US Budget Bill Passes With CISA Surveillance Intact

An anonymous reader writes: Early on Friday, the U.S. Senate approved the 2,000 page 'omnibus' budget bill that allocated $1.15 trillion in government funding. Later in the day, President Obama signed it into law. Because the budget bill was so important, many other pieces of unrelated legislation were tacked onto it, including the Cybersecurity Information Sharing Act, a bill notable for giving the government increased internet surveillance powers. Civil rights activists and tech experts largely consider it a "privacy disaster," and several lawmakers voted against the budget bill solely for CISA's inclusion. Senator Ron Wyden (D-OR) said, "Unfortunately, this misguided cyber legislation does little to protect Americans' security, and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers' private data with only cursory review." Corporations in the U.S. will now have "legal immunity when sharing consumers' private data about hacks and digital breaches." The full omnibus is available online (PDF). The CISA provisions start on page 1,728.

Why do you allow this travesty?

Completely unrelated laws "riding" on other bills... There should be a law against that.

Re:War on Privacy

[tlambert]

I believe this bill was making it's way through the legislative process and then the Eric Snowden disclosure happened.

And? The concurrency of the two unrelated things is rather irrelevant. The Snowden disclosure happened because (A) The government was engaged in illegal activity, and (B) Snowden decided to be a whistleblower.

Which would have been a protected action, were he an employee, but instead head was a 1099 contractor, like all the Uber drivers.

How many high profile network break-ins have happened since then?

Lots. They're generally not announced to the public, unless they involve credit cards or medical records.

Juniper Networks just announced yesterday a major compromise.

No, they announced a software patch for a problem that could have been used to compromised the security of VPN communications, but there's no evidence that it was ever used to do so, and some evidence that the change was made to the system by the employee of a government agency to allow them to eavesdrop on VPN conversations.

OPM was hacked and information for 20Million current and former employees and their spouses and children were compromised.

The agency should not have been keeping records on their spouses and children, since they were not employees, but even so, the compromised information was mishandled by the OPM. This was not a demonstration of skill on the part of the people who penetrated the system, it was a demonstration of incompetence on the people who were tasked with ensuring the system could not be penetrated.

This legislation has been needed for years. It is about time congress passed it.

This legislation was never needed. It's only utility is for making information collection for government agencies an unfunded mandate that has to be paid for by the companies whose systems the information is transiting.

The purpose of doing this is to make the companies adding strong privacy features to their software, particularly mobile phone and tablet software, among others, responsible for, and punishable for not, revealing said information, on demand, and without warrant.

In other words, it's an attempt to force companies to include back doors, or face fines when demands for information simply can not be accomodated to the governments satisfaction, for technological and mathematical reasons.

BTW: You have your dates wrong: the Snowden disclosure occurred in 2013; the bill was first introduced to to the Senate Intelligence Committe over a hear later, in 2013, during the 113th congress.

It's a really asinine piece of legislation. Paul Ryan (R, WI) should be removed from office over this nasty piece of crap, let alone the way he got it shoved through.