The legislation the House passed on Friday morning is a thinly disguised surveillance bill that would give companies pathways they don’t need to share user data related to cyberthreats with the government — while allowing the government to use that information for any purpose, with almost no privacy protections.
Because Speaker of the House Paul Ryan slipped the provision into the massive government omnibus spending bill that had to pass — or else the entire government would have shut down — it was doomed to become law. (This post has been updated to reflect the vote, which was 316 to 113.)
The text of the bill — now known as the Cybersecurity Act of 2015, formerly known as CISA — wasn’t released until shortly after midnight Wednesday morning, giving members of Congress essentially no time to do anything about it.
The bill removes a restriction on direct information sharing with the National Security Agency and the Pentagon; eliminates a restriction on the government’s use of that information for surveillance activities; allows law enforcement to use the information to prosecute any and all crimes; and leaves it up to the individual agencies to scrub personally identifying information when they feel like it.
And this article – CISA Is Now The Law: How Congress Quietly Passed The Second Patriot Act:
Back in 2014, civil liberties and privacy advocates were up in arms when the government tried to quietly push through the Cybersecurity Information Sharing Act, or CISA, a law which would allow federal agencies – including the NSA – to share cybersecurity, and really any information with private corporations “notwithstanding any other provision of law.” The most vocal complaint involved CISA’s information-sharing channel, which was ostensibly created for responding quickly to hacks and breaches, and which provided a loophole in privacy laws that enabled intelligence and law enforcement surveillance without a warrant.
Ironically, in its earlier version, CISA had drawn the opposition of tech firms including Apple, Twitter, Reddit, as well as the Business Software Alliance, the Computer and Communications Industry Association and many others including countless politicians and, most amusingly, the White House itself.
In April, a coalition of 55 civil liberties groups and security experts signed onto an open letter opposing it. In July, the Department of Homeland Security itself warned that the bill could overwhelm the agency with data of “dubious value” at the same time as it “sweep[s] away privacy protections.” Most notably, the biggest aggregator of online private content, Facebook, vehemently opposed the legislation however a month ago it was “surprisingly” revealed that Zuckerberg had been quietly on the side of the NSA all along as we reported in “Facebook Caught Secretly Lobbying For Privacy-Destroying “Cyber-Security” Bill.”
Even Snowden chimed in:
— Edward Snowden (@Snowden) October 25, 2015
Following the blitz response, the push to pass CISA was tabled following a White House threat to veto similar legislation. Then, quietly, CISA reemerged after the same White House mysteriously flip-flopped, expressed its support for precisely the same bill in August.
And then the masks fell off, when it became obvious that not only are corporations eager to pass CISA despite their previous outcry, but that they have both the White House and Congress in their pocket.
As Wired reminds us, when the Senate passed the Cybersecurity Information Sharing Act by a vote of 74 to 21 in October, privacy advocates were again “aghast” that the key portions of the law were left intact which they said make it more amenable to surveillance than actual security, claiming that Congress has quietly stripped out “even more of its remaining privacy protections.”
“They took a bad bill, and they made it worse,” says Robyn Greene, policy counsel for the Open Technology Institute.
But while Congress was preparing a second assault on privacy, it needed a Trojan Horse with which to enact the proposed legislation into law without the public having the ability to reject it.
It found just that by attaching it to the Omnibus $1.1 trillion Spending Bill, which passed the House early this morning, passed the Senate moments ago and will be signed into law by the president in the coming hours.
This is how it happened, again courtesy of Wired:
In a late-night session of Congress, House Speaker Paul Ryan announced a new version of the “omnibus” bill, a massive piece of legislation that deals with much of the federal government’s funding. It now includes a version of CISA as well. Lumping CISA in with the omnibus bill further reduces any chance for debate over its surveillance-friendly provisions, or a White House veto. And the latest version actually chips away even further at the remaining personal information protections that privacy advocates had fought for in the version of the bill that passed the Senate.
It gets: it appears that while CISA was on hiatus, US lawmakers – working under the direction of corporations and the NSA – were seeking to weaponize the revised legislation, and as Wired says, the latest version of the bill appended to the omnibus legislation seems to exacerbate the problem of personal information protections.
End of quote.
It’s how major change is swept under the carpet. It happened as far back as 1913 with the unconstitutional Federal Reserve Act slipped through on the last day of sitting before Christmas. And it was probably a well-oiled machine by then.
By the time I write this, it will almost certainly have been signed into law.