[Congressional Record Volume 161, Number 125 (Tuesday, August 4, 2015)]
[Senate]
[Pages S6256-S6263]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




    CYBERSECURITY INFORMATION SHARING ACT OF 2015--MOTION TO PROCEED

  The PRESIDING OFFICER. Under the previous order, the Senate will 
resume consideration of the motion to proceed to S. 754, which the 
clerk will report.
  The legislative clerk read as follows:

       Motion to proceed to Calendar No. 28, S. 754, a bill to 
     improve cybersecurity in the United States through enhanced 
     sharing of information about cybersecurity threats, and for 
     other purposes.

  Mr. SANDERS. Mr. President, I ask unanimous consent to address the 
Senate for up to 15 minutes.
  The PRESIDING OFFICER. Without objection, it is so ordered.


                        Campaign Finance Reform

  Mr. SANDERS. Mr. President, on November 19, 1863, standing on the 
bloodstained battlefield of Gettysburg, Abraham Lincoln delivered one 
of the most significant and best remembered speeches in American 
history. At the conclusion of the Gettysburg Address, Lincoln stated 
``that we here highly resolve that these dead shall not have died in 
vain . . . that this nation, under God, shall have a new birth of 
freedom . . . and that government of the people, by the people, for the 
people, shall not perish from the earth.''
  In the year 2015, with a political campaign finance system that is 
corrupt and increasingly controlled by billionaires and special 
interests, I fear very much that, in fact, government of the people, by 
the people, and for the people is perishing in the United States of 
America.
  Five years ago, in the disastrous Citizens United Supreme Court 
decision, by a 5-to-4 vote, the U.S. Supreme Court said to the 
wealthiest people in this country: Billionaires, you already own much 
of the American economy. Now we are going to give you the opportunity 
to purchase the U.S. Government, the White House, the U.S. Senate, the 
U.S. House, Governors' seats, legislatures, and State judicial branches 
as well. In essence, that is exactly what they said, and, in fact, that 
is exactly what is happening as we speak.
  As a result of Citizens United, during this campaign cycle, billions 
of dollars from the wealthiest people in this country will flood the 
political process. Super PACs--a direct outgrowth of the Citizens 
United decision--enabled the wealthiest people and the largest 
corporations to contribute unlimited amounts of money to campaigns. 
According to recent FEC filings, super PACs have raised more than $300 
million for the 2016 Presidential election already, and this election 
cycle has barely begun. This $300 million is more than 11 times what 
was raised at this point in the 2000 election cycle. What will the 
situation be 4 years from now? What will the situation be 8 years from 
now? How many billions and billions of dollars from the wealthy and 
powerful will be used to elect candidates who represent the rich and 
the superrich?
  According to the Sunlight Foundation, more than $2 out of every $3 
raised for Presidential candidates so far is going to super PACs and 
not to the candidate's own campaign. This is quite extraordinary. What 
this means is that super PACs, which theoretically operate 
independently of the actual candidate, have more money and more 
influence over the candidate's campaign than the candidate himself or 
herself. Let me repeat that. The millionaires and billionaires who 
control

[[Page S6257]]

the super PACs have more money and more influence over a candidate's 
campaign than the candidate himself or herself. In other words, the 
candidate becomes a surrogate, a representative for powerful special 
interests and is not even in control of his or her own campaign.
  Mr. President, 35 individuals or companies have already donated more 
than $1 million to super PACs so far. According to the Associated 
Press, almost 60 donors have accounted for nearly one-third of all of 
the money donated so far in the Presidential race, including donations 
to the campaigns themselves. Donors giving at least $100,000 account 
for close to half of all funds raised. Let's be clear. This is all 
taking place at the early stages of the campaign. We have a long way to 
go.
  We know, for example, that the Koch brothers, worth some $85 
billion--the second wealthiest family in America--have made public that 
they intend to spend some $900 million on this election. This is more 
money than either the Democratic Party or the Republican Party will 
spend. One family will be spending more money than either the 
Democratic Party or the Republican Party. How do we describe a process 
in which one multibillion-dollar family spends more money on a campaign 
than either of the two major political parties? Well, I define that 
process not as democracy but as oligarchy.
  Let's be honest and acknowledge what we are talking about. We are 
talking about a rapid movement in this country toward a political 
system in which a handful of very wealthy people and special interests 
will determine who gets elected or who does not get elected. That is 
not, to say the least, what this country is supposed to be about. That 
was not, to say the least, the vision of Abraham Lincoln when he talked 
about a nation in which we had a government of the people, by the 
people, for the people. That is not what Lincoln's vision was about.
  This is not just Bernie Sanders expressing a concern. Last week, this 
is what former President Jimmy Carter had to say about the current 
campaign finance system on the Thom Hartmann radio show. President 
Carter stated that unlimited money in politics ``violates the essence 
of what made America a great country in its political system. Now, it's 
just an oligarchy, with unlimited political bribery being the essence 
of getting the nominations for president or to elect the president. And 
the same thing applies to governors and U.S. Senators and congress 
members. So now we've just seen a complete subversion of our political 
system as a payoff to major contributors, who want and expect and 
sometimes get favors for themselves after the election's over.''
  Mr. President, I ask unanimous consent to have President Carter's 
statement printed in the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                  [From the Intercept, July 30, 2015]

   Jimmy Carter: The U.S. Is an ``Oligarchy With Unlimited Political 
                               Bribery''

                            (By Jon Schwarz)

       Former president Jimmy Carter said Tuesday on the 
     nationally syndicated radio show the Thom Hartmann Program 
     that the United States is now an ``oligarchy'' in which 
     ``unlimited political bribery'' has created ``a complete 
     subversion of our political system as a payoff to major 
     contributors.'' Both Democrats and Republicans, Carter said, 
     ``look upon this unlimited money as a great benefit to 
     themselves.''
       Carter was responding to a question from Hartmann about 
     recent Supreme Court decisions on campaign financing like 
     Citizens United.


                               Transcript

       HARTMANN: Our Supreme Court has now said, ``unlimited money 
     in politics.'' It seems like a violation of principles of 
     democracy. . . . Your thoughts on that?
       CARTER: It violates the essence of what made America a 
     great country in its political system. Now it's just an 
     oligarchy, with unlimited political bribery being the essence 
     of getting the nominations for president or to elect the 
     president. And the same thing applies to governors and U.S. 
     Senators and congress members. So now we've just seen a 
     complete subversion of our political system as a payoff to 
     major contributors, who want and expect and sometimes get 
     favors for themselves after the election's over. . . . The 
     incumbents, Democrats and Republicans, look upon this 
     unlimited money as a great benefit to themselves. Somebody 
     who's already in Congress has a lot more to sell to an avid 
     contributor than somebody who's just a challenger.

