In the wake of a series of humiliating cyberattacks, the imperative in Congress and the White House to do something — anything — in the name of improving cybersecurity was powerful.
But only the most cynical observers thought the results would be this bad.
The legislation the House passed on Friday morning is a thinly disguised surveillance bill that would give companies pathways they don’t need to share user data related to cyberthreats with the government — while allowing the government to use that information for any purpose, with almost no privacy protections.
Because Speaker of the House Paul Ryan slipped the provision into the massive government omnibus spending bill that had to pass — or else the entire government would have shut down — it was doomed to become law. (This post has been updated to reflect the vote, which was 316 to 113.)
The text of the bill — now known as the Cybersecurity Act of 2015, formerly known as CISA — wasn’t released until shortly after midnight Wednesday morning, giving members of Congress essentially no time to do anything about it.
The bill removes a restriction on direct information sharing with the National Security Agency and the Pentagon; eliminates a restriction on the government’s use of that information for surveillance activities; allows law enforcement to use the information to prosecute any and all crimes; and leaves it up to the individual agencies to scrub personally identifying information when they feel like it.