As Predicted, Congress Turned CISA Into A Clear Surveillance Bill… And Put It Into The 'Must Pass' Gov't Funding Bill

from the but-of-course dept

Yesterday we warned that Congress was quietly looking to do two horrible things: (1) strip all pretense from the “cybersecurity” information sharing bills and turn them into full-on surveillance bills and (2) then shove it into the “must pass” omnibus bill which is supposed to be about funding the government and nothing more. And… it looks like our warning was almost entirely accurate, as the bill has been released and within its over 2000 pages, it includes CISA and has been stripped of many of the key privacy protections (if you want to find it, it’s buried on page 1728), while expanding how the information can be shared and used. In part, due to concerns raised yesterday, a few of the absolutely worst ideas didn’t make it into the final bill, but it’s still bad (and clearly worse than what had previously been voted on, which was already bad!).

The bill is due for a vote tomorrow and so right now would be the time to call your elected officials and let them know that this is a serious problem. The EFF has spoken out about how problematic this is, as have a group of free market think tanks.

There is some opposition within Congress to this. We’ve seen a “Dear Colleague” letter sent around by a set of four members of Congress (two from each party) — Reps. Zoe Lofgren, Justin Amash, Jared Polis and Ted Poe — opposing this move, but chances are that most members of Congress actually have no idea that this is happening, which is why you should be calling today to let them know how problematic this is.

The House Intelligence Community counters that the claims being made against CISA are inaccurate, but they’re being incredibly misleading. While the reports yesterday indicated that the bill would directly allow its use in “surveillance,” the list of approved uses was changed slightly to effectively hide this fact. Specifically it says that the information via CISA can be used to investigate a variety of crimes — and doesn’t say “surveillance.” But, obviously, surveillance isn’t a “crime” that the government will be investigating. It’s just the method that the government will use to investigate crimes… which is now allowed under CISA. In earlier versions, the information was only to be used for “cybersecurity.” But now that list has been expanded to cover a wide variety of crimes: “a specific threat of death, a specific threat of serious bodily harm, or a specific threat of serious economic harm, including a terrorist act or a use of a weapon of mass destruction.”

And how are those things going to be stopped? By ramping up surveillance, of course.

Also, yesterday we noted that the proposed change would “remove” the privacy scrub requirements. The final bill didn’t completely do that, but basically changed the standard to pretend that it’s in there. Rather than demanding a full privacy scrub, the bill lets the Attorney General determine if DHS is doing a reasonable job with its privacy scrub. The same Attorney General who will now be using this same information to investigate all sorts of “criminal” activity. Guess what incentive the Attorney General has to make sure that privacy scrub is legit?

Finally, the revised bill tries to hide the fact that the NSA will get access to this data with some super crafty language. Section 105(c) of the bill notes that the President can designate any other agency to set up a portal to receive information, but explicitly says that cannot be the Defense Department or the NSA. That sounds good, but is there as a total red herring. This is only about who runs the portal, not about who gets the information. So, DHS can still share the info with others and the President could still designate, say, the FBI to get a portal… or the Director of National Intelligence (which oversees the NSA). However, CISA’s supporters are pointing to this sections as “proof” that it won’t be used by the NSA.

Considering how much debate and concern there was over this bill, and the fact that basically all the major companies in Silicon Valley have come out against it — and I still can’t find a single computer security expert who thinks that this is needed for increasing our security, it’s pretty obvious that this is not a cybersecurity bill. It’s a surveillance bill that has no business being added to the omnibus bill.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “As Predicted, Congress Turned CISA Into A Clear Surveillance Bill… And Put It Into The 'Must Pass' Gov't Funding Bill”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Sleazy politics at their finest

They know that if they had to vote on just CISA, they might not be able to cram it through, but by slipping it into something that has to pass, they basically ensure that it doesn’t matter how toxic it is, it’ll still pass.

As the AC above notes, it should absolutely be forbidden to add extras to a bill like this, and there should be hefty penalties for those that try. A bill should either be passed or rejected on it’s own merits, it shouldn’t be able to be hidden or slipped in with something completely unrelated.

