As lawmakers continue work on a last-minute omnibus spending bill to avoid a government shutdown Wednesday, chances are rising of including a divisive cyber threat information sharing rider — something conservative groups are calling on House Speaker Paul Ryan to reject.
The Senate earlier this fall passed the Cybersecurity Information Sharing Act (CISA), legislation allowing Internet service providers like Facebook, Google and others to share unlimited amounts of data with the government in an effort to prevent cyberattacks, even if that data includes personal information about their users that run afoul of their privacy agreements.
The House earlier this year passed two similar bills — the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act of 2015 (NCPAA). Following the Senate’s yay vote in October, both chambers hurried to conference on a final bill they hope to get on the president’s desk before the end of the year.
Disagreement over privacy provisions leadership wanted left out of the final version for expediency stalled those talks, which Senate Intelligence Committee Chairman Richard Burr said were on the verge of concluding late Monday or early Tuesday.
Now with lawmakers only hours away from finishing a $1.1-trillion omnibus spending bill funding the government through next September, CISA supporters may have the opportunity they need to pass the legislation before lawmakers wrap up for the year next week.
Privacy advocates opposed to the bill since its inception in the upper chamber renewed their criticism in recent weeks over the excluded privacy provisions, including a restriction barring the government from using data unrelated to cyber threats to investigate or prosecute users for unrelated offenses, language that would encourage companies to remove unrelated data before handing it over to the government, and the establishment of a single portal at the Department of Homeland Security through which companies would submit data.
Conservative groups including FreedomWorks, TechFreedom, the R Street Institute and the Niskanen Center joined critics in opposing the legislation as a rider late Tuesday.
“The provisions contained in many of these bills — in particular those in CISA — are unlikely to increase the government’s ability to detect, intercept, and thwart cybersecurity attacks, yet would decrease accountability and public trust,” the groups said in statement. “They are also likely to institute broad, undefined data-collection capabilities even as Congress and the American public have pushed for greater rule of law and accountability at the intersection of national security and privacy.”
“There is simply no need to rush such controversial provisions into law. These issues deserve full, considered review, which cannot happen when addressed through end-of-year omnibus legislation.”
The groups urged Ryan to address the privacy concerns, in particular the establishment of a single portal at DHS, supported by House Homeland Security Committee Chairman Michael McCaul — the architect of one of the conference bills.
“Under no circumstance should a portal be set up at a law enforcement agency, such as the FBI, or any national security agency, including the NSA, the ODNI, or the CIA. Nor should information be automatically shared with the NSA and DOD,” the groups wrote.
“Strengthening cybersecurity should not come at the expense of exposing Americans’ personal information to malicious agents. Nor should it be necessary to extend law enforcement use authorizations to non-cybersecurity purposes.”
Ryan had planned to release the text of the omnibus late Tuesday, and give representatives three days to review it before an initial vote in the lower chamber. Lawmakers are expected to pass another short-term stopgap bill late Wednesday until the first House vote late Thursday.