11:20 GMT29 September 2020
Listen Live
    US
    Get short URL
    5218
    Subscribe

    On Friday, US President Barack Obama approved the $1.15 trillion federal government spending bill days before the government would have run out of funding; it includes a contentious cybersecurity act which is seen by privacy activists and lawmakers as a free pass for mass surveillance and data theft.

    The bill, approved by a 316-113 vote earlier on Friday in the House of Representatives, will fund the US federal government for the next year. The US Senate passed the bill by a vote of 65-33.

    The Obama administration expressed concern that the GOP-controlled Congress had quietly included the final version of the Cybersecurity Information Sharing Act in the approved bill, according to a source close to the administration. Further deliberation over the massive omnibus spending bill, which includes approval for the funding of all 12 federal government agencies, wasn't a viable option, as current federal funding was scheduled to expire at 12:01 a.m. on December 23, according to the Wall Street Journal.

    The legislation will allow private companies to share user data with the Department of Homeland Security, which would then be obligated to share the data across "relevant government agencies," presumably including the FBI and the NSA.

    "The president has long called on Congress to pass cybersecurity information-sharing legislation that will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality and civil liberties," the official said in an interview with US News.  

    Although the bill had bi-partisan support, not everybody in the Democratic Party is happy about the controversial Cybersecurity Act. Congresswoman Zoe Lofgren of California stated that she voted against the spending bill because it included "a surveillance tool" that doesn't provide data protection.

    "This so-called ‘cybersecurity legislation' was inserted into a must-pass omnibus bill at the 11th hour, without debate," she said, adding that, "The protective measures that such a bill should have — including those I believe the Constitution requires — were removed."

    The Center for Democracy and Technology, among 50 digital rights groups that criticized the cybersecurity bill in an address to Congress prior to the vote, echoed Lofgren's statements.

    Researchers Greg Nojeim and Jadzia Butler from the Center claim that the bill doesn't have sufficient tools to prevent the collection of consumer data outside of a cybersecurity investigation.

    "The bill allows the president to later designate other ‘appropriate' civilian federal entities as information sharing portals, leaving room for scenarios in which companies would share — with full liability protection — information derived from Internet users' communications directly with federal entities such as the FBI and other agencies primarily concerned with law enforcement surveillance, not cybersecurity," they observed.

    The private sector has begun to provide personal user data to the government upon request. This move would indicate that the new law will not support efforts to prevent consumer data theft, according to Ben Johnson, a former researcher with the NSA. Companies must remain vigilant about online security in order to protect proprietary networks.

    ​"Poor [computer] hygiene is rampant," says Johnson, now chief security strategist for the Bit9+Carbon Black cybersecurity company. "Doors, at least virtual ones, are left wide open. Threat intelligence sharing is not the problem."

    Related:

    US Senate Passes Cybersecurity Bill Despite Protests of Privacy Advocates
    US Senate Approves $1.1 Trillion Omnibus Spending Package
    US Government Agencies Ignoring 840 Warnings on Poor Cybersecurity
    Tags:
    law, cybersecurity, Barack Obama, United States
    Community standardsDiscussion