CISA Surveillance Bill Hidden Inside Last Night's Budget Bill

An anonymous reader writes that the Cybersecurity Information Sharing Act (CISA) was inserted into the omnibus budget deal passed by the House of Representatives late last night. Engadget reports: "Last night's budget bill wasn't all about avoiding a government shutdown. Packed inside the 2,000-page bill announced by Speaker Paul Ryan (R-WI) is the full text of the controversial Cybersecurity Information Sharing Act (CISA) of 2015. If you'll recall, the measure passed the Senate back in October, leaving it up to the House to approve the bill that encourages businesses to share details of security breaches and cyber attacks. Despite being labeled as cybersecurity legislation, critics of CISA argue that it's a surveillance bill that would allow companies to share user info with the US government and other businesses. As TechDirt points out, this version of the bill stripped important protections that would've prevented directly sharing details with the NSA and required any personally identifying details to be removed before being shared. It also removes restrictions on how the government can use the data."

Government acting in secret? No Way..........

[Ragnarok89]

Why is anyone surprised?

Something I don't understand

[gregfortune]

So say that I'm a Rep that is really trying hard to do the right thing and represent my constituent properly. This bill shows up for a vote and it's a 2000 page document. I probably read the initial version of the bill from front to back and was happy with it. Now, that 2000 page document has been modified in some interesting way right before the vote. Am I expected to read the entire thing again and just happen to notice the changes or is some kind of "diff" system widely available and used so it's easy to pick up these changes and evaluate them?

It just seems like we read frequently about stuff being "hidden" or "snuck in." If some way to compare versions easily is available, then "hidden" is just a terrible excuse for someone not doing even a cursory review of the changes. If a way to compare versions isn't available, why the heck not?

Re:Something I don't understand

[phishybongwaters]

If it's anything like the patriot act it's technically impossible to fully read and large portions are amending parts of many other bills and documents. That's why shit like this is rammed through just before a break, after changes have been made ensuring there is not enough time to actually read the document. This is EXACTLY what happened with the patriot act. This is how it works.

Re:Something I don't understand

[Nidi62]

So say that I'm a Rep that is really trying hard to do the right thing and represent my constituent properly. This bill shows up for a vote and it's a 2000 page document. I probably read the initial version of the bill from front to back and was happy with it.

There's your first problem. You don't actually read the bill. Between meetings with constituents, lobbyists, or other Reps; your committee hearings; hours long "working lunches"; working on your own legislation; and campaigning if you are up for re-election next year you are lucky if you have time to read 200 pages. If anything you read an executive summary provided to you, and chances are that summary was either written by a staffer/intern who didn't read it either or it was provided by lobbyists who "lent their expertise to" (read:wrote) the bill that your fellow Rep then introduced. That's how you get comments like Pelosi's "We have to vote for it to see what's in it" or the Republican's latest on Obamacare "It had some fundamental problems/repercussions that we couldn't see when we passed it so now we are hoping to roll it back after the next election." The system is designed so that Reps and Senators don't actually know what they are voting on, and really don't care.

Re:Something I don't understand

[Aighearach]

You miss the same thing the parent does; they have staff that divide it up, read the parts, and can explain the parts. Spending the time to pass all the words briefly in front of your eyes wouldn't prepare you to vote on it, because there will be lots of details that have to be "worked out" by experts in the various areas of civics affected. What is important is that advisors who are experts in specific areas of law or policy have had detailed working discussions with the staff below them that have read those portions, and have examined the portions that are significant or could have multiple readings.

Pelosi was making an existential comment. You not only mangle what she actually said, you give a completely erroneous reading. What she actually said was that there are lots of proposed bills, and the proposal is being amended continuously. The idea that there is "a bill" before it is voted on is silly, because it is changing from one minute to the next. Reading it doesn't help, because what did you read? Something that changed while you were reading it. Once something comes up for a vote, that is when you can't add more stuff to it; if it passes, then you could read it. This works because both houses of Congress have to pass it, and then discuss and vote on any differences, and then it also has to go to the President. The type of complaint you make is just an "insult from ignorance" that disappears if you attempt to understand what was said.

