. They are anxious to move this bill

[[Page S6267]]

across the floor. I am hoping the Democratic leader and I can continue 
to discuss the matter and that we can find a way forward.
  The PRESIDING OFFICER. The Democratic leader.
  Mr. REID. Mr. President, I look forward to that discussion. Keep in 
mind, being reported out of committee--this is a committee that holds 
everything in secret. They do nothing public. So having a 14 to 1 vote 
in a meeting that takes place in secret doesn't give the other Senators 
who are not on that committee a lot of solace.
  I look forward to the Republican leader and me and our staffs working 
together to try to come up with some way to move forward on this 
legislation. We want to do that.
  The PRESIDING OFFICER. The majority leader.
  Mr. McCONNELL. Mr. President, as my good friend the Democratic leader 
used to remind me, the majority leader always gets the last word.
  This is not a new issue. It was around during the previous Congress. 
Other committees acted--other committee chairmen like what Chairman 
Burr and Vice Chair Feinstein have done. Hopefully, we can minimize 
sort of manufacturing problems here that keep us from going forward 
when it appears to me that both sides really would like to get an 
outcome and believe it would be best for the country to get an outcome 
before we go into the recess. We will continue to discuss the matter 
and hope that we can find a way forward.
  The PRESIDING OFFICER (Mr. Lankford). The Senator from Oregon.
  Mr. WYDEN. Mr. President, I will be very brief. I understand there 
has already been an objection.
  I will speak later in the afternoon or early evening in some detail 
about why I have significant reservations with respect to this 
  To say--as we heard again and again throughout the day--that this is 
about voluntary information sharing is essentially only half true. The 
fact is, companies could volunteer to share their customers' 
information with the government, but they wouldn't have to ask for 
permission from their customers before handing it over. That is one 
reason every major organization with expertise and interest on privacy 
issues has had reservations about the bill. It may be voluntary for 
companies, but it is mandatory for their customers and their consumers. 
They are not given the opportunity to opt out.
  The legislation has been public for months, and dozens of cyber 
security experts have said it wouldn't do much to stop sophisticated, 
large-scale attacks such as the horrendous attack at the Office of 
Personnel Management.
  On Friday, the Department of Homeland Security--an absolutely 
essential agency as it relates to this bill--wrote a letter to our 
colleague, the distinguished Senator from Minnesota, Mr. Franken, and 
said if this bill's approach is adopted, ``the complexity and 
inefficiency of any information sharing program will markedly 
increase.'' The Department of Homeland Security added that the bill 
``could sweep away important privacy protections.'' That is a pretty 
strong indictment from the agency that would be in charge of 
implementing the legislation.
  As I have indicated a couple of times in the last day or so, I think 
the managers, Senator Feinstein and Senator Burr, have made several 
positive changes, but the bottom line is it doesn't address the very 
substantial privacy concerns that relate to this bill. The fact is, 
cyber security is a very serious problem in America.
  Oregonians know a lot about it because one of our large employers was 
hacked by the Chinese. SolarWorld was hacked by the Chinese because 
they insisted on enforcing their rights under trade law. In fact, our 
government indicted the Chinese for the hack of my constituents and 
  So cyber security is a serious problem. Information sharing can play 
a constructive role, but information sharing without robust privacy 
safeguards is really not a cyber security bill. It is going to be seen 
by millions of Americans as a surveillance bill, and that is why it is 
so important that there be strong privacy guidelines.
  The fact is, in the managers' legislation, the section allowing 
companies to hand over large volumes of information with only a cursory 
review would be essentially unmodified. The Department of Homeland 
Security asked for some specific changes to the language, which the 
managers' amendment does not include. So my hope is, we are going to 
have a chance to have a real debate on this issue. Personally, I would 
rather go down a different route with respect to cyber security 
legislation. In particular, I recommend the very fine data breach bill 
of our colleague from Vermont Senator Leahy, but if Senators have their 
hearts set on doing the bill before us, it is going to need some very 
substantial amendments, both to ensure that we show the American people 
that security and privacy are not mutually exclusive, that we can do 
both, and to address the very serious operational reservations the 
Department of Homeland Security has raised. Neither set of concerns is 
thoroughly addressed by the managers' amendment.
  So my hope is that we are going to have a chance to make some very 
significant reforms in this legislation. After seeing what has happened 
over the last few weeks, where the government isn't exactly doing an 
ideal job of securing the data it has, and now we are going to propose 
legislation that has private companies, without the permission of their 
customers, for example, to dump large quantities of their customers' 
data over to the government with only a cursory review--this 
legislation is not going to be real attractive to the millions of 
Americans who sent us to represent them.
  In fact, in just the last few days, I read in the media that some of 
the opponents of this legislation have sent something like 6 million 
faxes to the Senate--and people wonder if there are still fax machines. 
I guess the point is to demonstrate it is important that we understand, 
as we look at digital communications, what the challenge is.
  I will have more to say about this later in the afternoon and in the 
evening, but I wanted to take this opportunity, since we have just 
gotten out of the party caucuses, to make some corrections with respect 
to what we were told this morning and particularly on this question 
about how this is a voluntary bill. Ask millions of Americans whether 
it is voluntary when companies can hand over their private information 
to the government without their permission.
  I yield the floor.
  The PRESIDING OFFICER. The Senator from Kansas.
  Mr. MORAN. Mr. President, I ask unanimous consent to be recognized as 
in morning business.
  The PRESIDING OFFICER. Without objection, it is so ordered.

                      Nuclear Agreement With Iran

  Mr. MORAN. Mr. President, cyber security is an important issue, but I 
come to the floor to talk for a bit about one of the most consequential 
decisions that I, as a Member of the U.S. Senate, and my colleagues 
will make, and that concerns the negotiated agreement between the P5+1 
and Iran--the proposed Joint Comprehensive Plan of Action with Iran. In 
my view, it provides too much relief in return for too few concessions. 
The deal implicitly concedes that Iran will become a nuclear power and 
will gain the ability and legitimacy to produce a weapon in a matter of 
years while gaining wealth and power in the meantime.
  I serve on the Senate Banking Committee. The sanctions that were 
created by Congress originate from that committee. Those sanctions were 
put in place to prevent Iran from becoming a nuclear power--a country 
capable of delivering a nuclear weapon across their border. Those 
sanctions were not put in place to give Iran a path or a guideline to 
become a nuclear-weapon-capable country. The key is to keep nuclear 
weapons out of the hands of Iran's Government. The key to that is to 
permanently disable Iran from nuclear capability and remove the 
technology used to produce nuclear materials. This deal fails to 
achieve this goal by allowing Iran to retain nuclear facilities. Though 
some of it will be limited in use in the near term, the centrifuges 
used to enrich nuclear matter will not be destroyed or removed from the 
country. This deal allows Iran's nuclear infrastructure to remain on 
standby for nuclear development when the restrictions expire.
  Also troubling is the agreement's lack of restrictions on nuclear 
research and development. Iran seeks to replace its current enrichment 

[[Page S6268]]

