Capitol Hill privacy advocates launch effort to repeal CISA

A bipartisan group of lawmakers are introducing legislation to repeal the Cyber Information Sharing Act of 2015, which hitched a ride on the omnibus bill at the end of 2015.

cyberattack graphic

A bipartisan group of lawmakers introduced legislation on Jan. 13 to repeal the Cybersecurity Act of 2015, which hitched a ride on the must-pass omnibus bill that was signed into law in December.

"The Cybersecurity Act was negotiated in secret by just a few members of Congress and added quietly to the 2,009-page omnibus to avoid scrutiny," Rep. Justin Amash (R-Mich.) said in a statement. "Most representatives are probably unaware they even voted on this legislation. It’s the worst anti-privacy law since the USA PATRIOT Act, and we should repeal it as soon as possible."

Amash introduced the repeal bill along with Reps. John Conyers (D-Mich.), Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Ted Poe (R-Texas), and Jared Polis (D-Colo.).

While the law "includes information that directs companies to scrub information, companies are only directed to scrub personal information if they actually have affirmative evidence that the information is not relevant to a cyber threat," Polis told FCW on Jan. 14. "That's an unrealistic impossible standard because you are asking the company to prove something that doesn't exist."

The legislation increases information sharing between the government and the private sector, something that has always been controversial among privacy groups.

Polis, who sits on the Rules Committee, said the Cybersecurity Act of 2015 was "sneaked" into the omnibus along with four to five provisions that had previously passed in the House. He argued that the law's provisions would not have prevented any of the recent high-profile cyber-attacks, such as the Office of Personnel Management breach and the Sony hack. Those incidents, he said, were possible because the people in charge of managing the cyber networks failed to use best practices on cybersecurity.

And with the current components of the bill, Polis said, information would be shared with agencies such as the NSA and DHS who "time and time again" have broken privacy rules and overstepped legal authorities. "I have no reason to believe they will abide by the privacy protections of this bill either," he said.

Polis said he expects there to be support for the bill to repeal this legislation, but it may not pass as a piece of standalone legislation.

"It might take the form of appropriation amendments or other vehicles that are available for us," he predicted.