Freedom Caucus Unable to Strip Intrusive Cybersecurity Bill from Omnibus

More government snooping of Americans; less liability for big business.

Scott Shackford | 12.17.2015 11:15 AM

(Dave Bredeson | Dreamstime.com)

Can you shop at Amazon through the "dark web"? — Dave Bredeson | Dreamstime.com

It appears as though the Cybersecurity Information Sharing Act (CISA), a.k.a. the Cybersecurity Act of 2015, is going to survive negotiations to pass the omnibus, at least for now.

To refresh memories from yesterday, CISA encourages businesses to share customer data with federal agencies in the event of cyberattacks in order to assist with or improve cybersecurity. In exchange, businesses who participate are granted immunity from lawsuits from customers for breaches. That's a plum deal for the businesses, but privacy and tech activists warned that it's a loss for customers and that it probably is unlikely to actually improve cybersecurity. Even further, though the law as promoted as a way to fight against cyberattacks and terrorism, the wording also permits using the data gathered by the government to investigate and prosecute other crimes that have nothing to do with either of these categories.

This legislation has been shoved into the 2,000-page omnibus "must pass" spending bill, much to the concern of privacy advocates on both the left and the right. The conservative House Freedom Caucus, not happy with many parts of the omnibus, proposed a bunch of amendments. They wanted to add the House bill that toughened vetting of refugees from Syrian and Iraq. They also wanted to stop funding for some Obama administration mining regulations and add some other riders related to abortion written by the Pro-Life Caucus. And they wanted to strip out the Cybersecurity Act of 2015.

But they failed. Yesterday evening the Rules Committee rejected all of the amendments from the Freedom Caucus. From The Hill:

The Rules panel's decision to leave the bipartisan omnibus largely unchanged clears the way for the bill to pass the House on Friday. The lower chamber is expected to pass a major tax package on Thursday that had been negotiated alongside the spending bill.

Both bills are expected to clear the Senate and be signed into law by President Obama.

In all likelihood, most if not all of the 40 members of the Freedom Caucus will vote against the legislation. "No" votes won't just be coming from libertarian Republicans like Justin Amash (R-Mich.), though. Rep. Jared Polis (D-Colo.), who also opposes the cybersecurity bill, posted on Facebook yesterday 10 reasons why he was voting against the omnibus. Not only did he point to the Cybersecurity Act as a reason, but also the pork embedded in the bill ($14 million for a catfish inspection program that hasn't inspected any catfish), and legislative meddling in Washington, D.C.'s marijuana regulations (which Jacob Sullum blogged about this morning).

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Yale Students Totally Cool With Repealing the First Amendment

Hide Comments (23)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

The Immaculate Trouser 9 years ago

Our government runs on bureaucratic inertia. The will of the people means nothing, and it takes tremendous effort to dislodge anything once it gets to the stage of making it into unrelated legislation. After Bush and Obama, there is virtually no sense of checks and balances -- and since the two were clearly too incompetent to rule a hot dog stand (much less a country), the power vacuum seems to have been filled with great eagerness by our security and domestic bureaucracies.
1. pan fried wylie 9 years ago
  
  I will contend that, being on the other side of the regulatory apparatus, running a hot dog stand is the more difficult job.
  1. In League with the Dark Ones 9 years ago
    
    Writing the rules is easy if you don't have to worry about following them?
Hugh Akston 9 years ago

More government snooping of Americans; less liability for big business.

Everybody wins!
1. R C Dean 9 years ago
  
  Everybody who matters) wins!
Just say Nikki 9 years ago

That's a plum deal for the businesses, but privacy and tech activists warned that it's a loss for customers and that it probably is unlikely to actually improve cybersecurity.