with a more advanced centrifuge that more efficiently enriches nuclear 
material. By failing to restrict research and development now, we are 
priming Iran's nuclear program to hit the ground running toward a bomb 
once the restrictions are lifted in a matter of years.
  Also, the inspection regime agreed to in this negotiation is 
dangerously accommodating. The agreement provides Iran a great deal of 
flexibility regarding the inspection of military sites just like those 
where Iran's past covert nuclear development work took place. The deal 
allows Iran to hold concerned international inspectors at bay for 
weeks, if not months, before granting access to a location suspected of 
being a site for nuclear development.
  The value of any access to suspected Iranian nuclear sites that 
international inspectors ultimately do receive will depend upon their 
understanding of Iran's past nuclear weapons research. A comprehensive 
disclosure of possible military dimensions to Iran's nuclear research 
is necessary for inspectors to fully understand Iran's current 
infrastructure and is critical to their ability to rule out any future 
efforts to produce nuclear weapons.
  The International Atomic Energy Agency, IAEA, has not made public its 
site agreement with Iran about their previous nuclear developments. 
This is an aside, but I would say none of us should agree to this 
negotiated agreement without seeing, reading, and knowing the content 
of that agreement. Under the proposed deal, that vital full disclosure 
of Iran's nuclear past may not occur, diminishing the value of 
inspections and increasing the risk that another covert weaponization 
of Iran will take place.
  Painfully absent from the agreement's requirements is Iran's release 
of American hostages: Saeed Abedini, Jason Rezaian, Robert Levinson, 
and Amir Hekmati. The freedom of Americans unjustly held in Iran should 
have been a strict precondition for sanctions relief instead of an 
  In return for very limited concessions, this deal gives Iran way too 
much. If implemented, the agreement would give Iran near complete 
sanctions relief up front. This isn't a Republican or Democratic issue. 
Common sense tells us that you don't give away a leverage until you get 
the result that you are looking for, and this agreement provides 
sanctions relief upfront, delivering billions in frozen assets to the 
Iranian Government and boosting the Iranian economy. Included in this 
relief are sanctions related to Iran's Revolutionary Guard Corps, which 
were to be lifted only when Iran ceased providing support for 
international terrorism.
  The sanctions relief in this proposal not only fails to require 
preconditions and cooperation regarding nuclear disarmament but will 
remove sanctions from the Iranian Guard, despite their status as a top 
supporter of terrorist groups around the Middle East and globe.
  This type of gratuitous flexibility for Iran is found elsewhere in 
the agreement. The P5+1 acceptance of Iranian demands for a relaxed 
U.N. arms embargo is both perplexing and scary. This deal would relax 
trade restrictions on missiles after 8 years, while immediately erasing 
limits on missile research and development. It would also lift 
restrictions on Iranian centrifuge use and development after just 8 to 
10 years. The deal grants Iran the ability to more efficiently produce 
nuclear material just as it gains the ability to access the delivery 
weapons system.
  Earlier this month, the Chairman of the Joint Chiefs of Staff, GEN 
Martin Dempsey, said: ``Under no circumstances should we relieve 
pressure on Iran relative to ballistic missile capabilities and arms 
trafficking.'' Lifting the U.N. arms embargo was ``out of the 
question.'' Yet, just 1 week later, negotiators announced the lifting 
of the embargo in 5 to 8 years or less. I wonder what has changed. 
Unless the menace of an increased flow of weapons in and out of Iran 
somehow substantially decreased during the intervening week, the 
consequence of this sudden capitulation should have us all greatly 

