A cybersecurity rider likely to be included in the $1.1 trillion spending bill is drawing fire from members of both the right and the left who are concerned it would enhance the government's surveillance power.
“Once again, members of Congress are using the government funding bill to pursue their extremist agendas,” Anthony D. Romero, executive director of the American Civil Liberties Union, said in a statement Wednesday. “Sneaking damaging and discriminatory riders into a must-pass bill usurps the democratic process and is irresponsible.”
The ACLU and, separately, a coalition of conservative organizations, are concerned about privacy issues in that bill that would allow technology companies to share private consumer information with the FBI, the National Security Agency and other government agencies. Further, the information could be used for other criminal prosecutions unrelated to cybersecurity or terrorism, according to critics.
Earlier this year, Congress rolled back the controversial NSA metadata collection program, which was first brought to light by fugitive leaker Edward Snowden. President Barack Obama signed the bill.
Rep. John Fleming (R-La.) is opposing the omnibus bill on a number of fronts.
"It includes unrelated provisions, like increasing the government's bulk collection of citizens’ personal data, while it does nothing to address the big issues of the day like enhancing American security and entitlement reform.
The provisions in the omnibus spending bill likely to be approved this week “are unlikely to increase the government’s ability to detect, intercept, and thwart cybersecurity attacks, yet would decrease accountability and public trust,” a letter from four conservative groups — FreedomWorks, Niskanen Center, R Street Institute and TechFreedom — to House Speaker Paul Ryan (R-Wis.) claimed.
“Strengthening cybersecurity should not come at the expense of exposing Americans’ personal information to malicious agents,” the letter says. “Nor should it be necessary to extend law enforcement use authorizations to non-cybersecurity purposes.”
The letter said any cybersecurity legislation attached to a “must-pass” government funding bill should include several safeguards, such as, “Clearly establishing [Department of Homeland Security] as the sole (present and future) portal for information sharing. Under no circumstance should a portal be set up at a law enforcement agency, such as the FBI, or any national security agency, including the NSA, the [Office of Director of National Intelligence], or the CIA. Nor should information be automatically shared with the NSA and [Department of Defense].”
Rya spokeswoman Ashlee Strong told TheBlaze that a version of these reforms have already passed the House and Senate.
"These reforms went through both the House and the Senate," Strong said. "There are significant privacy protections and this is a voluntary program to better share information."
Both the House and Senate took action this session on a version of cybersecurity legislation, while President Barack Obama has advocated for more government action, after several public and private sector hackings. The Office of Personnel Management as well as private companies such as Home Depot, Target, Anthem and Sony, were victims of high-profile breaches. The Government Accountability Office reported that DHS has no strategy to deal with cyber attacks. In February, Obama announced the establishment of the Cyber Threat Intelligence Integration Center.
The Cybersecurity Information Sharing Act, which already passed the Senate and the text expected to be wrapped into the broad omnibus bill, is different from House cyber legislation that allowed consumers to take legal action if the government misuses their data, wrote Ryan Radia, associate director of technology studies at the free market Competitive Enterprise Institute.
“CISA lacks a key safeguard to prevent government abuse: a private right of action that lets people sue the government if they’re injured when an agency misuses personal information it receives from a company for cybersecurity reasons,” Radia wrote. “Unlike CISA, both House bills include a private right of action, and for good reason. Without it, Americans would have to rely on government agencies to effectively and reliably police themselves—in spite of all the evidence that such ‘internal’ safeguards simply do not work.”