Really? Paul Ryan snuck the full text of the Cybersecurity Information Sharing Act into the emergency budget bill last night

// December 16th, 2015 // Politics and legal

Cybersecurity Act of 2015 embedded in the emergency budget bill

What it is

I suspect this will be big news over the course of the next few days and rightfully so. The Cybersecurity Information Sharing Act of 2015 already passed in the Senate in October even after it has been panned by techies (i.e. Apple, Google, Twitter, Dropbox, Yahoo, Wikipedia, Yelp) and privacy groups (American Civil Liberties Group, Electronic Frontier Foundation, Center for Democracy and Technology) since it was first introduced in 2014. Senator Ron Wyden called it “a surveillance bill by another name” because it opens up holes for technology companies and other groups to share user information with the feds. In the wake of the Snowden revelations, it’s just another attempt by the U.S. government to quietly expand the US government’s surveillance programs.

How it happened

With the threat of government shutdown looming, Speaker of the House Paul Ryan introduced a 2,000-page “omnibus” budget bill as a last-minute compromise needed to prevent a government shutdown. Most of the bill looks fairly legit until you get to page 1,728 where you find the full text of the Cybersecurity Information Sharing Act embedded in the bill (of the 2,000-page bill, pages 1,728 through 1,863 are the cybersecurity provisions). If it passes as is, CISA is almost certainly going to become law despite a mobilization of 15,000 websites and 6 million faxes to the Senate protesting the bill.

Evan Greer, campaign director of Fight for the Future told reporters:

“It’s clear now that this bill was never intended to prevent cyber-attacks. It’s a disingenuous attempt to quietly expand the U.S. government’s surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security.”

Why it sucks

Prior to this incident, the House and Senate versions of the bill differed – and the differences were being worked out.  However, the version included in last night’s emergency budget bill is a much “stronger” version of the proposed bill and includes alarming revisions such as:

  • Removes the prohibition on information being shared with the NSA
  • Removes the restrictions on using this information for “surveillance” activities
  • Removes limitations that government can only use the information for cybersecurity purposes (which promotes abuse of the data collection)
  • Removes the requirement to scrub personal information unrelated to a cybersecurity threat

Understand that the issue here is *how* information obtained under CISA can be used.  In an era where hackers change their attack vectors at a near daily rate, it’s a shame the government still cannot distinguish between civilian surveillance and valid  cybersecurity information sharing.  Until they wise up, we’ll see them continue trying to force surveillance bills through congress in lieu of true cybersecurity bills.  And that’s not only shame, it’s an embarrassment.

Sources: TechDirt, The Verge, United States Congress




« « Previous Article: Anonymous Troll ISIS Day – a collection of the funniest ISIS memes making the rounds     » » Next Article: Complete Star Wars timeline – calendar of significant events and characters in the Star Wars universe


Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: