On December 18, the US House of Representatives and the Senate passed a huge budget bill, with almost 2000 pages, that contains the Cybersecurity Information Sharing Act and sent it to President Barack Obama for signature. With such bills, the president of the United States has the option to veto such document, however, in this case, Obama just signed it.
The bill lays out a $1.15 trillion spending plan that has received solid support from both sides. This should be enough to prevent a government shutdown like the one in 2013.
About CISA: it was meant to allow companies to share information on cyber attacks, including data from private citizens, with other companies and the Department of Homeland Security (DHS). Once DHS has all the required details about the citizens or the threats, they can pass it along to the FBI and NSA for further investigation and for potential legal action. Critics in the case saw CISA as a way for the government agencies to legally spy on the citizens of the USA without their knowledge. The bill was opposed by both privacy advocates and tech savvies alike. Also, big companies like Amazon, Apple, Dropbox, Google, Facebook and Symantec) issued statements against an earlier version of the CISA bill.
According to experts in the topic, the point of including CISA into such a huge omnibus bill is to make a law of it for sure. Another important point is that the current version of the CISA bill ”plays with privacy even faster and looser” than the original. A previously held prohibition against sharing information with the NSA has been removed, which means that the USA’s most infamous surveillance agency can receive pertinent data without it being handled by Homeland Security first. More importantly, the provision that required personal information to be removed from cybersecurity reports also seems to have gone missing, leaving that task up to the discretion of the specific agency that handles the data. The best conclusion for this article would be quoting Engadget’s Chris Velazco on the CISA bill:
”While the federal government has been trying to toughen its stance on cybersecurity in the wake of massive hacks on the Office of Personnel Management and Sony, we wound up with an, even more, effete version of a questionable plan that will soon become law.”