Skip to content

Point of View: Congress Ironically Hacks CISA into "Must Pass" Omnibus Spending Bill -- Destroys Privacy


The most recent omnibus spending bill now includes the Cybersecurity Information Sharing Act of 2015.  This bill provides broad protection to companies that share loosely defined "cybersecurity" information with government, even disallowing FOIA requests attempting to learn how much information was shared. 

Whether or not you agree with CISA, it’s easy to dislike the process that is being used to shove this bill into law.  The lack of scrutiny and guerrilla tactics create the appearance that this is just a thinly veiled effort to restore warrantless government surveillance over all forms of communication, including the Internet and social media. They’re using “cybersecurity” threat as a way to scare people into approving new huge programs to monitor communications. And it’s not likely to stop here.  Officials are already complaining that encryption prevents government access to communications, and therefore companies should include a backdoor for government access.

“It’s clear now that this bill was never intended to prevent cyber attacks,” said Evan Greer, campaign director of Fight for the Future, in a statement. “It’s a disingenuous attempt to quietly expand the U.S. government’s surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security.”

None of this is good for cybersecurity. And none of it will help with terrorism. All it will do is destroy privacy and build an expensive and powerful surveillance empire.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.