Update: As expected, President Obama has just signed the bill, enacting both the $1.1 trillion budget and CISA.
In a nutshell, CISA was meant to allow companies to share information on cyber attacks — including data from private citizens — with other companies and the Department of Homeland Security. Once DHS had all the pertinent details, they could be passed along to the FBI and NSA for further investigation and, potentially, legal action. The thing is, critics saw the bill as way for government agencies to more easily keep tabs on Americans without their knowledge. CISA was derided by privacy advocates and tech titans alike, with companies like Amazon, Apple, Dropbox, Google, Facebook and Symantec (to name just a few) issued statements against an earlier version of the bill.
By sticking CISA into such a huge omnibus bill, there's basically no way it won't become law. And if anything, the version of CISA that was quietly slipped into this budget plays with privacy even faster and looser than the original. For one, a previously held prohibition against sharing information with the NSA has been removed, meaning America's best surveillance agency can receive pertinent data without it being handled by Homeland Security first. More importantly, the provision that required personal information to be scrubbed from cybersecurity reports also seems to have gone missing, leaving that task up to the discretion of which ever agency gets their hands on it. While the federal government has been trying to toughen its stance on cybersecurity in the wake of massive hacks on the Office of Personnel Management and Sony, we wound up with an even more effete version of a questionable plan that will soon become law.