Privacy groups hate it, tech firms have publicly criticised its and even some government departments are against it. Clearly the Cybersecurity Information Sharing Act (CISA) is a highly controversial piece of legislation.
CISA is described as a way to "improve cyber security in the US through enhanced sharing of information about threats" and follows several attacks on the US including at the US Office of Personnel Management (OPM), Target and United Airlines.
It aims to give federal agencies more power to share cyber threat data while offering legal protection to the private firms that opt in and also share information on the attacks they see hitting their systems.
CISA is the government's latest attempt at crafting a cyber sharing law after the Cybersecurity Intelligence Sharing and Protection Act (CISPA) which stalled last year over privacy concerns.
Yet other laws have passed on this very topic. One notable act was the National Cybersecurity Protection Act, which led to the launch of the Department of Homeland Security (DHS) managed threat centre which acts a hub of cyber intelligence flowing through the agency.
Interestingly, this could go some way to explaining why officials at the DHS oppose CISA.
DHS deputy secretary Alejandro Mayorkas revealed in a damning letter in July that CISA could actually make it harder for his agency to combat cyber crime.
"If cyber threat indicators are distributed among multiple agencies, rather than initially provided through one entity, the complexity for government and businesses, and the inefficiency of any information sharing programme, will increase markedly. Developing a single, comprehensive picture of the range of cyber threats faced daily will become more difficult," he wrote.
"This will limit the ability of the DHS to connect the dots and proactively recognise emerging risks and help private and public organisations implement effective mitigations to reduce the likelihood of damaging incidents."
Only five days before CISA was discussed in the Senate in October the Computer and Communications Industry Association (CCIA) trade group representing tech firms including Google, Facebook, Amazon and Microsoft published a blog post condemning the bill and saying that the companies were unable to support CISA "as it is currently written".
"CISA's prescribed mechanism for sharing of cyber threat information does not sufficiently protect users," wrote Bijan Madhani, public policy counsel at the CCIA.
Around the same time the Business Software Alliance, which has Adobe, Salesforce and Dell as members, distanced itself from CISA owing to privacy concerns.
However, the loudest opposition has come from technology companies eager to affirm their commitment to user privacy.
Amber Cottle, head of global public policy and government affairs at Dropbox, told V3 that the firm is taking a stand against the legislation.
"We care deeply about the privacy and security of our users and can't support CISA as currently written without more robust privacy protections. While it's important for the public and private sector to share relevant data about emerging threats, that type of collaboration should not come at the expense of users' privacy," she said.
Likewise, an Apple spokesperson said: "We don't support the current CISA proposal. The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."
Other firms, including forum site Reddit, have taken to Twitter to voice their opposition.
Security+privacy are both priorities for us and therefore we can't support #CISA as written. We hope to see positive changes going forward.— Policy (@policy) October 20, 2015
"CISA is fundamentally flawed. The bill's broad immunity clauses, vague definitions and aggressive spying powers combine to make it a surveillance bill in disguise," said Lee Tien, senior staff attorney at the EFF.
"The bill does not address problems from the recent highly publicised computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links."
In spite of this, the bill CISA passed its first hurdle last week after a vote of 83-14 in the Senate. A final vote is expected this week, after which CISA will go before the House Committee and, finally, the president.
A joint letter from major financial organisations in the US urged the Senate to bring the final vote forward "as soon as possible".
"The financial services industry is dedicated to improving our capacity to protect customers and their sensitive information, but as it stands today our laws do not do enough to foster information sharing and establish clear lines of communication," said the letter.
Reports emerged after the news that CISA was winning the hearts of senators that Facebook was playing both sides, and Fight for the Future claimed that the social media site was "secretly lobbying" for CISA.
"Sources on the Hill tell us that Facebook lobbyists are welcoming CISA behind closed doors, even though Facebook has been lauded as opposing the bill after CCIA, an industry association they are a member of, came out against it," said Fight for the Future co-director Tiffiniy Cheng.
"If Facebook wants to reclaim their credibility on user privacy, they need to take a stand against CISA."
The campaign group now lists Facebook among 11 other firms in favour of CISA, including T-Mobile, Verizon, IBM, Intel and HP.
V3 contacted Facebook for clarification on its CISA position, but had received no reply at the time of publication.
Yet despite strong signs that CISA will pass in the Senate, many US lawmakers and high-profile figures are against it, including presidential candidate senator Bernie Sanders.
Our civil liberties and right to privacy shouldn’t be the price we pay for security. #CISA— Bernie Sanders (@SenSanders) October 22, 2015
Another notable senator and presidential candidate, Ted Cruz, recently admitted to not even having read the bill.
The security industry reaction
Security experts who deal with cyber breaches and malware attacks on a daily basis agree that threat sharing is a positive move but stop well short of supporting CISA.
"CISA is a good idea in principle, provided that privacy concerns are addressed," Ron Gula, chief executive of Tenable Network Security, told V3.
"It is missing a key component needed to strengthen America's digital defences: transparency into what the government itself is doing or not doing to protect its networks from hackers.
"It was a lack of [cyber] hygiene - not knowing what devices were on the network, failing to manage and protect user access, and out-of-date or unpatched systems - that lead to the OPM breach."
The OPM incident turned out to be one of the most significant cyber attacks of 2015, exposing over 21.5 million names, addresses and Social Security numbers of federal employees past and present.
Jonathan Sander, vice president of product strategy at Lieberman Software, said that CISA started out as a noble cause but was quickly poisoned by "Washington games".
"Often, law makers are accused of not understanding technology well enough to legislate it. CISA may be the exception that proves the rule as it seems to be hoping the US public will be the ones who don't understand what Washington may be pushing onto them," he told V3.
"Unfortunately we'll both get this flawed bill and have the surveillance state taking our private data, or we will get no bill and give the bad guys more time to steal our data their way."
However, Sean Sullivan, security advisor at F-Secure, suggested that the opposition to CISA is more about not wanting to share threat data with US spy agencies.
"I suspect that opponents of CISA are really concerned about something other than domestic surveillance. Their real concern is that a US government malware exchange will allow agencies such as the National Security Agency to learn from malware," he said.
"All of the statements that I've seen appear to be for the sake of PR and carefully focus on a lack of support for CISA ‘as currently written'. That's an important detail.
"To me, the opposition statements appear to be for the sake of humouring privacy advocates and, once CISA passes, the companies involved will note that participation is voluntary and that they will only do so if they are confident that there are safeguards."
Indeed, many technology firms have shown a public reluctance to work openly with the US government since the Edward Snowden revelations of 2013.
Furthermore, Sullivan told V3 that CISA is specifically set up to mirror what software firms already do successfully.
"CISA is the government duplicating what the private sector already does. Who benefits from that? My answer: US defence companies who want to militarise the computer security business," he said.
You shall (not?) pass
If CISA does reach president Obama's desk, the administration has said it will support the bill.
"Cyber security is an important national security issue and the Senate should take up this bill as soon as possible and pass it," said White House spokesman Eric Schultz in August, as reported by The Washington Times.
This is a significant change compared with the president's position only two years ago when threatening to veto the similar CISPA bill.
"[CISPA] fails to provide authorities to ensure that the nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards," said an official statement at the time.
However, the sheer number of attacks now hitting the US has forced the president to adopt a hard-line approach to combating the cyber threat, and Obama made moves this year to reinstate the stalled CISPA as law.
Information is power, and it seems that the US elite has decided it can't afford to fall behind.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff