Update: CISA is now the law: OBAMA SIGNS SPENDING, TAX BILL THAT REPEALS OIL EXPORT BAN
* * *
Back in 2014, civil liberties and privacy advocates were up in arms when the government tried to quietly push through the Cybersecurity Information Sharing Act, or CISA, a law which would allow federal agencies – including the NSA – to share cybersecurity, and really any information with private corporations “notwithstanding any other provision of law.” The most vocal complaint involved CISA’s information-sharing channel, which was ostensibly created for responding quickly to hacks and breaches, and which provided a loophole in privacy laws that enabled intelligence and law enforcement surveillance without a warrant.
Ironically, in its earlier version, CISA had drawn the opposition of tech firms including Apple, Twitter, Reddit, as well as the Business Software Alliance, the Computer and Communications Industry Association and many others including countless politicians and, most amusingly, the White House itself.
In April, a coalition of 55 civil liberties groups and security experts signed onto an open letter opposing it. In July, the Department of Homeland Security itself warned that the bill could overwhelm the agency with data of “dubious value” at the same time as it “sweep[s] away privacy protections.” Most notably, the biggest aggregator of online private content, Facebook, vehemently opposed the legislation however a month ago it was “surprisingly” revealed that Zuckerberg had been quietly on the side of the NSA all along as we reported in “Facebook Caught Secretly Lobbying For Privacy-Destroying “Cyber-Security” Bill.”
Even Snowden chimed in:
— Edward Snowden (@Snowden) October 25, 2015
Following the blitz response, the push to pass CISA was tabled following a White House threat to veto similar legislation. Then, quietly, CISA reemerged after the same White House mysteriously flip-flopped, expressed its support for precisely the same bill in August.
And then the masks fell off, when it became obvious that not only are corporations eager to pass CISA despite their previous outcry, but that they have both the White House and Congress in their pocket.
As Wired reminds us, when the Senate passed the Cybersecurity Information Sharing Act by a vote of 74 to 21 in October, privacy advocates were again “aghast” that the key portions of the law were left intact which they said make it more amenable to surveillance than actual security, claiming that Congress has quietly stripped out “even more of its remaining privacy protections.”
“They took a bad bill, and they made it worse,” says Robyn Greene, policy counsel for the Open Technology Institute.
But while Congress was preparing a second assault on privacy, it needed a Trojan Horse with which to enact the proposed legislation into law without the public having the ability to reject it.
It found just that by attaching it to the Omnibus $1.1 trillion Spending Bill, which passed the House early this morning, passed the Senate moments ago and will be signed into law by the president in the coming hours.
This is how it happened, again courtesy of Wired:
In a late-night session of Congress, House Speaker Paul Ryan announced a new version of the “omnibus” bill, a massive piece of legislation that deals with much of the federal government’s funding. It now includes a version of CISA as well. Lumping CISA in with the omnibus bill further reduces any chance for debate over its surveillance-friendly provisions, or a White House veto. And the latest version actually chips away even further at the remaining personal information protections that privacy advocates had fought for in the version of the bill that passed the Senate.
It gets: it appears that while CISA was on hiatus, US lawmakers – working under the direction of corporations adnt the NSA – were seeking to weaponize the revised legislation, and as Wired says, the latest version of the bill appended to the omnibus legislation seems to exacerbate the problem of personal information protections.
It creates the ability for the president to set up “portals” for agencies like the FBI and the Office of the Director of National Intelligence, so that companies hand information directly to law enforcement and intelligence agencies instead of to the Department of Homeland Security. And it also changes when information shared for cybersecurity reasons can be used for law enforcement investigations. The earlier bill had only allowed that backchannel use of the data for law enforcement in cases of “imminent threats,” while the new bill requires just a “specific threat,” potentially allowing the search of the data for any specific terms regardless of timeliness.
Some, like Senator Ron Wyden, spoke out out against the changes to the bill in a press statement, writing they’d worsened a bill he already opposed as a surveillance bill in the guise of cybersecurity protections.
Senator Richard Burr, who had introduced the earlier version of bill, didn’t immediately respond to a request for comment.
“Americans deserve policies that protect both their security and their liberty,” he wrote. “This bill fails on both counts.”
Why was the CISA included in the omnibus package, which just passed both the House and the Senate? Because any “nay” votes – or an Obama – would also threaten the entire budget of the federal government. In other words, it was a question of either Americans keeping their privacy or halting the funding of the US government, in effect bankrupting the nation.
And best of all, the rushed bill means there will be no debate.
The bottom line as OTI’s Robyn Green said, “They’ve got this bill that’s kicked around for years and had been too controversial to pass, so they’ve seen an opportunity to push it through without debate. And they’re taking that opportunity.”
The punchline: “They’re kind of pulling a Patriot Act.”
And when Obama signs the $1.1 trillion Spending Bill in a few hours, as he will, it will be official: the second Patriot Act will be the law, and with it what little online privacy US citizens may enjoy, will be gone.