  This fear of increased money flow to terror organizations linked to 
the Iranian Government is not based upon merely an outside possibility; 
it is a likelihood. Last week Iran's Deputy Foreign Minister stated: 
``Whenever it's needed to send arms to our allies in the region, we 
will do so.'' More money and more weapons in the hands of terrorist 
organizations are the fuel for increased violence and further 
destabilization in the conflict-torn Middle East.
  We have little reason to believe Iran's behavior will change as a 
result of this agreement. In fact, their chants of ``Death to America'' 
become more real.
  Since the announcement of the agreement, the leader of Iran has been 
openly antagonistic to the United States. Ayatollah Ali Khamenei has 
promised to continue to incite unrest and said Iran's ``policy towards 
the arrogant U.S. will not change.'' These anti-American statements 
come from an Iranian leader whose commitment the Obama administration 
is relying on for the nuclear accord to work. It should trouble every 
American that the Obama administration is asking us to support a deal 
that relies on the total cooperation of those who, as I say, strongly 
state their commitment to bringing about ``death to America.''
  Given the Obama administration's troubling efforts to push through 
this deal to the United Nations and restrict the influence of the 
American people through this Congress in the decision, it is all the 
more important that we follow through with a serious assessment of this 
nuclear agreement. We are faced with a circumstance that, by the 
administration's own previous standards, concedes too much and secures 
too little.
  I strongly oppose this nuclear deal. It is intolerably risky, and the 
result will be a new Iran--a legitimized nuclear power with a growing 
economy and enhanced means to finance terror, to antagonize, and to 
ultimately pursue a nuclear weapons program. I will support the 
congressional resolution to express Congress's explicit disapproval.
  President Obama has used fear in his agenda in seeking our support 
for this agreement. The warning has been that a vote against his policy 
is a vote for war with Iran. The President's political scare tactics 
are not only untrue but also illogical.
  Incidentally, we were not at war with Iran when the agreements were 
in place before the negotiation. The absence of agreeing to the 
negotiated agreement would not mean we will be at war thereafter.
  The President's claims undermine numerous statements his own 
administration has made about the negotiation process, the nature of 
the Iranian nuclear program, and the proposed agreement's prospects for 
success. If true, the President's words concede that his foreign policy 
has led America into a dangerous position.
  We would expect a President to provide the American people as many 
alternatives to war as possible, not just a single narrow and risky one 
such as this. According to the President, the only alternative to war 
is this agreement--a deal that results in better financed terrorists, a 
weakened arms embargo, and the need for boosting U.S. weapons sales to 
Iran's regional rivals. If this prospect of war is his concern, the 
President would benefit by reevaluating the geopolitical consequences 
of the deal and seeking out much better options.
  I had hoped these negotiations would result in a strong but fair deal 
to dismantle Iran's nuclear infrastructure. Again, the purpose of 
placing sanctions on Iran was to get rid of their nuclear capability as 
far as delivery of nuclear material across their borders. Yet this 
agreement leaves that infrastructure in place and puts them on a 
promising path toward that nuclear capability.
  Regrettably, that kind of deal was not reached. Now my hope is a 
simple one: that we are able to reverse some of the damage that is 
already done and that this agreement is rejected.
  I would say that there are those who argue that we would be isolated 
by rejection of this agreement, that other countries would approve and 
the United Nations may approve. This is an issue of such importance 
that we need to do everything possible to see that Iran does not become 
a nuclear power, and we need to have the moral character and fiber to 
say no to this agreement.
  Mr. President, I yield the floor.
  The PRESIDING OFFICER. The Senator from Washington.

[[Page S6269]]


  Mrs. MURRAY. Mr. President, I ask unanimous consent to speak as in 
morning business.
  The PRESIDING OFFICER. Without objection, it is so ordered.

