Capitol Hill privacy advocates launch effort to repeal CISA

cyberattack graphic

A bipartisan group of lawmakers introduced legislation on Jan. 13 to repeal the Cybersecurity Act of 2015, which hitched a ride on the must-pass omnibus bill that was signed into law in December.

"The Cybersecurity Act was negotiated in secret by just a few members of Congress and added quietly to the 2,009-page omnibus to avoid scrutiny," Rep. Justin Amash (R-Mich.) said in a statement. "Most representatives are probably unaware they even voted on this legislation. It’s the worst anti-privacy law since the USA PATRIOT Act, and we should repeal it as soon as possible."

Amash introduced the repeal bill along with Reps. John Conyers (D-Mich.), Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Ted Poe (R-Texas), and Jared Polis (D-Colo.).

While the law "includes information that directs companies to scrub information, companies are only directed to scrub personal information if they actually have affirmative evidence that the information is not relevant to a cyber threat," Polis told FCW on Jan. 14. "That's an unrealistic impossible standard because you are asking the company to prove something that doesn't exist."

The legislation increases information sharing between the government and the private sector, something that has always been controversial among privacy groups.

Polis, who sits on the Rules Committee, said the Cybersecurity Act of 2015 was "sneaked" into the omnibus along with four to five provisions that had previously passed in the House. He argued that the law's provisions would not have prevented any of the recent high-profile cyber-attacks, such as the Office of Personnel Management breach and the Sony hack. Those incidents, he said, were possible because the people in charge of managing the cyber networks failed to use best practices on cybersecurity.

And with the current components of the bill, Polis said, information would be shared with agencies such as the NSA and DHS who "time and time again" have broken privacy rules and overstepped legal authorities. "I have no reason to believe they will abide by the privacy protections of this bill either," he said.

Polis said he expects there to be support for the bill to repeal this legislation, but it may not pass as a piece of standalone legislation.

"It might take the form of appropriation amendments or other vehicles that are available for us," he predicted.

About the Author

Aisha Chowdhry is a former staff writer for FCW.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.