Long Live the US Constitution says:

Re: Sleazy politics at their finest

This is exactly how the New World Order and their cronies have usurped the American government from the American people. All of the appointed positions are filled with them. Election processes are not trustworthy and was one of the first things they usurped. Everything is just for show.

Anonymous Coward says:

Re: Re: Sleazy politics at their finest

Don’t worry, a group of space voyagers seeking religious freedom will set off for the Andromeda Galaxy in the not too distant future.

The New World Order will tax them and give no representation.

The colonists will revolt kicking the New World Orders ass all the way back to earth. The newly populated star systems will then form a representative democracy with three branches of government and the United Starsystems Alliance ( USA ) will be born!

Anonymous Coward says:

Re: How many Republicans support it?

As a conservative I have found the opposition to Big Government to be largely a lie that the sheeple stupidly believe. Same as the lie of the Democrats not being pro Big Tyrannical business.

Both parties support Big Government, Big Business, and Big Spending and removal of your liberty. They merely disagree on how to go about codifying these all into law!

Anonymous Coward says:

Re: How many Republicans support it?

Where money and power are concerned, there is zero difference between the Democrat and Republican politicians.

They only engage in all the other arguments over other topics as a means to pit the various public groups against each other to distract from their treachery in an insatiable pursuit of ever more money and power.

They are truly the enemy of the people.

psiuuuuu (profile) says:

Re: Re: How many Republicans support it?

Yep, for the most part I don’t think any of them care one bit about any of the various social arguments.

All about that fat corporate cash rolling in, and protecting the entrenched bureaucracy/system.

I don’t agree with all of his views, but I’ll be damned if Amash doesn’t seem to be principled and explain every vote. Plus, the Republican party here in Michigan loathes him, which is probably worth something. 😉

Anonymous Coward says:


The last time one of these ‘kitchen-sink’ funding bills failed to pass, the Republicans took a great deal of blame for “shutting down the government” — and from then on, spending bills have easily sailed through no matter how much unpalatable stuff they contain.

I say let’s have another government shutdown, only this time without the massive police presence enforcing a total blockade on highways, bridges, bicycle trails and footpaths that cross federal property.

Anonymous Coward says:

I say let CISA pass and have more bills for the eradication of totally privacy and the full on monitoring of whatever we do passed. Maybe then with the passing of such bills that the people will rise up in mass riots against the government, that the passers of such bills will change which way they vote in future and think with their minds instead of the money they receive from organisations to pass the bills after there homes are burned to the ground and ran out of town. But then unicorns roam free in the fields.

Anonymouse says:

So removed from reality

This isn’t about security anymore, its about a black hole used to justify dropping billions into the NSA/CIA and other security based companies. I wonder which group is planning on retiring on these funds?

Hey idiots in congress, you’re creating reasons why people don’t want to work or spend money. Why feed the pigs who are devouring everything? Starve and slaughter them all…

Anonymous Coward says:

Another Eternal September is on the horizon

The government will make the internet uninhabitable, so the public will move to the darknet. No publicly incorporated business to target there, so what can the government do?

They’ve given up on targeting single individuals, so ISPs are the only available target. The government wants to make encryption illegal, but banks rely on encryption (and pay nice big campaign contributions), so they can’t just say “ISPs, don’t allow any encrypted packets through”. They could go back to busting random people, but they know that’d hit 90-year-old war veterans, 12-year-old little girls, and any number of other martyrs that would result in an unsafe level of public outrage.

Even if they do figure out some way to successfully block darknets at the ISP level, by the time they implement it people will probably have worked out a meshnet system that will eliminate even ISPs.

Anonymous Coward says:

Privacy be dead

Who needs id cards when their building themselves the ability to check on whomever they deem to suspect of their own defined criminal behaviour……which will eventually trickle down to the police, where then everyone will get to enjoy the freedom of doing what they THINK they should be doing, less the not so proverbial big brother over your shoulder decides to harass you, over the tenth billion law, introduced not but a minute ago

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...