Short for "Cybersecurity Information Sharing Act," CISA would allow companies to gather cybersecurity threat information from their networks and share the data "notwithstanding any other provision of law" with the Department of Homeland Security.
After that point, any shared information, even data that might compromise an individual's privacy, could also make its way to agencies like the FBI or NSA.
In October, lawmakers rejected all amendments to CISA, including those that would protect personal information or more clearly define a "cybersecurity threat" so that the law couldn't be abused. (Video via C-SPAN)
But at the time, there was still a chance for the final language of the bill to be changed or clarified. Now, its inclusion in the "omnibus" bill has privacy advocates concerned.
Fight for the Future released a statement, saying, "This puts the controversial legislation on the path to a vote without meaningful transparency or debate on the final text."
But CISA supporters still argue that sharing data would actually be voluntary for companies and that any privacy concerns are merely misunderdstandings. (Video via University of North Carolina at Charlotte)
Tossing CISA in with the federal government's budget bill means the cybersecurity legislation is now more likely to be signed into law than ever before — and this time with little room for changes.