  Mr. SANDERS. Mr. President, the need for real campaign finance reform 
is not a progressive issue. It is not a conservative issue. It is an 
American issue. It is an issue that should concern all Americans, 
regardless of their political point of view, who wish to preserve the 
essence of the longest standing democracy in the world, a government 
which represents all of the people and not a handful of powerful and 
wealthy special interests.
  The need for real campaign finance reform must happen and it must 
happen as soon as possible. That is why clearly we must overturn, 
through a constitutional amendment, the disastrous Citizens United 
Supreme Court decision as well as the Buckley v. Vallejo decision. That 
is why we need to pass disclosure legislation which will identify all 
those wealthy individuals who make large campaign contributions. More 
importantly, it is why we need to move toward public funding of 
elections.
  Our vision for American democracy, our vision for the United States 
of America, should be a nation in which all people, regardless of their 
income, can participate in the political process, can run for office 
without begging for contributions from the wealthy and the powerful. 
Every Member of the Senate and every Member of the House knows how much 
time candidates spend on the telephone dialing for dollars--
Republicans, Democrats, everybody. This is not what democracy should be 
about.
  Our vision for the future of this country should be one in which 
candidates are not telling billionaires at special forums what they can 
do for them. Our vision for democracy should be one in which candidates 
are speaking to the vast majority of our people--working people, the 
middle class, low-income people, the elderly, the children, the sick, 
and the poor--and discussing with them their ideas as to how we can 
improve lives for all people in this country.
  Let us be frank. Let us be honest. The current political campaign 
finance system is corrupt and amounts to legalized bribery. How can we 
in the United States tell developing countries how they can go forward 
in developing their democracies when our system is corrupt? Our vision 
for the future of this country should be a vision which is inclusive, 
which tells young people that if you are conservative, if you are 
progressive, if you are interested in public service, you can run for 
office without begging the rich and the powerful for campaign 
contributions.
  When Congress returns after the August break, I will be introducing 
strong legislation which calls for public funding of elections, which 
will enable any candidate, regardless of his or her political views, to 
run for office without being beholden to the rich and the powerful. I 
hope very much the Republican leadership in the Senate will allow this 
legislation to get to the floor, I hope we can have a serious debate 
about it, and I hope very much we can go forward to restoring American 
democracy to a situation in which every citizen of this country has the 
right to vote and has equal power in determining the future of our 
great Nation.
  Mr. President, with that, I yield the floor.
  The PRESIDING OFFICER (Mr. Lee). The Senator from California.
  Mrs. FEINSTEIN. Mr. President, I would like to speak in support of 
the Cybersecurity Information Sharing Act. I had hoped Senator Burr, 
the chairman of the committee, would be able to deliver the remarks 
initially. However, he has been unfortunately delayed, and so I will go 
ahead with my remarks as vice chairman of the committee.
  There is no legislative or administrative step we can take that will 
end all cyber crime and cyber warfare, but as members of the Senate 
Intelligence Committee, we have heard over the course of several years 
now that improving the exchange of information and the sharing of that 
information, company to company and company to the government, can be 
very helpful and yield a real and significant improvement to cyber 
security.
  Regrettably, this is the third attempt to pass a cyber security 
information sharing bill. In the almost 5 years that I have been 
working on this issue, two things have become abundantly clear about 
passing the bill. First, it must be bipartisan. In 2012, I cosponsored 
the Lieberman-Collins Cybersecurity Act, which included a title on

[[Page S6258]]

information sharing based on a bill I had introduced. It was an 
important piece of legislation, but it received almost no Republican 
support and could not gain the 60 votes needed to invoke cloture. It 
became clear to me then that no cyber security legislation could pass 
without broad bipartisan support.
  The second lesson that has been learned is, it must be narrowly 
focused. The Lieberman-Collins bill sought to address many critical 
challenges to our Nation's cyber security. Then-Majority Leader Harry 
Reid, brought the chairmen of all committees of jurisdiction on our 
side together and asked them to draft legislation on cyber security in 
their areas. It soon became clear that addressing so many complex 
issues makes a bill very difficult to pass. That bill died on the 
Senate floor in late 2012.
  Based on these lessons, we have tried to take a bipartisan and 
focused approach so Congress can pass a cyber security information 
sharing bill. In the last Congress, in 2013 and 2014, then-vice 
chairman of the Intelligence Committee Saxby Chambliss and I sought to 
draft legislation on information sharing that would attract bipartisan 
support. We worked through a number of difficult issues together, and 
we were able to produce a bill that I believed would pass the Senate. 
The Intelligence Committee approved the bill in 2014 by a strong 
bipartisan vote of 12 to 3, but it never reached the Senate floor due 
to privacy concerns about the legislation.
  This year, Chairman Burr and I have drafted legislation that both 
sides can and should support. This bill is bipartisan, it is narrowly 
focused, and it puts in place a number of privacy protections, many of 
which I will outline shortly. The bill's bipartisan vote of 14 to 1 in 
the Senate Intelligence Committee in March underscores this fact.
  I would like to thank Senator Burr for his leadership and his 
willingness to negotiate a bipartisan bill that can and should receive 
a strong vote. As he often says, neither one of us would have written 
this bill this way if we were doing it ourselves. This Senator believes 
it is also true that by negotiating this draft, we will get 
substantially more votes than either of us can get on our own. I very 
much hope that is true.
  I note that this bill has strong support from the private sector 
because it creates incentives for improving cyber security and protects 
companies that take responsible steps to do so. Companies are shielded 
from lawsuits if they properly use the authorities provided for in this 
bill. They can be confident that sharing information with other 
companies or with the government will not subject them to inappropriate 
regulatory action.
  For these reasons, this bill has the support of over 40 business 
groups, and it is the first bill that has the support of the U.S. 
Chamber of Commerce. It also has the support of the most important 
cyber security and critical infrastructure companies in the Nation.
  Mr. President, I would like to ask unanimous consent to have those 
letters printed into the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:
                                                   August 3, 2015.
     Hon. Mitch McConnell,
     U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: On 
     behalf of our diverse members, we write today in strong 
     support of the Cybersecurity Information Sharing Act (S. 
     754), a bipartisan bill approved earlier this year on a near-
     unanimous basis by the Select Committee on Intelligence. We 
     strongly urge you to bring up S. 754 as expeditiously as 
     possible, defeat any amendments that would undermine this 
     important legislation, and support the underlying bill.
       The threat of cyber-attacks is a real and omnipresent 
     danger to our sector, our members' customers and clients, and 
     to critical infrastructure providers upon which we--and the 
     nation as a whole--rely. S. 754 would enhance our ability to 
     defend the financial services sector and the sensitive data 
     of hundreds of millions of Americans. It is critical that 
     Congress get cybersecurity information sharing legislation to 
     the President's desk before the next crisis, not after.
       Our members and the broader financial services industry are 
     dedicated to improving our capacity to protect customers and 
     their sensitive information but as it stands today, our laws 
     do not do enough to foster information sharing and establish 
     clear lines of communication with the various government 
     agencies responsible for cybersecurity. If adopted and signed 
     into law, this legislation will strengthen the nation's 
     ability to defend against cyber-attacks and better protect 
     all Americans by encouraging the business community and the 
     government to quickly and effectively share critical 
     information about these threats while ensuring privacy. More 
     effective information sharing provides some of the strongest 
     protections of privacy, as it is sensitive information from 
     our member firms' customers that we are asking Congress to 
     protect from those who attempt to steal or destroy that 
     information.
       Each of our organizations and our respective member firms 
     has made cybersecurity a top priority and we are committed to 
     continuing to work with you and your colleagues in the Senate 
     so that effective cyber threat information sharing 
     legislation can be enacted into law.
           Sincerely,
         American Bankers Association; American Insurance 
           Association; The Clearing House; Financial Services 
           Institute; Financial Services Roundtable; Investment 
           Company Institute; NACHA--The Electronic Payments 
           Association; The National Association of Mutual 
           Insurance Companies; Property Casualty Insurers 
           Association of America; Securities Industry and 
           Financial Markets Association.
                                  ____

