Congress Snuck the Controversial Cybersecurity Bill into the Federal Budget Bill at 1:04 AM on December 16, 2015

Under the cybersecurity bill, companies would be encouraged to silently share "security" information with the Department of Homeland Security and, ultimately, other government agencies. The terms of such agreements are vague and give broad leeway for companies to share information with the feds without accountability. The final version of the bill was to be sent to the White House for a signature or veto from the president.

Congress snuck a surveillance bill into the federal budget last night

December 16, 2015

The Verge - After more than a year of stalemate, Congress has used an unconventional procedural measure to bring a controversial cybersurveillance bill to the floor.

Late last night, Speaker of the House Paul Ryan (R-WI) announced a 2,009-page omnibus budget bill, a last-minute compromise necessary to prevent a government shutdown. But while the bulk of the bill concerns taxes and spending, starting on page 1728 it contains the full text of the controversial Cybersecurity Information Sharing Act of 2015, which passed the Senate in October.

CISA has been widely criticized since it was first introduced to congress in 2014, with Sen. Ron Wyden (D-OR) calling it "a surveillance bill by another name." The bill would make it easier for private sector companies to share user information with the government and other companies, removing privacy and liability protections in the name of better cybersecurity. But critics like Wyden say removing those protections would turn internet backbone companies into de facto surveillance organs, with no incentive to protect users' privacy.

"A disingenuous attempt to quietly expand the US government’s surveillance programs."

In many ways, the bill currently facing the House is even more invasive than previous versions, stripping out crucial provisions that prevented direct information-sharing with the NSA and mandated that data be anonymized before being widely distributed.

"It’s clear now that this bill was never intended to prevent cyber attacks," said Evan Greer, campaign director of Fight for the Future, which has campaigned vigorously against the bill. "It’s a disingenuous attempt to quietly expand the US government’s surveillance programs." 

At the same time, a number of industry groups have applauded the bill, including the Financial Services Roundtable and Retail Industry Leaders Association.

Last night's proposal means CISA is more likely than ever to become law.


While the bill is controversial in technology circles, it's far less controversial among legislators than the larger spending issues hammered out in the new budget proposal. The chance of another government shutdown has only increased the sense of urgency, and many observers expect the bill to pass some time this week, with little to no attention paid to the cybersecurity provisions.

This is the opposite of Congress listening to the people #CISA pic.twitter.com/WqwUFq5FZy

— Justin Cauchon (@Cauchon) October 27, 2015

This is not over. #CISA still has to go through a conference committee. We won't stop fighting. Join us: https://t.co/5ziRqwK6U3 #StopCISA

— Fight for the Future (@fightfortheftr) October 27, 2015

We'll name the names of people who voted in favor afterwards. A vote for #CISA is a vote against the internet. https://t.co/IctF0UYSO6

— Edward Snowden (@Snowden) October 27, 2015

#CISA gives companies legal immunity for violating privacy laws if they also give your data to the government. Call Congress, #StopCISA.

— Edward Snowden (@Snowden) October 26, 2015