              Economic Security for Our Country's Workers

  Mrs. MURRAY. Mr. President, across our country today, so many of our 
workers clock in 40 hours a week. They work very hard, and yet they are 
unable to provide for their families.
  Just last fall, NBC News interviewed a woman named Latoya who worked 
in a fast food restaurant. She was protesting as part of a fast food 
workers strike. Latoya is raising four children alone on $7.25 an hour. 
That is less than $300 a week and is well below the poverty line for 
her and her family. For part of last year, she was living in a homeless 
shelter. She told the reporter: ``Nobody should work 40 hours a week 
and find themselves homeless.'' On top of rock-bottom wages, Latoya 
said she and her colleagues experienced unpaid wages, unpredictable 
scheduling, and having to make do with broken equipment on the job.
  In today's economy, too many of our workers across the country face 
the same challenges as Latoya. They are underpaid, they are overworked, 
and they are treated unfairly on the job. In short, they lack 
fundamental economic security.
  Several places around the country and in my home State of Washington 
are working to address this at the local level. This Senator believes 
we need to bring the Washington State way here to Washington, DC. In 
Congress, I believe we need to act to give workers some much needed 
relief. We need to grow our economy from the middle out, not the top 
down, and we should make sure our country works for all Americans, not 
just the wealthiest few.
  There is no reason we can't get to work today on legislation to do 
just that. That is why I have joined with my colleagues over the past 
few months in introducing several bills that will help restore some 
much needed economic security and stability to millions of workers. 
That is why I am hoping we can move some of these bills forward before 
we all go back home to our States.
  For too long we have heard from some Republicans the theory--a deeply 
flawed theory--that if we would only grant more tax cuts to the 
wealthiest Americans and if we would just keep rolling back regulations 
on the biggest corporations, those benefits would eventually trickle 
down and reach working families in our country. Not only does that 
theory not work, as we have seen over the past few decades, that 
trickle-down system has done real damage to our Nation's middle class 
and our working families. While worker productivity has actually 
reached new heights, workers have lost basic protections they once had.
  While trickle-down economics allows corporations to post big profits, 
too many of our workers are paying the price. Let me give some 
examples. Today the Federal minimum wage can leave a family in poverty 
even after working full time and even without taking a single day off. 
Not only that, today some businesses are using unfair scheduling 
practices to keep workers guessing about when they are going to be 
called in to work, with no guarantee of how much money they will earn 
in a given week. Those types of scheduling abuses take a real toll on 
workers' lives and prevent them from getting ahead. Attending college 
classes is not an option when someone's work schedule is always in 
flux. Taking on a second job to earn more money is nearly impossible 
when you can't plan around your first job. And that is not all. Today, 
43 million workers in this country don't have paid sick leave. When 
they get sick, they have to choose between toughing it out at work and 
passing that illness on to others or staying at home and potentially 
losing their job. When their child is sick, they have to choose between 
losing money on their paycheck or missing out on caring for their son 
or daughter. If that is not enough, in our country women are paid just 
78 cents for every dollar a man makes. That is not just unfair to 
women, by the way; it is bad for families and it hurts our economy.
  Many businesses are doing the right thing and are supporting their 
workers, but other corporations that don't, put those businesses that 
are doing the right thing at a competitive disadvantage by running a 
race to the bottom and pulling their workers down with them.
  This worker insecurity isn't just devastating for the millions of 
workers and their families who are impacted by it, it is also hurting 
our economy. Truly robust and strong economic growth comes from the 
middle out, not the top down. When our workers lack security, when they 
are not treated fairly, they can't invest in themselves and their 
children or spend money in their communities or move their families 
into a middle-class life.
  I believe we have to address this challenge on multiple fronts. We 
can start by making sure our workers are treated fairly so they can 
earn their way toward rising wages and increased economic security.
  There are important things we can do here in Congress to expand 
economic security and stability for millions of our working families 
today. For starters, we should pass the Paycheck Fairness Act that the 
senior Senator from Maryland has championed for so many years to 
finally close the pay gap between men and women. The Paycheck Fairness 
Act would tackle pay discrimination head-on. This Senator hopes we can 
all agree that in the 21st century, workers should be paid fairly for 
the work they do, regardless of their gender.
  We should also raise the minimum wage to make sure hard work does pay 
off. My Raise the Wage Act increases the minimum wage to $12 by 2020 
and is enough to lift a family of three out of poverty. It will put 
more money in workers' pockets so they can spend it in their local 
communities. It will help to build a strong floor--a Federal minimum--
that workers and cities can build off of and go even higher where it 
makes sense, like in Seattle in my home State in Washington. It is a 
level that Republicans should be able to agree with and start moving 
toward right now.
  I have also worked on a bill, along with Senators Warren and Murphy, 
to crack down on the scheduling abuses I just talked about, so 
businesses would no longer keep their workers guessing on when they 
would be called in or how many hours they might get in a given week.
  In February I introduced the Healthy Families Act to allow workers to 
earn up to 7 paid sick days. I want to move forward on that legislation 
to give our workers some much needed economic security because no one 
should have to sacrifice a day of pay or their job altogether just to 
take care of themselves or their sick child.
  We as a nation should not turn our backs on empowering our workers 
through collective bargaining, especially since strong unions ensure 
workers have a strong voice at the table. It is the very thing that 
helped so many workers climb into the middle class in this country.
  Enacting these critical policies won't solve every problem facing our 
workers and their families today. It is not the only way that I and 
Senate Democrats will be fighting to protect workers and making sure 
the economy is growing from the middle out, not the top down. But these 
policies would be very strong steps in the right direction to bring 
back that American dream of economic security and a stable middle-class 
life for millions of workers who have seen it slip away.
  When workers succeed, businesses succeed and thus the economy 
succeeds. We know this works. I have seen it in my home State of 
Washington where State and local governments have taken the lead on 
proposals such as raising the minimum wage and paid sick days. I think 
it is time to bring some of that Washington State way right here to 
Washington, DC.
  I recently heard from a small business owner by the name of Laura. 
She owns a small auto repair shop in Renton, WA. She shared something 
that I hear all the time from business owners: Doing the right thing by 
workers starts a virtuous cycle. Laura said, ``When workers have more 
money, businesses have more customers. With more customers, businesses 
can hire more workers, which in turn generates more customers.''
  Working families in our country have been waiting long enough for 
some relief from the trickle-down system that hurts the middle class. 
That is why I

