The Cybersecurity Information Sharing Act (CISA) (S.754) passed by 74 to 21 votes after a day of debate. It needed 60 votes to pass.
The bill seeks to encourage greater sharing of information between private companies and the government on cybersecurity threats and issues.
At present, companies are sometimes hesitant to reveal details of breaches because it might put them at risk of lawsuits, but CISA provides immunity from such actions.
Its supporters, which include major industry groups and the White House, say the bill and its protections will lead to a better and more coordinated defense against cyberattacks on U.S. businesses and organizations.
But opponents say CISA means more private information being handed over to the government. The Department of Homeland Security, which is charged with receiving the information from companies, is supposed to anonymize the data, but that hasn't reduced the criticism from big names including the ACLU, Apple, Google, Facebook, Yahoo, Twitter, Reddit, Yelp and the Wikimedia Foundation.
The Electronic Frontier Foundation has called it a "fundamentally flawed bill, which already suffers from broad immunity clauses, vague definitions, and aggressive spying authorities."
Fight For the Future, one of the groups coordinating opposition to CISA, said senators who voted for the bill had "voted for a world without freedom of expression, a world without true democracy, a world without basic human rights."
But despite those claims, many major industry organizations did support the bill for the legal immunity it provides. The mobile carriers' lobbying organization, the CTIA, was one of the first to hail passage of CISA on Tuesday evening, saying it "offers a constructive framework for bi-directional information sharing that will strengthen America’s cyber defenses."
The U.S. has been hit by a number of major cyberattacks in the last few years, leading to the loss of personal information on tens of millions of residents. One of the most recent targeted the government’s Office of Personnel Management and involved the theft of data on almost every federal worker.
The bill is part of a reaction to those hacks and furthers the government’s wish to act as a clearinghouse for cyberthreat data.
With its passage through the Senate, the bill will now head to the House of Representatives. If the two houses manage to hammer out an agreement on the bill, the last chance of privacy advocates will be a veto by President Obama.