                                                   August 3, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     Minority Leader, U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: 
     The undersigned organizations reiterate their support for 
     cybersecurity information sharing and liability protection 
     legislation and urge the Senate to promptly take up and pass 
     S. 754, the Cybersecurity Information Sharing Act (CISA) of 
     2015. Enactment of such legislation is urgently needed to 
     further enhance and encourage communication among the federal 
     government, the North American electric power sector, and 
     other critical infrastructure sectors, thus improving our 
     ability to defend against cyber attacks.
       While the electric sector already engages in significant 
     information sharing activities and has in place mandatory and 
     enforceable reliability and cybersecurity standards, there 
     remains an urgent need for the government and industry to 
     better share actionable security information in a timely and 
     confidential manner, including protections against public 
     disclosure of sensitive security information. CISA provides a 
     framework to help foster even more meaningful information 
     sharing while maintaining a critical balance between 
     liability and privacy protections.
       The electric power sector takes very seriously its 
     responsibility to maintain the reliability, safety, and 
     security of the electric grid. Beyond mandatory standards, 
     the industry maintains an all-hazards ``defense in depth'' 
     mitigation strategy that combines preparation, prevention, 
     resiliency, and response and recovery efforts. We also work 
     closely with the federal government and other critical 
     infrastructure sectors on which the electric sector depends 
     through the Electricity Subsector Coordinating Council, and 
     share electric sector threat information through the 
     Electricity Sector Information Sharing and Analysis Center. 
     Passage of CISA will enhance these activities.
         American Public Power Association (APPA); Canadian 
           Electric Association (CEA); Edison Electric Institute 
           (EEI); Electric Power Supply Association (EPSA); 
           GridWise Alliance; Large Public Power Council (LPPC); 
           National Rural Electric Cooperative Association 
           (NRECA); National Association of Regulatory Utility 
           Commissioners (NARUC); Transmission Access Policy Study 
           Group (TAPS).
                                  ____



                                 American Bankers Association,

                                   Washington, DC, August 3, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Richard Burr,
     U.S. Senate, Washington, DC.
     Hon. Harry Reid,
     Minority Leader, U.S. Senate,
     Washington, DC.
     Hon. Dianne Feinstein,
     U.S. Senate, Washington, DC.
       Dear Senators: I am writing on behalf of the members of the 
     American Bankers Association (ABA) to urge you to support the 
     Cybersecurity Information Sharing Act (CISA, S. 754) when it 
     is brought to the Senate floor, and to defeat any amendments 
     that would undermine this critically needed legislation.
       CISA is bipartisan legislation introduced by Chairman 
     Richard Burr and Vice Chairman Dianne Feinstein, and reported 
     by a strong bipartisan 14-1 vote in the Senate Intelligence 
     Committee. It will enhance ongoing efforts by the private 
     sector and the Federal government to better protect our 
     critical infrastructure and protect Americans from all walks 
     of life from cyber criminals. Importantly, CISA facilitates 
     increased cyber intelligence information sharing between the 
     private and public sectors, and strikes the appropriate 
     balance between protecting consumer privacy and allowing 
     information sharing on serious threats to our nation's 
     critical infrastructure.

[[Page S6259]]

       Cybersecurity is a top priority for the financial services 
     industry. Banks invest hundreds of millions of dollars every 
     year to put in place multiple layers of security to protect 
     sensitive data. Protecting customers has always been and will 
     remain our top priority and CISA will help us work more 
     effectively with the Federal government and other sectors of 
     the economy to better protect them from cyber attacks.
       We urge you to support this important legislation and pass 
     it as soon as possible to better protect America's 
     cybersecurity infrastructure against current and future 
     threats.
           Sincerely,
     James C. Ballentine.
                                  ____

                                            Information Technology


                                             Industry Council,

                                    Washington, DC, July 23, 2015.
     Hon. Mitch McConnell,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Harry Reid,
     Democratic Leader, U.S. Senate,
     Washington, DC.
       Dear Majority Leader McConnell and Democratic Leader Reid: 
     On behalf of the members of the Information Technology 
     Industry Council (ITI), I write to express our support for S. 
     754, the Cybersecurity Information Sharing Act of 2015 
     (CISA), and urge you to bring it to the Senate floor for 
     debate and vote. Given the importance of cybersecurity threat 
     information sharing to the high-tech industry, we will 
     consider scoring votes in support of CISA in our 114th 
     Congressional Voting Guide.
       ITI members contribute to making the U.S. information and 
     communication technology (ICT) industry the strongest in the 
     world in innovative cybersecurity practices and solutions. We 
     firmly believe that passing legislation to help increase 
     voluntary cybersecurity threat information sharing between 
     the private sector and the federal government, and within the 
     private sector, is an important step Congress can take to 
     enable all stakeholders to address threats, stem losses, and 
     shield their systems, partners and customers. It is important 
     that the Senate act now to pass CISA and continue to move the 
     legislative process forward, so that Congress can reconcile 
     CISA with the House cybersecurity legislation, H.R. 1560, the 
     Protecting Cyber Networks Act, and H.R. 1731, the National 
     Cybersecurity Protection Advancement Act of 2015, and send a 
     bill to the president.
       ITI believes that legislation to promote greater 
     cybersecurity threat information sharing should:
       Affirm that cybersecurity threat information sharing be 
     voluntary;
       Promote multidirectional cybersecurity threat information 
     sharing, allowing private-to-private, private-to-government 
     and government-to-private sharing relationships;
       Include targeted liability protections;
       Utilize a civilian agency interface for private-to-
     government information sharing to which new liability 
     protections attach;
       Promote technology-neutral mechanisms that enable 
     cybersecurity threat information to be shared in as close to 
     real-time as possible;
       Require all entities to take reasonable steps to remove 
     personally identifiable information from information shared 
     through data minimization; and
       Ensure private sector use of information received through 
     private-to-private sharing is only for cybersecurity 
     purposes, and government use of information received from the 
     private sector is limited to cybersecurity purposes and used 
     by law enforcement only:
       For the investigation and prosecution of cyber crimes;
       For the protection of individuals from the danger of death 
     or serious bodily harm and the investigation and prosecution 
     of crimes involving such danger; and
       For the protection of minors from child pornography.
       We appreciate the progress made by the Senate Intelligence 
     Committee to include provisions that would protect personally 
     identifiable information while also allowing for a 
     cybersecurity threat information sharing framework that will 
     enhance our ability to protect and defend our networks.
       We look forward to working closely with you, your committee 
     leadership, and the House of Representatives to further 
     address outstanding issues in conference to ensure it adheres 
     to our above cybersecurity threat information sharing 
     principles. ITI remains committed to refining the legislation 
     and supporting a final product that can best achieve our goal 
     of promoting greater cybersecurity.
           Sincerely,
                                                 Dean C. Garfield,
     President & CEO.
                                  ____



                                    BSA/The Software Alliance,

                                    Washington, DC, July 21, 2015.
     Hon. Mitch McConnell,
     Senate Majority Leader,
     Washington, DC.
     Hon. Harry Reid,
     Senate Minority Leader,
     Washington, DC.
       Dear Majority Leader McConnell and Minority Leader Reid: On 
     behalf of BSA/The Software Alliance, I write in support of 
     bringing the Cybersecurity Information Sharing Act of 2015 
     (S. 754) to the Senate floor for a robust debate. Enactment 
     of bipartisan legislation that enhances voluntary cyber 
     threat information sharing while ensuring privacy protection 
     will be an important step in bolstering our nation's 
     cybersecurity capabilities.
       Our members are on the front lines defending against cyber 
     attacks. Every day, bad actors are attacking networks to 
     extract valuable private and commercial information. We 
     believe it is now more important than ever to enact 
     legislation to break down the legal barriers that currently 
     discourage cyber threat information sharing between and among 
     the public and private sectors. Increased awareness will 
     enhance the ability of businesses, consumers, and critical 
     infrastructure to better defend themselves against attacks 
     and intrusions. We are confident that all of these goals can 
     be accomplished without comprising the privacy of an 
     individual's information.
       I appreciate your leadership on moving this important 
     legislation forward to a successful outcome in the Senate. We 
     support this bipartisan effort and look forward to working 
     with you in the process to ultimately move a cyber threat 
     information sharing bill to the President's desk for 
     signature.
           Sincerely,
                                              Victoria A. Espinel,
     President and CEO.
                                  ____

                                              Protecting America's


                                     Cyber Networks Coalition,

                                                    July 21, 2015.
       To the Members of the United States Senate: The Protecting 
     America's Cyber Networks Coalition (the coalition) urges the 
     Senate to take up and pass S. 754, the Cybersecurity 
     Information Sharing Act (CISA) of 2015. Passing cybersecurity 
     information-sharing legislation is a top policy priority of 
     the coalition, which is a partnership of leading business 
     associations representing nearly every sector of the U.S. 
     economy.
       In March, the Select Committee on Intelligence passed CISA 
     by a strong bipartisan vote (14-1). The Senate can build on 
     the momentum generated in the House to move CISA forward. In 
     April, the House passed two cybersecurity information-sharing 
     bills--H.R. 1560, the Protecting Cyber Networks Act (PCNA), 
     and H.R. 1731, the National Cybersecurity Protection 
     Advancement Act (NCPAA) of 2015--with robust majorities from 
     both parties and broad industry support.
       Our organizations believe that Congress needs to send a 
     bill to the president that gives businesses legal certainty 
     that they have safe harbor against frivolous lawsuits when 
     voluntarily sharing and receiving threat indicators and 
     defensive measures in real time and taking actions to 
     mitigate cyberattacks.
       The legislation also needs to offer protections related to 
     public disclosure, regulatory, and antitrust matters in order 
     to increase the timely exchange of information among public 
     and private entities. Coalition members also believe that 
     legislation needs to safeguard privacy and civil liberties 
     and establish appropriate roles for government agencies and 
     departments. CISA reflects sound compromises among many 
     stakeholders on these issues.
       Recent cyber incidents underscore the need for legislation 
     to help businesses improve their awareness of cyber threats 
     and to enhance their protection and response capabilities in 
     collaboration with government entities. Cyberattacks aimed at 
     U.S. businesses and government bodies are increasingly being 
     launched from sophisticated hackers, organized crime, and 
     state-sponsored groups. These attacks are advancing in scope 
     and complexity.
       The coalition is committed to working with lawmakers and 
     their staff members to get cybersecurity information-sharing 
     legislation quickly enacted to strengthen our national 
     security and the protection and resilience of U.S. industry. 
     Congressional action cannot come soon enough.
           Sincerely,
         Agricultural Retailers Association (ARA); Airlines for 
           America (A4A); Alliance of Automobile Manufacturers; 
           American Bankers Association (ABA); American Cable 
           Association (ACA); American Council of Life Insurers 
           (ACLI); American Fuel & Petrochemical Manufacturers 
           (AFPM); American Gaming Association; American Gas 
           Association (AGA); American Insurance Association 
           (AIA); American Petroleum Institute (API); American 
           Public Power Association (APPA); American Water Works 
           Association (AWWA); ASIS International; Association of 
           American Railroads (AAR); BITS--Financial Services 
           Roundtable; College of Healthcare Information 
           Management Executives (CHIME); CompTIA--The Computing 
           Technology Industry Association; CTIA--The Wireless 
           Association; Edison Electric Institute (EEI); 
           Federation of American Hospitals (FAH); Food Marketing 
           Institute (FMI).
         GridWise Alliance; HIMSS--Healthcare Information and 
           Management Systems Society; HITRUST--Health Information 
           Trust Alliance; Large Public Power Council (LPPC); 
           National Association of Chemical Distributors (NACD); 
           National Association of Manufacturers (NAM); National 
           Association of Mutual Insurance Companies (NAMIC); 
           National Association of Water Companies (NAWC); 
           National Business Coalition on e-Commerce & Privacy; 
           National Cable & Telecommunications Association (NCTA); 
           National Rural Electric Cooperative Association 
           (NRECA).
         NTCA--The Rural Broadband Association; Property Casualty 
           Insurers Association of America (PCI); The Real Estate 
           Roundtable; Securities Industry and Financial Markets 
           Association (SIFMA); Society of Chemical Manufacturers 
           & Affiliates (SOCMA); Telecommunications Industry 
           Association (TIA); Transmission Access Policy Study 
           Group (TAPS); United States Telecom Association 
           (USTelecom);

[[Page S6260]]

            U.S. Chamber of Commerce; Utilities Telecom Council 
           (UTC).
                                  ____

                                            Chamber of Commerce of


                                 the United States of America,

                                                February 14, 2015.
       To the Members of the United States Senate: As the Senate 
     prepares to consider S. 754, the ``Cybersecurity Information 
     Sharing Act of 2015,'' the U.S. Chamber of Commerce, the 
     world's largest business federation representing the 
     interests of more than three million businesses of all sizes, 
     sectors, and regions, as well as state and local chambers and 
     industry associations, and dedicated to promoting, 
     protecting, and defending America's free enterprise system, 
     writes to express our strong opposition to the adoption of 
     amendments that would weaken or overly complicate this 
     important bipartisan bill, including issues related to data 
     security, breach notification, or commercial privacy, which 
     are best addressed in other contexts.
       The Chamber believes that all provisions of S. 754 must 
     support the important goal of protecting critical 
     infrastructure. Unrelated issues, such as data security, 
     breach notification, and commercial privacy legislation, have 
     not yet received any consideration in the committees of 
     jurisdiction and are not ready for consideration by the full 
     Senate. These sensitive topics should proceed through the 
     legislative process following regular order to ensure 
     complete and deliberate consideration separate from the 
     pending floor debate on cybersecurity information sharing 
     legislation.
       Cybersecurity information sharing legislation meets a dire 
     national security need, and though the Chamber would like to 
     see meaningful data security, breach notification, and 
     commercial privacy legislation become law, for the benefit of 
     businesses and consumers alike, we are equally steadfast in 
     our belief that cybersecurity information sharing legislation 
     is important for national security and should be Congress's 
     immediate priority.
       There are 47 separate state laws which deal directly with 
     data security and breach notification. The business community 
     has been working with members of Congress in both chambers 
     and on both sides of the aisle to find the right path toward 
     passage of a national data security and breach notification 
     law. However, much work remains to be done, as disagreement 
     continues regarding certain provisions which would be 
     contained in federal legislation. This disagreement is 
     evident in virtually every one of the significantly different 
     data security bills which have been introduced in the Senate 
     during the last several Congresses.
       The Chamber has appreciated the opportunity to comment on 
     and offer edits to the various bills and looks forward to 
     working with their authors and cosponsors as legislation 
     works its way through the committee process. However, data 
     security legislation deserves its own due consideration and 
     deliberate debate, separate from the complicated and pressing 
     national security issue of cybersecurity information sharing. 
     For example, the House Energy and Commerce committee has held 
     multiple hearings on proposed legislation in addition to a 
     subcommittee markup and planned mark up at the full committee 
     level. Though there are issues which need to be resolved in 
     that legislation, the Chamber appreciates the process and 
     consideration given and that the bill has worked its way 
     through the proper channels.
       Given the work that still needs to be done on data security 
     proposals, the Chamber urges you to keep them separate and 
     apart from cybersecurity information sharing legislation and 
     not rush to make changes to the current landscape of state 
     data security, data breach, and commercial privacy laws. 
     Doing so would have a fundamentally negative impact on a 
     broad segment of the American business community.
           Sincerely,
                                                  R. Bruce Josten.

  Mrs. FEINSTEIN. At the same time, the bill includes numerous privacy 
protections beyond those contained in last year's bill. Senator Burr 
and I worked together to address the specific concerns raised by the 
administration, some of our Senate colleagues, and other key 
stakeholders. Because of these changes, the administration said 
yesterday that ``cyber security is an important national security issue 
and the Senate should take up this bill as soon as possible and pass 
it.''
  I believe this is a good bill and will allow companies and the 
government to improve the security of their computer networks, but this 
is just a first-step bill. It will not bring an end to successful cyber 
attacks or thefts, but it will help to address the problem.
  What does this bill do? It provides clear direction for the 
government to share cyber threat information and defensive measures 
with the private sector.
  Two, it authorizes private companies to monitor their computer 
networks and to share cyber threat information and defensive measures 
with other companies and with the Federal, State, local, and tribal 
government.
  And three, it creates a process and rules to limit how the Federal 
Government will and will not use the information it receives.
  Companies are granted liability protection for the appropriate 
monitoring for cyber threats and for sharing and receiving cyber threat 
information. This liability protection exists for both company-to-
company sharing as well as company-to-government sharing consistent 
with the bill's terms. Companies are also authorized to use defensive 
measures on their own networks for cyber security purposes.
  Since the bill is complicated, let me describe what the bill does in 
more detail.
  First, it recognizes that the Federal Government has information 
about cyber threats that it can and should share with the private 
sector and with State, local, and tribal governments. The bill requires 
the Director of National Intelligence to put in place a process that 
will increase the sharing of information on cyber threats already in 
the government's hands with the private sector and help protect an 
individual or a business.
  Importantly, as the first order of business, there will be a 
managers' amendment which makes changes to specifically limit the ways 
the government can use the cyber security information it receives. This 
amendment was distributed on Friday. I would urge everyone to look at 
it because under the amendment, this bill can only be used for cyber 
security purposes--no others. It is not a surveillance bill; it is 
strictly related to cyber security. The bill previously allowed the 
government to use the information to investigate and prosecute serious 
violent felonies. That has drawn substantial opposition, and we have 
removed it in the managers' package.
  I would now like to take a minute to go over some of the privacy 
protections in the bill.
  No. 1, the bill is strictly voluntary. It does not require companies 
to do anything they choose not to do. There is no requirement to share 
information with another company or with the government. The government 
cannot compel any sharing by the private sector. It is completely 
voluntary.
  No. 2, it narrowly defines the term ``cyber threat indicator'' to 
limit the amount of information that may be shared under the bill. 
Companies do not share information under this bill unless it is 
specifically about a cyber threat or a cyber defense--nothing else.
  No. 3, the authorizations are clear but limited. Companies are fully 
authorized to do three things: monitor their networks or provide 
monitoring services to their customers to identify cyber threats; use 
limited defensive measures to protect against cyber threats on their 
networks; and to share and receive information with each other and with 
Federal, State, and local governments.
  No. 4, there are mandatory steps companies must take, before sharing 
any cyber threat information with other companies or the government, to 
review the information for irrelevant privacy information. In other 
words, the companies must do a privacy scrub. They are required to 
remove any personal information that is found. Companies cannot, as it 
has been alleged, simply hand over customer information.
  No. 5, the bill requires that the Attorney General establish 
mandatory guidelines to protect privacy for any information the 
government receives. These guidelines will be public, and they will 
include consultation with the private sector prior to them being put 
together.
  The bill requires them to limit how long the government can retain 
any information and provide notification and a process to destroy 
mistakenly shared information. It also requires the Attorney General to 
create sanctions for any government official who does not follow these 
mandatory privacy guidelines.
  No. 6, the Department of Homeland Security, not the Department of 
Defense or the intelligence community, is the primary recipient of 
cyber information. In the managers' amendment, we strengthen the role 
the Secretary of Homeland Security has in deciding how information 
sharing will take place.
  No. 7, once the managers' amendment is adopted, the bill will 
restrict the government's use of voluntarily shared information, so the 
government cannot use this information for law enforcement purposes 
unrelated to cyber security and cyber crime.

