In a late-night session of Congress, House Speaker Paul Ryan announced a new version of the “omnibus” bill, a massive piece of legislation that deals with much of the federal government’s funding. It now includes a version of CISA as well. Lumping CISA in with the omnibus bill further reduces any chance for debate over its surveillance-friendly provisions, or a White House veto. And the latest version actually chips away even further at the remaining personal information protections that privacy advocates had fought for in the version of the bill that passed the Senate.
“They took a bad bill, and they made it worse,” says Robyn Greene, policy counsel for the Open Technology Institute.
CISA had alarmed the privacy community by giving companies the ability to share cybersecurity information with federal agencies, including the NSA, “notwithstanding any other provision of law.” That means CISA’s information-sharing channel, ostensibly created for responding quickly to hacks and breaches, could also provide a loophole in privacy laws that enabled intelligence and law enforcement surveillance without a warrant.