On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws. Today’s language, renamed the Cybersecurity Act of 2015 (Division N of the omnibus budget bill) mostly assembles the worst parts of the earlier bills to threaten privacy even further.

We have about two days to figure out what this so-called Cybersecurity Act (OmniCISA) means for consumer privacy in the US. That unfortunate timing is thanks to Speaker Paul Ryan’s decision to include language announced at 2am this morning as part of a must-pass spending bill scheduled for a vote Friday.

– From Jennifer Granick’s article: OmniCISA Pits DHS Against the FCC and FTC on User Privacy

I know it’s hard to believe, but yes, Paul Ryan is indeed far worse than John Boehner. The fact that Republican members of Congress chose to make him Speaker of the House tells you all you need to know about the true nature of the GOP and who they really work for (it’s not you). After all, Paul Ryan’s public record speaks for itself. He voted for the banker bailouts as well as the Iraq War. He’s a very well behaved little status quo puppet.

Moving along, what Mr. Ryan just did to intentionally target the 4th Amendment rights of American citizens could be described as treasonous. A move which exemplifies the complete and total disrespect he harbors toward the people he claims to represent. For a bit of context, let’s turn to a post published here last week which unfortunately failed to get much traction titled, Paul Ryan is Aggressively Lobbying to Pass “Frankenstein” CISA Spy Bill Through Congress. In it, we warned:

Republican House speaker Paul Ryan has been leading the charge to push through legislation and reconcile two bills, the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement with the Cybersecurity Information Sharing Act of 2015 (Cisa), a controversial bill that passed a Senate vote in October.

The speed with which Ryan is trying to push through a compromise has worried privacy activists. “We’ve just learned that the Intelligence Committees are trying to pull a fast one,” Nathan White, senior legislative manager at digital rights advocate Access, said in a recent email to supporters. “They’ve been negotiating in secret and came up with a Frankenstein bill – that has some of the worst parts from both the House and the Senate versions.”

Now we know why he was in such a rush. Rather than allow a bill with such tremendous implications for privacy and civil liberties to be debated on its own merits, Paul Ryan figured it would be a great idea to add it to a “must pass” 2,000 page, $1.1 trillion Omnibus spending bill, which is precisely what he did Wednesday morning at 2am.

The National Journal reports in today’s article, Controversial Cybersecurity Bill Poised to Pass in Massive Spending Package:

After years of de­bate and man­euv­er­ing, a ma­jor cy­ber­se­cur­ity bill is fi­nally on the fast track to approv­al after law­makers at­tached it to a $1.1 tril­lion gov­ern­ment spend­ing pack­age early Wed­nes­day morn­ing.

Think about that for a moment. A controversial surveillance bill that has been debated “for years” is simply snuck into a $1.1 trillion spending package at the last minute. Please explain to me how this can be seen as anything remotely resembling representative democracy?

While busi­ness groups and na­tion­al se­cur­ity hawks are cheer­ing the news, it’s a ma­jor blow to pri­vacy ad­voc­ates, who fear the meas­ure will fun­nel more of Amer­ic­ans’ per­son­al in­form­a­tion in­to the hands of the Na­tion­al Se­cur­ity Agency.

This paragraph explains why it was snuck in so shadily, and who Paul Ryan really works for. He works for big business and the national security state. He doesn’t think twice about what’s best for the American people.

The le­gis­la­tion, now called the Cy­ber­se­cur­ity Act of 2015, would en­cour­age com­pan­ies to share in­form­a­tion about com­puter vir­uses and oth­er cy­ber­se­cur­ity threats with each oth­er and the gov­ern­ment. The bill would shield com­pan­ies from law­suits by their users for giv­ing private in­form­a­tion to the gov­ern­ment as part of the pro­gram.

Civil-liber­ties groups warn the latest ver­sion of the meas­ure has been stripped of some of the most sig­ni­fic­ant pri­vacy pro­tec­tions, trans­form­ing it in­to a sur­veil­lance bill.

More on this later.

“In­stead of passing re­forms that would have stopped the An­them or [Of­fice of Per­son­nel Man­age­ment] hack, Con­gress has chosen to advance le­gis­la­tion that places the pri­vacy of Amer­ic­ans in fur­ther per­il,” Neema Singh Guliani, a le­gis­lat­ive coun­sel for the Amer­ic­an Civil Liber­ties Uni­on, said in a state­ment. “It would wrongly al­low com­pan­ies to share larger amounts of con­sumer in­form­a­tion with gov­ern­ment agen­cies, po­ten­tially in­clud­ing the NSA. This in­form­a­tion could be used for crim­in­al pro­sec­u­tions un­re­lated to cy­ber­se­cur­ity.”

Indeed, that’s exactly what it will do…

Al­though the bill would bar the NSA from directly re­ceiv­ing the data from the private sec­tor, it would in­struct the Home­land Se­cur­ity De­part­ment to share the in­form­a­tion it re­ceives with oth­er “rel­ev­ant fed­er­al en­tit­ies,” which pri­vacy ad­voc­ates note could include the NSA or FBI. Law­makers re­moved pre­vi­ous lan­guage that would have re­quired that the government only use the data for “cy­ber­se­cur­ity pur­poses,” which has pri­vacy ad­voc­ates wor­ried that the data could find its way in­to crim­in­al pro­sec­u­tions. 

The le­gis­la­tion could re­ceive votes in the House and Sen­ate as early as Fri­day.

Both cham­bers have already approved varying versions of the cy­ber­se­cur­ity bill earli­er this year. The White House had threatened to veto sim­il­ar bills in 2012 and 2013, say­ing they lacked ad­equate pri­vacy safe­guards. But Pres­id­ent Obama is ex­pec­ted to sign the le­gis­la­tion this time as part of the om­ni­bus spend­ing pack­age if it reaches his desk.

“We are pleased that the Om­ni­bus in­cludes cy­ber­se­cur­ity in­form­a­tion shar­ing le­gis­la­tion,” a seni­or ad­min­is­tra­tion of­fi­cial said in an emailed state­ment. “The Pres­id­ent has long called on Con­gress to pass cybersecurity information sharing le­gis­la­tion that will help the private sec­tor and gov­ern­ment share more cy­ber threat in­form­a­tion by provid­ing for tar­geted li­ab­il­ity pro­tec­tions while care­fully safe­guard­ing pri­vacy, con­fid­en­ti­al­ity, and civil liber­ties.”

What unbelievable sham theater all of this is. So President Obama “threatened to veto” previous versions, but now that an even more shady bill is set to appear on his desk, he suddenly welcomes it. Works perfectly for him, since he can’t be expected to veto a $1.1 trillion spending bill, can he? The willingness of the U.S. government to sell out its own people should never be underestimated.

Moving along, for some details on how bad this CISA sneak attack really is, let’s turn to an article published yesterday by , the Director of Civil Liberties at the Stanford Center for Internet and Society.

From JustSecurity:

On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws. Today’s language, renamed the Cybersecurity Act of 2015 (Division N of the omnibus budget bill) mostly assembles the worst parts of the earlier bills to threaten privacy even further.

Yes, Congress really is sneaking in a bill that gives companies immunity for spying on their own customers and the Obama Administration is applauding the move. As George Carlin noted: 

The word bipartisan means some larger-than-usual deception is being carried out.

Now back to Granick…

We have about two days to figure out what this so-called Cybersecurity Act (OmniCISA) means for consumer privacy in the US. That unfortunate timing is thanks to Speaker Paul Ryan’s decision to include language announced at 2am this morning as part of a must-pass spending bill scheduled for a vote Friday.

It appears that OmniCISA is trying to stake out a category of ISP monitoring that the FCC and FTC can’t touch, regardless of its privacy impact on Americans.

This section of OmniCISA would not only interfere with future privacy regulations, it limits the few privacy rules we currently have.

The essence of CISA and OmniCISA is to allow private entities to give the federal government categories of data that could be called cyber threat information in exchange for legal immunity for sharing that information, even if it includes private personal information. I’ve written here that a good information sharing bill should be clear about what types of information we are talking about sharing in the name of enhanced security practices. Vulnerability information means software flaws, virus signatures, threat signatures and the like. Security experts agree that private data, the kind protected by ECPA and other privacy laws, is only rarely needed for such reports. Nevertheless, OmniCISA would allow for sharing personally identifiable information by default and gives companies that share liability protection even if there’s no need to share the private data.

Information sharing, generally a good thing, is nevertheless is not going to make a huge cybersecurity difference. Security experts and a bi-partisan coalition of privacy groups told Congress that we don’t need to waive communications privacy laws — as OmniCISA does — to promote sharing of threat signatures. So why are we sacrificing even more American privacy on this altar? It’s amazing that, given all we are learning about government surveillance, Congress will actually vote to expand the federal government’s capacity to obtain personal data from private companies without court order.

Finally, here’s what one of the organizations on the front lines of the fight against unconstitutional government surveillance, Fight for the Future, had to say about Paul Ryan’s CISA move:

After several delays due to widespread outcry over privacy and civil liberties concerns, Speaker of the House Paul Ryan has successfully exploited a loophole in congressional process to include the final version of a controversial cyber bill in the must-pass “omnibus” budget bill unveiled late Tuesday night. 

This puts the controversial legislation on the path to a vote without meaningful transparency or debate on the final text, which has been significantly altered in secret negotiations and stripped of nearly all privacy protections.

“It’s clear now that this bill was never intended to prevent cyber attacks,” said Evan Greer, campaign director of Fight for the Future, “it’s a disingenuous attempt to quietly expand the U.S. government’s surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security.”

Traitors.

For related articles, see:

Paul Ryan is Aggressively Lobbying to Pass “Frankenstein” CISA Spy Bill Through Congress

Meet CISA – Dianne Feinstein’s Latest Attack on Privacy, Civil Liberties and the Internet

Facebook Caught Secretly Lobbying for Privacy Destroying “Cyber Security” Bill

Business as Usual – Paul Ryan Pushes Through Multiple Wall Street Giveaways in the Highway Bill

Paul Ryan Hires Lobbyist Who Pushed for Obamacare and the Trans-Pacific Partnership as His Chief of Staff

Paul Ryan Channels Pelosi on the TPP – You Have to Pass Obamatrade to See What’s in Obamatrade

In Liberty,
Michael Krieger