[[Page S6261]]

  No. 8, the bill limits liability protections to monitoring for cyber 
threats and sharing information about them and only--and only--if a 
company complies with the bill's privacy requirements. The bill 
explicitly excludes protection for gross negligence or willful 
misconduct.
  No. 9, above and beyond these mandatory protections, there are a 
number of oversight mechanisms in the bill, including reports by heads 
of agencies, inspectors general, and the Privacy and Civil Liberties 
Oversight Board.
  In sum, this bill allows for strictly voluntary sharing of cyber 
security information and many layers of privacy protection.
  It is my understanding that the chairman of our committee is here, so 
I would like to skip to the conclusion of my remarks and then be able 
to turn this over to him.
  The House of Representatives has already passed two bills this year 
to improve cyber security information sharing. The Intelligence 
Committee has crafted a carefully balanced bill that passed by a 14-to-
1 vote in March and it has improved significantly since then through 
the managers' amendment.
  We very much need to take this first step on cyber security to 
address the almost daily reports of hacking and cyber threats. I very 
much hope the Senate will take action now.
  Now I will yield the floor. I want to thank the chairman. It has been 
a pleasure, Mr. Chairman, to work with you. I think I speak for every 
member of the committee. I am very pleased we have this bill on the 
floor. God willing and the Members willing, we will be able to pass it 
one day.
  I yield the floor to the chair of the Intelligence Committee.
  The PRESIDING OFFICER. The Senator from North Carolina.
  Mr. BURR. Mr. President, I want to thank my good friend and vice 
chair of the Intelligence Committee, Senator Feinstein. She has been in 
the trenches working on cyber security legislation longer than I have. 
Her passion is displayed in the product that has come out. There has 
been no person more outspoken on privacy than Dianne Feinstein. There 
is no person who has been more outspoken on the need for us to get this 
right than Senator Feinstein.
  Daily, she and I look at some of the most sensitive intelligence 
information that exists in this country. We are charged as a 
committee--15 individuals out of a body of 100--to provide the 
oversight to an intelligence community to make sure they live within 
the letters of the law or the boundaries set by Executive order. Every 
day we try to fulfill that job.
  We are sometimes tasked with producing legislation, and that is why 
we are here today with the cyber security bill. It has been referred to 
that we are here because OPM got hacked. No. We are here because the 
American people's data will be in jeopardy if government does not help 
to find a way to help minimize the loss.
  So where is the threat? The threat is to business, it is to 
government, and it is to individuals. There is no part of America that 
is left out of this. The legislation we are proposing affects everybody 
in this country--big and small business, State and Federal governments, 
and individuals, no matter where they live or how much they are worth. 
I think it is safe to say today that business and government have both 
been attacked, they have been penetrated, and data has been lost. In 
some cases that intent was criminal; in some cases the intent was 
nation-states. It was towards credit cards on one side or Social 
Security numbers, and on the other side it was plans for the next 
military platform or intellectual property that was owned by a company. 
But we are where we are, and now we have a proposal as to how we 
minimize.
  Let me emphasize this. You heard it from the vice chairman. This bill 
does not prevent cyber attacks. I am not sure that we could craft 
anything that would do that. What this bill does is for the first time 
it allows us a pathway to minimizing the amount of data that is lost 
and for the first time empowering government, once they get the 
pertinent information, to push out to the rest of business and to 
individuals and to governments: Here is the type of attack that is 
happening. Here is the tool they are using. Here is the defensive 
mechanism you can put on your system that will provide you comfort that 
they cannot penetrate you and provide the company that has been 
attacked comfort that it might be able to minimize in real time the 
amount of data that is lost.
  So, as the vice chairman said, these are key points on this piece of 
legislation: It is voluntary. There is no entity in America that is 
forced to report. It is a purely voluntary system. To have 
participation in a voluntary system, you have to listen to the folks 
who are the subjects of these attacks as to what they need to act in 
real time and to provide pertinent data.
  It is an information-sharing bill. It is not a surveillance bill. I 
say to those who have characterized it that way that we have done 
everything we can to clarify with the managers' amendment that there is 
no surveillance. The only thing we are after is minimizing the loss of 
data that exists.
  Here is how it works. I want to break it into three categories.
  This bill covers private to private. It says that if I am a private 
company and my IT system gets hacked and I get penetrated, I can 
automatically pick up the phone and call the IT people at my 
competitor's business, and I am protected under antitrust, that we can 
carry out a conversation so that I can figure out whether they got 
hacked, and if they did but they did not get penetrated, what software 
did they have on their system that secured their data. I can 
immediately go and put that on my system, and I can minimize the loss 
of any additional data. So we protect for that private-to-private 
conversation only for the purposes of sharing cyber information.
  We also have private to government. We allow any company, in real 
time--at the same time they are talking to a competitor, they can 
transmit electronically the pertinent data that it takes to do the 
forensics of what happened. What tool did they use? They can transfer 
that to government, and they are protected from a liability standpoint 
for the transfer of that--the vice chairman got into all of this, so I 
do not want to rehash it--with the correct protections of personal 
data. The company is required not to send personal data. Any government 
agency that is the recipient of this data, as they go through it, if 
they see personal data that is not relevant to the determination of 
what type of attack, what type of tool, what type of response, then 
they have to minimize that data so it is not released.
  In addition, we have government to private, which is the third leg. 
It amazed me that the government did not have the authority to push out 
a lot of information. What we do is we empower the government to 
analyze the attack, to determine the tool that was used, to find the 
most appropriate defensive software mechanism, and then to say to 
business broadly: There is an attack that has happened in America. This 
is the tool they used. This is the defensive mechanism that will 
protect the data at your company.
  If you ask me, I think this is what we are here for. This is what the 
Congress of the United States is supposed to do--facilitate, through 
minor tweaks, a voluntary participation to close the door and minimize 
potential loss. That is all we are attempting to do.
  I want to loop back to where the vice chairman was. We are now at the 
point where we are asking our colleagues for unanimous consent to come 
to the floor and actually take up this bill. Moving to the bill allows 
our colleagues to come to the floor with relevant amendments to the 
bill, where they can be debated and voted on.
  I actually believe, Vice Chairman, if we could do that now, we could 
process this entire bill and all of the amendments that are relevant by 
this time tomorrow. That would mean we would have to work and we would 
have to talk and we would have to vote, but we could do it because I 
think when we look at the array of relevant amendments, they are pretty 
well defined. Some of them are duplications of others that people have 
planned to talk about.
  But to suggest that this is a problem, which it is--we have seen it 
with over 22 million government workers whose personal data and in some 
cases, because of the forms they had to fill out for security 
clearance, their most sensitive data has gotten out of the OPM system.