[[Page S6270]]

am going to be asking for unanimous consent to work on the policies 
that would restore economic security and stability to more workers.
  Let's finally restore some stability and security for workers across 
our country. Let's make sure hard work pays off. Let's help more 
families make ends meet, expand economic opportunity, and grow our 
economy from the middle out.
  Thank you, Mr. President.
  I yield the floor.
  The PRESIDING OFFICER. The Senator from Arizona.
  Mr. McCAIN. Mr. President, I ask unanimous consent that I be allowed 
to speak for 3 minutes and that I be followed immediately by the 
Senator from Idaho.
  The PRESIDING OFFICER. Is there objection?
  Without objection, it is so ordered.
  Mr. McCAIN. Mr. President, is the parliamentary procedure that there 
was an objection to the Senate moving forward with the consideration of 
the cyber bill? Is that correct?
  The PRESIDING OFFICER. There was an objection that was heard to the 
request of the majority leader.
  Mrs. MURRAY addressed the Chair.
  Mr. McCAIN. Mr. President, do I have the floor?
  The PRESIDING OFFICER. The Senator from Arizona has the floor.
  Mr. McCAIN. I have the floor, I tell the Senator from Washington.
  This is unbelievable. It is unbelievable that this body would not 
move forward with a cyber bill with the situation of dire consequences 
and dire threats to the United States of America. Admiral Rogers, the 
commander of U.S. Cyber Command, told listeners at the Aspen Security 
Forum that ``to date there is little price to pay for engaging in some 
pretty aggressive behaviors.''
  According to James Clapper, the Director of National Intelligence, 
``we will see a progression or expansion of that envelope until such 
time as we create both the substance and psychology of deterrence. And 
today we don't have that.''
  The Chairman of the Joint Chiefs of Staff, General Dempsey, our 
military enjoys ``significant military advantage'' in every domain 
except for one--cyber space. General Dempsey said cyber ``is a level 
playing field. And that makes this chairman very uncomfortable.'' The 
Chairman of the Joint Chiefs of Staff is uncomfortable about the cyber 
threats to this Nation.
  What just took place is millions of Americans had their privacy 
hacked into. God only knows what the consequences of that are. The 
other side has decided to object to proceeding with a bill that passed 
through the Intelligence Committee by a vote of 14 to 1. This is 
disgraceful--this is disgraceful. I tell my colleagues on the other 
side of the aisle, by blocking this legislation, you are putting this 
Nation in danger. By blocking this legislation, you are putting this 
Nation in danger by not allowing the Senate of the United States to act 
against a very real threat to our very existence.
  I say this is a shameful day in the Senate. I urge the Democratic 
leader to come to the floor and allow us to consider amendments, move 
forward with this legislation because the security of the United States 
of America is in danger.
  I thank my colleagues.
  I yield the floor.
  The PRESIDING OFFICER. The Senator from Idaho.


[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Pages S6271-S6286]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]


  Mr. HELLER. Mr. President, I would like to talk about personal 
privacy rights for American citizens. It was just 2 months ago that the 
Senate took action to restore privacy rights of American citizens 
through the USA FREEDOM Act--part of action that was taken, as I 
mentioned, just 2 months ago. Both Chambers of Congress and the 
President agreed it was time to end the bulk collection of American's 
call records pouring into the Federal Government.
  I was a proud supporter of the USA FREEDOM Act and believed it was 
the right thing to do on behalf of U.S. citizens. My constituents all 
across Nevada--from Elko, to Reno, Ely, and Las Vegas--all understand 
how important these rights are and will not accept any attempts to 
diminish them. Today, I am here to continue protecting these privacy 
rights and uphold our civil liberties.
  Protecting privacy will always be important to Nevadans. It is 
nonnegotiable to me, very important. Similar to many of my colleagues 
in the Senate, I believe addressing cyber security is also important.
  When I was ranking member of the commerce committee's consumer 
protection subcommittee, I worked on these issues in detail. I 
understand very well the impact of data breaches, cyber threats. In 
fact, back in my State of Nevada, one of the top concerns is identity 
theft. Not only can these identity thieves wreak financial havoc on a 
consumer's life, but these threats also pose a serious national 
security concern.
  We saw with OPM's breach that personal information for 21.5 million 
Federal employees, even those who received security clearances, was 
compromised. In my office, in fact, a member of my staff was breached 
three times in just the last 4 years. These thieves cross international 
borders. They break and enter into private homes. They hack their way 
to intrusion with a keyboard and a simple click of the mouse.
  So I share the desire to find a path forward on information sharing 
between the Federal Government and the private sector as another tool 
in the cyber security toolbox, but I have always stood firm with these 
types of efforts that they must also maintain American's privacy 
  The bill I see today, including the substitute amendment, does not do 
enough to ensure personally identifiable information is stripped out 
before sharing. That is why I filed a fix. Let's strengthen the 
standard for stripping out this information. Right now, this bill says 
the private sector and the Federal Government only have to strip out 
personal information if they know--if they know--it is not directly 
related to a cyber threat.
  I would like to offer some context to that. Let's say you are pulled 
over for speeding, not knowing the speed limit does not absolve you of 
guilt. If your company fails to follow a Federal law or regulation, not 
knowing about the law does not exempt you from the consequences of 
violating it. Ignorance is no excuse under the law, so why should this 
particular piece of legislation be any different?
  My amendments ensure that when personal information is being stripped 
out, it is because the entity reasonably believes--not knows but 
reasonably believes--it is not related to a cyber threat. One of my 
amendments addresses the Federal Government's responsibility to do 
this, and the other addresses the private sector's responsibility to do 
  This term ``reasonably believes''--let me repeat that--``reasonably 
believes'' is an important distinction that this bill needs. It creates 
a wider protection for personal information by ensuring these entities 
are making an effort to take out personal information that is not 
necessary for cyber security. Our friends over in the House of 
Representatives already agree the private sector should be held to this 
standard, which is why they included this language in the cyber 
security bill which they passed. I hope to see this important 
protection retained in any conference agreement should this bill move 

