This morning, Congress passed the Cybersecurity Information Sharing Act of 2015, attached as the 14th rider to an omnibus budget bill. The bill is expected to be signed into law by the president later today.
Intended to ease sharing of information between corporations and the government, the bill had drawn controversy since its introduction last year. The Center for Democracy and Technology said it risked creating "a backdoor wiretap," while Sen. Ron Wyden (D-OR) called it "a surveillance bill by another name." Earlier this week, Sen. Diane Feinstein (D-CA) called the bill "an important first step to address a significant drain on our economy and threat to our national security."
The bill passed by Congress also strips away many of the previous anonymization provisions included in previous versions of CISA, which has drawn significant criticism from the security community. In effect, the new language clears the way for an open channel between tech companies and the government, unaffected by existing privacy laws.
"Organizations can now directly share raw data with several agencies with no protection or anonymity," says Joseph Pizzo, an engineer at Norse Security. "There may have been a small cost associated with anonymizing the data, but now that this requirement has been removed and organizations may feel that they’re helping, I don’t foresee any work moving forward to protect consumer data."