Cyber bill reportedly included in omnibus deal
The omnibus spending deal is reported to include the final text of a major cybersecurity bill that legislators have been working to merge since October.
Speaker Paul Ryan (R-Wis.) announced a $1.1 trillion government spending agreement to the House Republican conference late Tuesday evening which reportedly includes the final text of a major cybersecurity bill that legislators have been working to merge since the Senate passed its cyber bill in October.
The House had passed two similar cyber bills in April.
House Homeland Security Committee Chairman Michael McCaul indicated Tuesday that it appeared likely that the final text of the three cyber bills would be included in the omnibus spending bill.
Reuters surveillance policy reporter Dustin Volz confirmed via Twitter early Wednesday morning that the cyber security bill is included in the omnibus deal.
The closed-door discussions of the merged document have infuriated privacy advocates. Evan Greer, campaign director of the Fight for the Future coalition told SCMagazine.com, “Congress is making a decision that would dramatically decrease security and leave us more open to attacks, without any meaningful debate or any real transparency.”
He said the U.S. has demonstrated an inability to secure private information stored by government agencies.
“Shoehorning a new version of ‘CISA' hostile to personal privacy into a massive omnibus spending bill is troubling as a matter of substance and process,” wrote American Library Association president Sari Feldman in an email obtained by SCMagazine.com.
Privacy groups are not the only groups to bristle at the choice to include the legislation in the spending agreement. On Tuesday, Ryan Radia, associate director of technology studies at Competitive Enterprise Institute, a free enterprise think tank, wrote in a blog post that “rushing through complex legislation about which key questions remain unresolved would be a huge mistake”. He wrote, “Among many problems, CISA lacks a key safeguard to prevent government abuse: a private right of action that lets people sue the government if they're injured when an agency misuses personal information it receives from a company for cybersecurity reasons.”
“This bill will shuttle loads of data to various government agencies, and they have full immunity to not make it a priority to safeguard that data,” Greer told SCMagazine.com.