Senate Majority Leader Mitch McConnell was pushing for a vote on CISA before a four-week summer recess starts on August 10. But a spokesman for the Kentucky Republican on Thursday said there were no immediate plans for a vote, IDG News Service reported.
CISA would incentivize companies to monitor their customers and share information about "cyber threats indicators" with the US Department of Homeland Security by granting businesses legal immunity from any surveillance laws when they do so.
Supporters of CISA, including several tech trade groups, say the bill would help businesses better respond to cyberattacks by giving them more information about hacker activity.
Privacy advocates have panned the legislation for allowing businesses to share personal information about customers. DHS could then pass that personal information on to the National Security Agency and other intelligence agencies, critics say.
Any information shared with the government under CISA could fall under the jurisdiction of the National Security Agency's cybersecurity surveillance powers.
As revealed by former NSA contractor Edward Snowden, cyber threat indicators can be used by the NSA as selectors to target the warrantless interception and collection of information from the Internet.
Moreover, any "incidental" data that is picked up along the way that is not directly related to the threat, including any and all personal data that is hacked or targeted as part of the cyber threat, can be indefinitely retained by the NSA.
Any information collected under CISA will be deemed "voluntarily shared information," exempt from disclosure under the Freedom of Information Act or any state, local, or tribal law.
Lawmakers who are pushing hardest for the bill have received more than twice as much in financial contributions from the defense industry than those who are opposing it.
Assertions by CISA supporters who say it is not a surveillance bill are "highly misleading," said Jonathan Mayer, a security researcher and lawyer at Stanford University.
CISA "funnels information to the government, private personal data from businesses to the intelligence community," Mayer said during a press briefing Thursday. In addition, the NSA, using its existing surveillance authority, can use the data to target the people whose information is shared, he said.