  Furthermore, in a letter to a Senator last week, DHS directly 
acknowledged the importance of removing personally identifiable 
information and even went so far as to say this removal will allow the 
information-sharing regime to function much better. Even DHS agrees 
that with this amendment it would function much better. So what it 
comes down to is our Nation's commitment to balancing the needs for 
sharing cyber security information with the need to protect America's 
personal information.
  I believe my amendment, No. 2548, to hold the Federal Government 
accountable strikes that balance, and I will continue strongly pushing 
forward to get this vote. I encourage my colleagues to support this 
commonsense effort to strengthen this bill and keep our commitment to 
upholding the rights of all U.S. citizens.
  As we discuss this issue, I hope we will continue having the 
opportunity to truly debate and make improvements to this bill. I 
believe that if given the opportunity, we can strengthen this 
legislation even more to protect against cyber security threats while 
also protecting American citizens' private information.
  No bill is perfect, as the Presiding Officer knows, but that is why 
we are here and that is why there is an amendment process. That is why 
I wish to see

[[Page S6272]]

the Senate openly debate and amend this bill, including my amendment. 
The privacy rights of Americans are too important an issue and a very 
important issue to all of us.
  I acknowledge that some of my colleagues want the opportunity to 
debate issues related to the bill and those issues that are unrelated 
to the bill. I recognize there are many important issues Members would 
like to see addressed before August--or at least the August recess--
such as my friend from Kentucky, who filed an amendment regarding 
firearms on bases. Like my colleague, I recognize the importance of 
this issue, which is why I introduced this legislation days ago. My 
legislation would simply require the Secretary of Defense to establish 
a process for base commanders in the United States to authorize a 
servicemember to carry a concealed personal firearm while on base. Men 
and women who serve our country deserve to feel safe and should be able 
to defend themselves while stationed in the United States. That is why 
I feel strongly that Congress should give our Nation's base commanders 
the authority they need to create a safer environment for our heroes 
serving across America.
  At this time I recognize it is unclear if there will be an 
opportunity to debate this issue on this particular piece of 
legislation, but it is an important issue. Once again, I hope that as 
we continue to debate this bill that we will find a path forward on all 
  I appreciate the willingness of both Senator Burr and Senator 
Feinstein to work with me on my amendments, and I look forward to 
continuing this debate.
  I yield the floor.
  The PRESIDING OFFICER. The Senator from New York.
  Mr. SCHUMER. Mr. President, I ask unanimous consent that the next 30 
minutes be equally divided between Senators Schumer, Boxer, Whitehouse, 
Markey, and Schatz.
  The PRESIDING OFFICER. Is there objection?
  Mr. WHITEHOUSE. Mr. President, may I ask for a modification that I be 
able to speak for 1 minute on the cyber issue before we go into that 30 
  With that modification, I have no objection.
  The PRESIDING OFFICER. Is there objection to the request?
  Without objection, it is so ordered.
  Mr. WHITEHOUSE. Thank you.
  Mr. President, in my 1 minute, I just wish to respond to what my 
friend, the Senator from Arizona, said. We are very keen to get a good, 
strong cyber security bill passed.
  My concern about the amendment process is that amendments that will 
strengthen the bill and make it a better cyber bill ought to have a 
chance to get a vote. I have one that I worked out with Senator Graham, 
who I think has good national security credentials and whom Senator 
McCain respects, and another one with Senator Blunt, who also has good 
national security credentials and whom I think Senator McCain also 
respects. I believe both of the bills have now been cleared by the U.S. 
Chamber of Commerce, so they don't have a business community objection. 
But I also fear that if we followed the majority leader's proposal, he 
would file cloture and they wouldn't survive a germaneness test.
  So I think our leader's offer, basically, of a specific list of 
amendments--none of which are ``gotcha'' amendments, all of which 
relate to this bill--would be a very good way to proceed, get on the 
bill, and get something passed.
  The PRESIDING OFFICER. The Senator from New York.
  Mr. SCHUMER. First, I thank my friend from Rhode Island. I think 
there is a broad agreement--I certainly do--that we want to move to 
this bill and, if given an agreement on a limited number of amendments, 
all relevant to cyber security, with no intention to be dilatory, and 
with time limits, we can get this done. But it is only fair on a major 
bill to offer some amendments and not just to fill the tree and have no 
amendments at all.