Re:Something I don't understand

[gregfortune]

Sure, so they divide and conquer. That doesn't address my question at all.

My question was how do they deal with the constant change? Do they have a standard way to review what has changed from revision to revision? If so, then the word "hidden" is beyond shady. If not, then why not? With the way the process seems to work, it seems strictly necessary to not have to start from scratch each time the document is changed.

It's almost funny from a programmer's perspective because dealing with this exact problem is something we do daily and, as an industry, have developed processes and tools to help us deal with it. And if the "problem" as described doesn't really exist and dealing with the differences and voting on them is straightforward and well understood, how does crap like this make it through on unrelated bills? It seems, this has to be either a broken processes or serves to highlight a fundamentally dishonest establishment. Either way, that's a sad way to be doing business.

Re:Something I don't understand

[AthanasiusKircher]

My question was how do they deal with the constant change? Do they have a standard way to review what has changed from revision to revision?

Yes, you can view the entire legislative history of H.R. 2029, the original bill here, with a list of 215 actions and 83 proposed amendments. All of this happened BEFORE the current amendment incorporating CISA.

If so, then the word "hidden" is beyond shady. If not, then why not? With the way the process seems to work, it seems strictly necessary to not have to start from scratch each time the document is changed.

Except that's basically what they did in this case. There was a 2000-page document just added as a giant omnibus "amendment" to this pre-existing H.R. 2029. You can see its summary, contents, and 18 proposed Amendments to this Amendment here (technically amendments to amendments to amendments to H.R.2029).

Now, of course, the big question I think you have is "But how do we know who inserted Section (N) -- CISA -- into this 2000-page amendment on an amendment on an amendment." And there you'd run into problems, because these omnibus spending bills are often deliberately obfuscated in deliberation and then proposed en masse. That's the whole point of "budget negotiations" and a "last-minute" deal -- they spend months working out the kinks and then slam down a 2000-page (relatively) final document on the table.

Now that the Amendment is officially introduced, any further alterations will be tracked (on those links I gave above). But the whole thing was thrown together first as part of some deal before it was formally presented as a 2000-page omnibus bill. Since the actual writing and compilation of this legislation prior to its formal presentation happened "behind closed doors," we don't have a record of how it all came together.

And if the "problem" as described doesn't really exist and dealing with the differences and voting on them is straightforward and well understood, how does crap like this make it through on unrelated bills?

Easy -- the House leadership clearly wants it there, or at least approves of it. Thus it became part of this "deal" that went into drafting the 2000-page document. There are probably hundreds of little things in there that came about from various compromises -- and now the House Rules Committee presents the whole package together with the hopes that everyone will just vote it up.

And, by the way, before you start complaining about how this is "unrelated" legislation -- this is THE budget omnibus bill of 2016. By definition, the omnibus appropriations bill every year will incorporate at least a dozen different fundamental (and not directly related) things to authorize appropriations for the whole government. It almost always contains hundreds of pages of random other crap that went into the negotiation process.

The point is that Congress in this case doesn't want you to see the "sausage being made". They just want to present the 2000-page thing and get the whole House to vote "yea" or "nay" because presumably they have already secured enough agreement in negotiations to ensure its passage before they officially submitted it.

Re:Something I don't understand

[AthanasiusKircher]

You miss the same thing the parent does; they have staff that divide it up, read the parts, and can explain the parts. Spending the time to pass all the words briefly in front of your eyes wouldn't prepare you to vote on it, because there will be lots of details that have to be "worked out" by experts in the various areas of civics affected. What is important is that advisors who are experts in specific areas of law or policy have had detailed working discussions with the staff below them that have read those portions, and have examined the portions that are significant or could have multiple readings.

Yep. This is something that you can only understand by serving in a large legislative body the delegates large amounts of work to committees. I've never been a politician, but I have served in a faculty representative body within a large university. The reality is that individual members there simply have to trust the experts on the committees who actually deal with the details. You get the committee on curriculum or whatever that comes and says, "Today I bring forward 172 proposals for new courses." Did you read all of them? Even if you did, would you understand most of them enough to comment knowledgeably on them?

