After more than a year of stalemate, Congress has used an unconventional procedural measure to bring a controversial cybersurveillance bill to the floor. Late last night, Speaker of the House Paul Ryan (R-WI) announced a 2,000-page omnibus budget bill, a last-minute compromise necessary to prevent a government shutdown. But while the bulk of the bill concerns taxes and spending, it contains a surprise 1,729 pages in: the full text of the controversial Cybersecurity Information Sharing Act of 2015, which passed the Senate in October.
CISA has been widely criticized since it was first introduced to congress in 2014, with Sen. Ron Wyden (D-OR) calling it "a surveillance bill by another name." The bill would make it easier for private sector companies to share user information with the government and other companies, removing privacy and liability protections in the name of better cybersecurity. But critics like Wyden say removing those protections would turn internet backbone companies into de facto surveillance organs, with no incentive to protect users' privacy.
"A disingenuous attempt to quietly expand the US government’s surveillance programs."
In many ways, the bill currently facing the House is even more invasive than previous versions, stripping out crucial provisions that prevented direct information-sharing with the NSA and mandated that data be anonymized before being widely distributed. "It’s clear now that this bill was never intended to prevent cyber attacks," said Evan Greer, campaign director of Fight for the Future, which has campaigned vigorously against the bill. "It’s a disingenuous attempt to quietly expand the US government’s surveillance programs." At the same time, a number of industry groups have applauded the bill, including the Financial Services Roundtable and Retail Industry Leaders Association.
Last night's proposal means CISA is more likely than ever to become law. While the bill is controversial in technology circles, it's far less controversial among legislators than the larger spending issues hammered out in the new budget proposal. The chance of another government shutdown has only increased the sense of urgency, and many observers expect the bill to pass some time this week, with little to no attention paid to the cybersecurity provisions.