[[Page S6262]]

  Just because OPM was the last one, don't think that somebody wasn't 
serious. Don't think that Anthem Blue Cross wasn't serious. Don't think 
that some of the attacks that only acquired credit card information 
aren't serious.
  What we are attempting to do is to minimize the degree of that loss. 
All we need is the cooperation of every Member of the Senate to say: I 
am willing to move to the bill. I am willing to bring up amendments--
relevant amendments--willing to debate them and willing to vote on 
them.
  Process is where we are. At the end of the day, we can determine 
whether this is a bill that is worthy to move on. It is not the end of 
the road because once we get through in the Senate we have to 
conference the bill with the House of Representatives. As the vice 
chairman pointed out, they have produced multiple pieces of 
legislation. It is the Senate that is now holding us back.
  I urge my colleagues: Let's agree to move to the bill. Let's agree to 
relevant amendments, and let's process this cyber security bill so that 
when we come back from August, we can actually sit down with our 
colleagues in the House, conference a bill, and provide the American 
people with a little bit of security, knowing that we are going to 
minimize the amount of data that is lost, because of a voluntary 
program between the private sector and the government.
  I think the vice chairman shares my belief that we are not scared to 
have a debate on relevant amendments on this bill. We understand there 
are more views than just ours. But we have to get on the bill to be 
able to offer amendments, to be able to share what we know that might 
not necessarily support the amendment.
  Right now, we are sort of frozen because we cannot offer amendments, 
including the managers' amendment, which I would say to my colleagues--
and the vice chairman said this in a very specific way--if you will 
read the managers' amendment, a lot of the concerns that people have 
will vanish. Nobody will call it a surveillance bill because we have 
addressed the issues that people were concerned with. Although we 
didn't think they were problems before, we clarified it in a way that 
it is limited only to cyber security. I could make a tremendous case 
that through the cyber security forensic process, if we found another 
criminal act, the American people probably would want that reported--
without a doubt.
  Mr. McCAIN. Will the Senator yield for a question?
  Mr. BURR. I am pleased to yield for a question.
  Mr. McCAIN. In light of recent events that have dominated the news, 
including the breach of millions of Americans' privileged information, 
which could be used in ways to harm them, do you think it is a good 
idea for the Senate to go out into a month-long recess without at least 
having debates, votes, and amendments on this issue?
  Does the Senator know of an issue right now that impacts the lives of 
everyday Americans such as this threat of cyber security attacks on the 
citizens of the United States?
  Mr. BURR. I thank the Senator for the question, and I think he knows 
the answer.
  We should dispose of this. The easiest way, as I shared earlier, is 
that if we get on this bill and we process amendments, if we really 
wanted to, we could finish tomorrow. The reality is that it doesn't 
take a long time to debate amendments, to vote on amendments, and to be 
done.
  At the end of the day, every Member would have to make a decision as 
to whether they are supportive or against the bill. But not getting on 
the bill, not offering amendments cheats the American people.
  Mr. McCAIN. I will just ask one more question.
  It is obvious that the Senator from California and the Senator from 
North Carolina have worked very closely together on this issue. They 
are the two leaders on intelligence now for a number of years.
  Wouldn't it seem logical that with a bipartisan piece of legislation 
that addresses an issue--I guess my question is this: How many 
Americans have been affected most recently by cyber attacks, and what 
would this legislation do to try to prohibit that from happening again? 
Don't we have some obligation to try to address the vulnerabilities of 
average American everyday citizens?
  Mr. BURR. I think the answer is there have been millions of Americans 
whose private data has been breached for numerous reasons. The Senator 
from Arizona is correct. We have an obligation to do what we can to 
minimize that loss.
  Mr. McCAIN. And isn't this a bipartisan product?
  Mr. BURR. Well, this is very much a bipartisan bill, and I think it 
is a bicameral effort. It is not as if this is a limb we are walking 
out on and the House isn't already out there. Emphatically, I implore 
my colleagues: Let's get on the bill. Let's come and offer relevant 
amendments, and let's process those amendments as quickly as we can. I 
think we can accommodate both, the need to leave for August and to go 
see the people we are married to and get away from the people we see 
every day who influence us in numerous ways--I am speaking of the 
Senator from Arizona right now, and I know he is anxious to go 
somewhere other than here--and to process this bill, which is to do our 
work. To not get on the bill, to not offer amendments is to ignore the 
responsibilities that we have.
  Mr. McCAIN. I wish to just finally say to the Senator from North 
Carolina that I appreciate the hard work he and the Senator from 
California have put in on this issue. It has been said by our military 
leaders that right now one of the greatest vulnerabilities to national 
security is the possibility or likelihood of cyber attacks. The 
implications of that far exceed that of the invasion of someone's 
privacy.
  I thank him and the Senator from California for their hard work on 
this. I think it at least deserves debate and amendments, and hopefully 
we can pass it before we go out for the recess.
  Mr. BURR. I thank the Senator from Arizona, who has worked closely 
with us since the beginning to try to move this bill together. 
Hopefully, at our lunches today, we will have an opportunity to talk to 
our Members in the hopes that we can come back from lunch and maybe get 
started on this bill.
  With that, I yield the floor.
  The PRESIDING OFFICER. The Senator from Virginia.
  Mr. KAINE. Mr. President, I ask unanimous consent to speak for up to 
10 minutes, recognizing that it is after 12:30 p.m.
  The PRESIDING OFFICER. Is there objection?
  Without objection, it is so ordered.


                      Nuclear Agreement With Iran

  Mr. KAINE. Mr. President, in November 2013, the United States and 
five global powers, the P5+1, announced an interim deal to freeze 
Iran's nuclear program and negotiate a diplomatic resolution to one of 
the most challenging issues affecting global security.
  Since then, as a member of the Senate Armed Services Committee and 
the Foreign Relations Committee, I participated in scores of hearings, 
classified briefings, meetings, and calls about this topic in Virginia, 
Washington, and during five trips to the Middle East, including two 
trips to Israel.
  I have listened to the administration, to allies in the Middle East 
and elsewhere, to current and former Senate colleagues--especially 
former Armed Services Chairmen John Warner and Carl Levin--to national 
security and foreign policy experts, to critics and proponents of the 
deal, to American military leaders and troops, and also to my 
constituents. I helped write the Iran Nuclear Agreement Review Act, 
under which Congress is currently engaging in a 60-day review period to 
approve or disapprove of the suspension of congressional sanctions as 
part of the final deal announced July 15.
  Based on my review of this complex matter, I acknowledge that every 
option before us involves risk with upside and downside consequences.
  I understand how people of good will can reach different conclusions, 
but I also conclude that the Joint Comprehensive Plan of Action is a 
dramatic improvement over the status quo at improving global security 
for the next 15 years and, likely, longer.
  In this deal, America has honored its best traditions and shown that 
patient

[[Page S6263]]

diplomacy can achieve what isolation and hostility cannot.
  For this reason, I will support the deal.
  Prior to the interim negotiation in November of 2013, and even in the 
face of a punishing international sanctions regime, Iran's nuclear 
program was marching ahead. Iran had amassed more than 19,000 
centrifuges to enrich uranium, and that number was growing. Iran had 
produced more than 11,000 kilograms of enriched uranium, and that 
stockpile was growing. Iran had perfected the ability to enrich uranium 
to the 20-percent level, and that enrichment level was growing. Iran 
was constructing a heavy-water facility at Arak capable of producing 
weapons-grade plutonium, and Iran only allowed limited IAEA access to 
its declared nuclear facilities, shielding its operation and inspection 
of covert nuclear sites.
  The program, when diplomacy began, was months away from being able to 
produce enough enriched uranium to make a nuclear weapon.
  Israeli Prime Minister Benjamin Netanyahu told the United Nations in 
2012:

       For over seven years, the international community has tried 
     sanctions with Iran. Under the leadership of President Obama, 
     the international community has passed some of the strongest 
     sanctions to date. . . . It's had an effect on the economy, 
     but we must face the truth. Sanctions have not stopped Iran's 
     nuclear program.

  We must face the truth. A punishing sanctions regime did not stop 
Iran's nuclear program. The nuclear program will only stop by a 
diplomatic agreement or by military action. While military action has 
to be an option, it is in America's interest--and in the interest of 
the entire world--to use every effort to find a diplomatic resolution. 
In fact, that was the purpose of the Iranian sanctions to begin with--
to open a path to a diplomatic solution.
  We now have a diplomatic solution on the table. The JCPOA is not 
perfect because all parties made concessions, as is the case in any 
serious diplomatic negotiation. But it has gained broad international 
support because it prevents Iran from getting sufficient uranium for a 
bomb for at least 15 years. It also stops any pathway to a plutonium 
weapon for that period, and it exposes Iranian covert activity to 
enhanced scrutiny by the international community forever.
  Under the deal, Iran does the following: It affirms that ``under no 
circumstances will Iran ever seek, develop or acquire any nuclear 
weapons,'' it reduces its quantity of centrifuges by more than two-
thirds, and it slashes its uranium stockpile by 97 percent to 300 
kilograms for 15 years. This is dramatically less than what Iran would 
need to produce even a single weapon. It caps the enrichment level of 
the remaining uranium stockpile at 3.67 percent. It reconfigures the 
Iraq reactor so that it can no longer produce weapons-grade plutonium. 
It commits to a series of limitations on R&D activities to guarantee 
that any nuclear program will be ``for exclusively peaceful purposes'' 
in full compliance with international nonproliferation rules. Finally, 
Iran agrees to a robust set of international inspections of its 
declared nuclear facilities, its entire uranium supply chain, and its 
suspected covert facilities by a team of more than 130 international 
inspectors.
  After year 15, the unique caps and requirements imposed on Iran are 
progressively lifted through year 2025. After year 25, Iran is 
permanently obligated to abide by all international nonproliferation 
treaty requirements, including the extensive inspections required by 
the NPT Additional Protocol, and its agreement that it will never 
``seek, develop, or acquire any nuclear weapons'' continues forever.
  If Iran breaks this agreement, nuclear sanctions may be reimposed. 
The United States reserves the right to sanction Iran for activities 
unrelated to its nuclear program, including support for terrorism, arms 
shipments, and human rights violations.
  Finally, and importantly, the United States and our partners maintain 
the ability to use military action if Iran seeks to obtain a nuclear 
weapon in violation of this deal. The knowledge of the Iranian program 
gained through extensive inspections will improve the effectiveness of 
any military action, and the clarity of Iran's commitment to the 
world--in the first paragraph of the agreement--that it will never 
pursue nuclear weapons will make it easier to gain international 
support for military action should Iran violate their unequivocal 
pledge.
  This deal does not solve all outstanding issues with an adversarial 
regime. In that sense, it is similar to the Nuclear Test Ban Treaty 
President Kennedy negotiated with the Soviet Union in the midst of the 
Cold War. Iran's support for terrorism remains a major concern, and we 
must increase efforts with our regional allies to counter those malign 
activities. But at the end of the day, this agreement is not about 
making an ally out of an adversary, it is about denying an adversary a 
path to obtaining nuclear weapons.
  This deal takes a nuclear weapons program that was on the verge of 
success and disables it for many years through peaceful diplomatic 
means with sufficient tools for the international community to verify 
whether Iran is meeting its commitments. I hope this resolution might 
open the door to diplomatic discussion of other tough issues with Iran.
  In conclusion, monitoring this agreement and countering Iran's 
nonnuclear activity will require great diligence by the United States, 
our allies, and the IAEA, and there will be an important role for 
Congress in this ongoing work. I look forward to working with my 
colleagues on measures to guarantee close supervision and enforcement 
of this deal. That work will be arduous, but it is far preferable to 
allowing Iran to return to a march toward nuclear weapons. It is also 
far preferable to any other alternative, including war.
  Mr. President, I yield the floor.

                          ____________________