No -- you had a committee who probably spent 2 or 3 months going through all of those proposals and checking to see that they conform to various requirements.

Usually at these big legislative bodies you can see immediately see the futility of most members taking interest in these sorts of complex behind-the-scenes work. Most of the questions which were asked on the floor from general faculty members were completely ridiculous and showed that they often had no clue about what the proposals were really doing. "So, I glanced over the amendment to the graduate handbook and I'm worried this is going to do X." Usually X is vaguely on the same topic of the proposal, but the proposal actually doesn't relate to X at all.

The questions are important, and it would be good for everyone in the legislative body to try to understand these nuances, but the reality is that the representatives in such a situation are just not going to be able to have detailed understanding of everything. That's why parliamentary procedure has committees in the first place -- to have a few people go out, dig into the details, really sort stuff out, and then present it to the body as a whole. And the legislators then have to trust that this committee did its work diligently; otherwise, it shouldn't delegate such work to begin with.

And the delegation of such duties is a practical necessity. Even to run a bureaucracy like a university, there was way too much stuff for any faculty rep to get through alone. The federal government has bureaucratic layers that are hundreds or thousands of times as big.

And before you say, "Well, they shouldn't be passing all this stuff anyway," just keep in mind that for every page of nefarious weird stuff stuck into some random bill, there are probably a dozen pages of random bureaucratic crap that need to go through just to keep everything functioning. You have to wade through all of that bureaucratic crap (which often is just fundamental basic stuff to keep things going in a reasonable fashion, and which you just need to trust your committee members and advisors to look over) in order to get to the controversial stuff.

Re:Something I don't understand

[Aighearach]

So you are on board with legislatures essentially rubberstamping whatever piece of legislation makes it to the chamber floor? Because that's basically what you just said.

THat's the thing, you hear the word "Pelosi" and you're trying to figure out who is on what side so you'll know what to believe. I was talking about the false accusation that idiots make about that particular comment. See, thing is, I actually went and watched the clip of her whole statement the first time that came up. It is a factual thing about how the US Congress works. Knowing how the current system works isn't predicated on agreeing that it is perfect. There is actually no position-taking at all there. The reality of the current system and how it is designed is the same for everybody. Disliking Pelosi isn't magical thinking that makes you somehow live in a country with a different political system. That you think that there is something to tease her about there simply shows you don't know what she's talking about. Ignorance is not wisdom, sorry.

And for the record, no that isn't "what I said." What I said contained no opinions at all. You don't get special facts, the facts are the same for you and for me. You disliking Pelosi doesn't mean she is wrong if she says the sky is blue, but you would be instantly down a rabbit hole arguing about what "blue" means and accusing anybody who agrees with her of agreeing with anything else she said.

Even if you're 100% against the system of government we have now, she was still describing it. She wasn't making a proposal for how to do things, or giving an opinion. She was trying to explain to idiot reporters how stupid some of their questions were. Which of course is a fool's errand, but IME it provides some small amount of satisfaction in the moment, and the idiots will believe whatever nonsense they already believed either way. The same idiocy is here in this thread; people who don't even comprehend how the system works, but have lots of ideas about specific changes they think they would like. Of course, they don't actually have any fucking clue if they would like those changes, because they don't know how it works already. So from their perspective, nothing would have changed; government would do stuff, and they would still have no idea what was being done, by who, in what way, or to what effect.

People have a low opinion of congress because....

[Snotnose]

This crap is typical. First, you have a 2,000 page document that nobody has read. Second, it's full of crap that would never pass on it's own and can barely stand to be in a room with itself because of the stink. No wonder nobody thinks congress is doing a good job, they're all a bunch of crooks and flim flam artists.

One important law

[phorm]

One important law that is needed, perhaps above all others, is something to prevent jamming unrelated bills (or perhaps just multiple bills) into a single law. Sure, you'd end up with more bits and pieces, but overall they should be more easily parsed than huge bills. Of course then gov't would still actually have to read this sh**, but hey...

How are laws like this even legal?

