Sharp-eyed reporters spotted the Cybersecurity Information Sharing Act of 2015 in a spending bill that was approved Tuesday. That $1.1 trillion bill will keep the United States funded through October 2016.
In other words, without a line-item veto there's no way for President Barack Obama to nix the controversial bits that could give authorities greater access to your personal information without also cutting down the entire omnibus spending package.
Needless to say, this revelation isn't sitting well with those who have fought CISA all year in letters to Congress.
Free market advocates, including Freedom Works, TechFreedom, The R Street Institute and Niskanen Center, expressed deep concerns with these developments and with CISA itself. "There is simply no need to rush such controversial provisions into law," they said in a Wednesday letter to House Speaker Paul Ryan. "These issues deserve full, considered review, which cannot happen when addressed through end-of-year omnibus legislation."
Other critics voiced their disapproval on Twitter:
Sen. Ron Wyden, who has been a vocal opponent of CISA, also came out against the provision on Wednesday. "The 'cybersecurity bill' was a bad bill when it passed the Senate and it is an even worse bill today," he said in a statement. "Americans deserve policies that protect both their privacy and their liberty. This bill fails on both counts."
CISA calls for the public and private sector to share information about digital threats, has been criticized by privacy and civil liberties advocates for enabling technology companies to share massive amounts of Americans' personal data with the government without requiring a warrant.
Instead of reconciling the House and Senate versions of CISA and sending a separate bill to the president's desk to consider, however, legislators folded the measure into a massive spending bill that Congress must pass to avoid a government shutdown.
As the Associated Press reported, the House is poised to vote on the massive spending bill on Friday.
There is some good news for net neutrality proponents here, as the telecomm and tech world waits for a court decision on the legality of the open Internet rules the Federal Communications Commission passed earlier this year: Riders that would have prevented the FCC from implementing its rules aren't in the spending package.
The inclusion of CISA, however, is a holiday present for businesses that would receive liability protection for data breaches in exchange for sharing threat information on the causes of those breaches.
"This cyber bill is a ‘team America’ approach that will significantly improve efforts to fight cyber criminals and better protect consumer data and intellectual property,” said Tim Pawlenty, president and CEO of the Financial Services Roundtable, a lobbying organization that represents many of the largest banking, insurance and investment firms in the U.S.
“We applaud both Senate and House leaders for their efforts regarding this important cybersecurity legislation.”
Responding to the concerns raised by privacy and civil liberties advocates, Congressman Adam Schiff held that this bill contains strong privacy protections that require personal information to be stripped out before malicious code is shared with the Department of Homeland Security.
"It is the most significant effort by Congress to address the cyber threat to date, and should now become law," he said in a statement.
Rep. Devin Nunes, chairman of the House Intelligence Committee, agreed: “These bills are vital for protecting America’s digital networks and for implementing the necessary funding, authorizations, and oversight for the intelligence community."
While the White House has said publicly in the past that cybersecurity legislation must not violate Americans' right to privacy, the Obama administration urged Congress to exclude any “unnecessary prohibition” on companies sharing information with the National Security Agency, according to a memorandum first reported by Reuters and provided to The Huffington Post by Fight for the Future.
“It’s clear now that this bill was never intended to prevent cyber attacks,” said Evan Greer, campaign director of Fight for the Future, in a statement. “It’s a disingenuous attempt to quietly expand the U.S. government’s surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security.”