The Senate will vote Wednesday on a cybersecurity information-sharing bill that aims to prevent the vast data breaches that recently stole information on millions of Americans, which could give the bill enough time to pass before lawmakers leave for recess later in the week. Lawmakers remain divided, however, on whether the bill would place even more sensitive personal data at risk.

The Cybersecurity Information Sharing Act would offer legal protections to companies that would enable them to share more information about their networks and hacker threats with the government. The White House has already supported a counterpart version of the bill that passed the House in April.

Speaking on the Senate floor on Tuesday, Senate Majority Leader Mitch McConnell, R-K.Y., warned America needs new protections to avoid “the cybersecurity Dark Ages,” citing as a cautionary example the recent hack of the Office of Personnel Management, which exposed personal data on up to 21 million current and prospective federal workers.

To address concerns that the bill would dilute consumer privacy by sharing too much information with government networks, McConnell also invited amendments from both parties.

“Now that we have a path forward that gives both sides what they said they need, I invite our colleagues to join us now in moving forward on this bill,” McConnell said on the Senate floor. “It contains strong measures to limit the use, retention, and diffusion of consumers’ personal information. Information-sharing with the government would also be voluntary under this bipartisan legislation.”

Democrats including Sen. Dianne Feinstein of California and Minority Leader Harry Reid of Nevada tried to shepherd this amendment process to enable a vote on the bill before the Senate leaves Washington before returning in September.

Sen. Rand Paul, R-K.Y., was among those on Tuesday who introduced amendments to the bill, including clarifications that it would not enable government agencies to ignore protections for whistleblowers or laws regarding privacy and surveillance.

“This affirms that the government cannot circumvent warrant requirements by taking Americans’ records from third parties, and protects constitutional rights during engagement in regular communication and commerce,” said a press release announcing Paul’s proposed amendments.

A coalition of privacy advocates, however, remain convinced that the bill needs more work before it includes enough protections to prevent a surveillance loophole that enables law enforcement agencies to sweep up consumer data from business networks. The coalition, which includes the American Civil Liberties Union, the Constitution Project and the Freedom of the Press Foundation wrote a letter to President Barack Obama last week urging him to reject the bill.

“It would actually make cybersecurity worse while compromising basic democratic protections for personal privacy,” the ACLU said in a statement about​ the bill on the coalition’s website.



The Constitution Project advocacy group said in a statement on the coalition’s website that observing “cyberhygeine” would be a better solution than granting companies greater legal protection for sending the government data about threats to its business networks. Many attacks on consumers and companies are made possible by gaps in network protection, including poor passwords or lax online vigilance. PricewaterhouseCoopers’ 2014 U.S. State of Cybercrime Survey revealed that many American companies had not taken important steps to protect themselves.