[CastrTroy]

How are laws like this even legal? I doubt that even a single representative who voted on this bill read the entire bill. With a 2000 page bill, that is probably changing until minutes before it hits the house floor, there is no way that anybody could possibly know what's in it. They should keep the laws short and simple so that both the representatives and citizens can actually understand what the law means.

So? Who did it?

[DriveDog]

When something bad happens, we normally look for the guilty party or at least a scapegoat. Now we get "was hidden". Who hid it? What individual inserted CISA into the budget bill? Why don't all the major news outlets say "Rep. Smith inserted CISA into the budget bill"?

Re:So? Who did it?

[jenningsthecat]

This, exactly. My kingdom for a mod point.

Re:So? Who did it?

[Alwin+Henseler]

Does it even matter anymore?

Bottom line: privacy-sensitive data will be snooped upon by US government agencies. If it isn't in one way, then in another. Either legal or illegal. Such data isn't safe when controlled by US companies, and isn't safe when it passes over US-controlled communication lines. Unless protected by strong encryption that doesn't contain backdoors. Well... possibly not safe either on other communication lines, but that's another story. If you have such data to protect, the first thing to do is make sure it isn't stored by a US-based company, or on US soil.

Things like this are doing economic damage to the US already, and (I suspect) will continue to do so for a looong time. Want to fix that? Start by fixing your totally fubar-ed political system.

Re:So? Who did it?

[AthanasiusKircher]

When something bad happens, we normally look for the guilty party or at least a scapegoat. Now we get "was hidden". Who hid it?

The House Rules Committee.

What individual inserted CISA into the budget bill?

This looks like an action that was undertaken by the committee, so you're unlikely to find a single person named for that particular section.

Why don't all the major news outlets say "Rep. Smith inserted CISA into the budget bill"?

Because it doesn't always work that way. See, this bill used to be H.R. 2029, which was a military appropriations bill. It went through the House a few months ago, then the Senate made a bunch of modifications last month where it passed unanimously. You can read all the sundry details of its history at the link.

What appears to have happened is that the House Appropriations Committee decided they needed a "vehicle" to pass the omnibus spending packages for next year, so they got the Rules Committee to propose a 2000-page amendment. (Actually, there are two amendments; the second is much shorter.)

So, technically, this is a giant amendment proposed by a committee to a bill that had already passed the House and then was amended by the Senate and passed by them.

Anyhow, what generally happens with these huge slates of amendments is that the Chair of the Committee (in this case, the Rules Committee) will just introduce the whole group of amendments, which will then be voted on by the House. Sometimes you can find the details of who exactly proposed which amendments by digging through Committee reports, but in this case with a giant single amendment (with only Section (N) dealing with CISA), it's doubtful that there's going to be anything in the official record to track to a specific individual, other than perhaps the Committee Chair who may officially present it on behalf of the Committee.

If you think this is overly complex and sounds crazy, you'd be right. Welcome to the bureaucratic nightmare that is Congressional legislative practice.

Re:People have a low opinion of congress because..

[Okian+Warrior]

[Congress is] all a bunch of crooks and flim flam artists.

And yet, when someone who isn't a career politician runs for office, everyone shouts "anyone but him!"

Re:And since our Legilators Rarely Read the Bills.

Sadly, I expect the President will sign it. Looking over the last few years, the changes -read erosions- in privacy laws have been shocking. Even that is probably not correct; I suspect the government has been doing this for decades, only since Snowden are we even aware of it.

Re:And since our Legilators Rarely Read the Bills.

[Aighearach]

No, it will have to go through another round of negotiation between the House and Senate because they didn't pass it as its own bill. Once the joint committee decides they both agree on what the combined result is, then it goes to the President. It is quite possible for the Senate to still block this. Unlikely.

The President can easily veto this if he wants to, because everybody already knows that Congress plays these games at that the President might have to smack them down. The President has over double the approval rating of Congress, after all. History proves that the American people will rightfully blame Congress for not passing a clean budget when needed.

As to the complaints, it is sad that the most prominent complaint people can think of is that it will "allow companies to share user info with the government." That makes it sound like this law does nothing. Companies own the data they collect about their users in the US, and they already are allowed to share it with the government when they decide to. If that is the best complaint people have, why should I care? Why do people who claim to care, claim to care? Because it will let things that already happen, continue to happen in the same way? What??!

The linked engadget article author doesn't know. First they claim the full text of the bill was included, then in the next paragraph it talks about there being differences. Indeed, they link to an article that if they had read, they would know it wasn't the "full text" but rather an alternate text. The House and Senate have actually both already passed versions of this bill. The Senate version had a lot more protections, and was weaker than the older House bill. This House version is further from the Senate version than their last one. As a bill on its own, it has no meaning. This will not impact the negotiations with the Senate over a compromise in any positive way.

This is probably more of an attempt by the House to submarine the budget deal. Expect the joint committee on the budget bill to toss that part out, since the Senate version of the budget bill didn't have that stuff. It can only go directly to the President if they pass the same bill. Otherwise, they have to sit down with each other and figure out what they're actually sending.

This is not democracy

This is a prime example why so called riders should be illegal. All it takes is one corrupt "owned" politician to surreptitiously slip in items that have been rejected by the majority of both the house and senate. This is not democracy, this one (or a small group) of self-serving criminals slipping something past the rest of the nation. If a bill is so poorly written, disgusting or reviled that it cannot stand on its own merits it has no business being "inserted" in anything but a garbage can.

41 states have it. 43 line-item. Rs gave Clinton

[raymorris]

41 states have that.
https://en.wikipedia.org/wiki/...

43 states allow their governors to veto specific items in bills.
https://en.wikipedia.org/wiki/...

In 1996 the Republicans gave Clinton line-item veto. The Supreme Court ruled it was unconstitutional, because Article I, Section 7 of the Constitution says the president either signs or vetoes the bill, not -part- of the bill. It needs to be done as a constitutional amendment.

Re:And since our Legilators Rarely Read the Bills.

[davester666]

No, a bunch of us were aware of it WAY before snowden. Of course, we were tagged with labels like "crackpot", "crazy", "delusional".

Re:And since our Legilators Rarely Read the Bills.

[davester666]

ha ha. The US got Harpered.

The last Canadian PM was infamous for creating a massive 'budget' document, with bunches of other unrelated laws, then pushing it through parliament.

I guess free trade goes both ways.

Agree with Single-subject rule

[Bosconian]

How hard is it to define the scope at the start, then have all legislation following stay within those parameters?

I think any "lawmaker" that pulls these maneuverings - inserting legislation too far outside the intended scope of the bill - should be subject to censure, fines, and felony charges. The only defense would be to try to convince a bipartisan committee that you had a legitimate reason for injection, apart from bribes, handouts, contributions, kickbacks, and special favors of course.

If there are no penalties and no systems to steer the cows of Capitol Hill effectively, then the abuse will continue to run rampant.

Re:And since our Legilators Rarely Read the Bills.

[breech1]

In this case he really should use the one power left to a lame duck President and use the line item veto. He could strike out the CISA stuff and leave the rest of the funding intact. The question would be if he would actually do it, but we all know the answer to that is most likely no.

Presidents do not have a line-item veto power. Presidents can only veto the entire bill, which is why Congress habitually tries to add contentious items to "must-pass" bills.

We need a Constitutional Amendment!

[reboot246]

All bills should be clean with no "extras" inserted under cover of darkness.

Of course, if we had an actual budget, we wouldn't be talking about this particular bill, but the country hasn't had a real budget in years. Continuing resolutions and last minute fixes are no way to run a country.

Chances of such an amendment? Realistically - zero. Unless the states do it in a Constitutional Convention, there's no chance a corrupt Congress and President would go for it.

Re:And since our Legilators Rarely Read the Bills.

[thegarbz]

Some countries have formal legislation that says that bills relating to budget or administrative matters of government can only contain text relating to budget and administrative matters of the government.

That would go a long way to solving some of the bullshit that comes out of the USA system of government.

It would be better if it went even further and said that the content of a bill can only be related to what is written on the bloody title.

Re:And since our Legilators Rarely Read the Bills.

[david_thornley]

I completely agree, but we don't have those rules in the US. This leads to all sorts of abuses.