Congressman plans bill to repeal CISA-like legislation included in omnibus

Congressman Justin Amash (R-Mich.) plans to introduce legislation to undo a cybersecurity law that critics say secretly allows the federal government to spy on Americans.

The Cybersecurity Act of 2015 was included in Congress’ year-end spending bill, a piece of must-pass legislation known as the omnibus.

“Many of my colleagues remain unaware that a massive surveillance bill was snuck into the omnibus,” Amash said in a statement provided to the Daily Dot. “And if they are aware, they may have been misled into believing this bill is about cybersecurity.”

On Dec. 18, the House passed the end-of-year omnibus bill, a $1.8 trillion catch-all that included everything from repeals of oil export bans to increased funding for the International Monetary Fund. Two days before its inevitable passage, lawmakers updated the bill to include language from the Cyber Information Sharing Act (CISA), a bill that makes it easier for companies to share details of cyberattacks with the government but is universally loathed by privacy advocates. 

The Cybersecurity Act of 2015 allows companies like Facebook, Google, or Visa to share cyber threat data—digital evidence of a cyberattack—with the Department of Homeland Security. It also grants American firms immunity from prosecution for sharing data that may include customers’ personal data.

“Ultimately this will be fairly embarrassing for Congress.”

Proponents of the bill say it will help protect companies and their customers from data breaches and other cyberattacks. Critics believe the new law would allow government agencies to more easily access Americans’ personal information and share it with the National Security Agency. An analysis by the Open Technology Institute found citizens’ privacy would be more adversely affected by the final language of the omnibus bill than by CISA drafts.

“Just like the Patriot Act, [Congress] re-wrote the final [omnibus] bill in secret and snuck it through Congress before most people could even read it,” Nathan White, Senior Legislative Manager at Access, an Internet freedom-supporting nonprofit, told the Daily Dot. “And just like the Patriot Act, the bill will be used for far more than what Members of Congress think that they are authorizing. Ultimately this will be fairly embarrassing for Congress.”

Amash opposed CISA’s language in the bill before it passed, going so far as to circulate a letter citing tech companies’ opposition and calling it “anti-privacy legislation,” but to little avail. Amash is part of the House Freedom Caucus, which, citing the omnibus’s large price tag, had already vowed to oppose the bill anyway, forcing House Speaker Paul Ryan (R-Wisc.) to find votes elsewhere.

Amash has a long history of trying to reduce government surveillance on American citizens. After NSA contractor Edward Snowden leaked evidence that the agency was storing the phone records of large numbers Americans without individual warrants, Amash acted faster than anyone in Congress, introducing a narrowly-defeated amendment bill to defund the program, and he has repeatedly condemned the post-9/11 Patriot Act for providing legal basis for that program.

Any bill Amash has in mind will have to be introduced after Congress reconvenes on Jan. 6.

Photo via Gage Skidmore / Flickr (CC by 2.0) | Remix by Max Fleishman