Capitol Hill privacy advocates launch effort to repeal CISA

cyberattack graphic

A bipartisan group of lawmakers introduced legislation on Jan. 13 to repeal the Cybersecurity Act of 2015, which hitched a ride on the must-pass omnibus bill that was signed into law in December.

"The Cybersecurity Act was negotiated in secret by just a few members of Congress and added quietly to the 2,009-page omnibus to avoid scrutiny," Rep. Justin Amash (R-Mich.) said in a statement. "Most representatives are probably unaware they even voted on this legislation. It’s the worst anti-privacy law since the USA PATRIOT Act, and we should repeal it as soon as possible."

Amash introduced the repeal bill along with Reps. John Conyers (D-Mich.), Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Ted Poe (R-Texas), and Jared Polis (D-Colo.).

While the law "includes information that directs companies to scrub information, companies are only directed to scrub personal information if they actually have affirmative evidence that the information is not relevant to a cyber threat," Polis told FCW on Jan. 14. "That's an unrealistic impossible standard because you are asking the company to prove something that doesn't exist."

The legislation increases information sharing between the government and the private sector, something that has always been controversial among privacy groups.

Polis, who sits on the Rules Committee, said the Cybersecurity Act of 2015 was "sneaked" into the omnibus along with four to five provisions that had previously passed in the House. He argued that the law's provisions would not have prevented any of the recent high-profile cyber-attacks, such as the Office of Personnel Management breach and the Sony hack. Those incidents, he said, were possible because the people in charge of managing the cyber networks failed to use best practices on cybersecurity.

And with the current components of the bill, Polis said, information would be shared with agencies such as the NSA and DHS who "time and time again" have broken privacy rules and overstepped legal authorities. "I have no reason to believe they will abide by the privacy protections of this bill either," he said.

Polis said he expects there to be support for the bill to repeal this legislation, but it may not pass as a piece of standalone legislation.

"It might take the form of appropriation amendments or other vehicles that are available for us," he predicted.

About the Author

Aisha Chowdhry is a former staff writer for FCW.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.