"Probably is unlikely"? It seems certain to make cybersecurity worse. If companies give my data away, they no longer have to worry about safeguarding it. That's not an incentive for cybersecurity, but for its opposite.
1. Overt 9 years ago
  
  It's even worse than that. My company has a rather large security team. These guys are privacy fanatics, and spend their entire working day digging into other developers' shit- scanning their software, identifying exploits and forcing changes in the architecture of the systems to harden them against attack. This goes far beyond the typical SOX/PCI/SAS type controls that ensure people are changing their passwords regularly. They are disruptive and EXPENSIVE for the company.
  
  And our security program exists largely because our company knows how expensive a compromise of our systems could be. We know that customers might sue us for negligence, or that a compromise will lead users to abandon us.
  
  With this law, companies will have less incentive to fund such programs. It will start with companies like Intuit and the like who essentially have captured their market and know that people really don't have much choice but to use their systems. Many companies will continue funding (to a lesser extent) to protect their brand. However, over time the population's perspective will change. As incidents pile up, people will see this more and more a responsibility of the government, not individual companies, to address. At that point, these programs will become mere "check the box" exercises and every compromise will be the Fedgov's job to deal with.
  
  By removing accountability, this bill removes all incentive for companies to secure their systems.
  1. Loki 9 years ago
    
    As incidents pile up, people will see this more and more a responsibility of the government, not individual companies, to address.
    
    This X 1000. You see this dynamic in almost every area where government sticks it's nose in.
    1. sarcasmic 9 years ago
      
      If minimum compliance with regulation shields a company from lawsuits, then there is no incentive to do anything beyond what is mandated.
Ted S. 9 years ago

If you like your privacy, you can keep your privacy.
kinnath 9 years ago

This whole internet thing is vastly overrated. I think I'll just give it up.
Free Society 9 years ago

This is my surprised face.
sarcasmic 9 years ago

As long as companies do the bare minimum required by regulators, then they are immune from lawsuits.

What could possibly go wrong?
Pl?ya Manhattan. 9 years ago

Omnibus is latin for "we all get fucked"
1. Loki 9 years ago
  
  I thought it meant "bend over and grab your ankles."
  1. Pl?ya Manhattan. 9 years ago
    
    That's the King James translation. And you left out "everybody".
2. 3 9 years ago
  
  Seems that way.
3. Seguin, the Mighty Monoclops 9 years ago
  
  Omnibukkake (n.) - A spending bill that leaves not only the taxpayer completely humiliated, but leaves a large amount of sticky residue on him/her that is impossible to clean off.
bassjoe 9 years ago

The federal government can't effectively sift through the information it receives now from a gazillion sources in the private sector; most of the information received is completely useless because "suspicious activity" is essentially anything that cannot be proven by a private company's compliance officer to be definitely not-suspicious (yes, that's proving a negative). That's because the private sector is incredibly poor at detecting crimes; most don't have personnel with law enforcement experience on staff (to the extent that would actually help).

So let's add EVEN MORE useless information on "suspicious activities" for the government to sift through to the pile.
B. Woodrow Chippenhaus 9 years ago

The Freedom Caucus just got a huge 'Fuck You' from the GOP establishment after they were kind enough to knuckle under and elect Paul Ryan as Speaker of the House. Sure hope they remember this the next time the rank and file GOP shits come looking for votes for some 'vital' piece of god-awful legislation.
BearOdinson 9 years ago

"...CISA encourages businesses to share customer data with federal agencies in the event of cyberattacks in order to assist with or improve cybersecurity."

I could have sworn there was a process by which the government can get information from people related to a crime. Something, something, WARRANT!
TKList 9 years ago

This is what is wrong with Congress and Republicans can not blame Democrats this time.
kinnath 9 years ago

Next you'll tell me Santa Claus doesn't exist.

Please log in to post comments

Latest

How Trump's Tariffs and Immigration Policies Could Make Housing Even More Expensive

Photo: Dire Wolf De-extinction

How Making GLP-1s Available Over the Counter Can Unlock Their Full Potential

Bob Menendez Does Not Deserve a Pardon

12-Year-Old Tennessee Boy Arrested for Instagram Post Says He Was Trying To Warn Students of a School Shooting

Recommended

Login Form