The controversial 'surveillance' act Obama just signed

President Barack Obama signed into law a $1.1 trillion spending bill last Friday, staving off a potential government shutdown — and in the process, quietly inaugurated what some have called a second Patriot Act.

As part of the more-than-2,000-page document, the 14th rider to be exact, the appropriations omnibus includes the Cybersecurity Act of 2015. Buried within that section is the text of the Cybersecurity Information Sharing Act (CISA), a bill that seeks to permit private companies to handover information to federal agencies.

In essence, the law allows companies to directly share information with the Department of Defense (including the National Security Agency) without fear of being sued. This info can be used for cybersecurity purposes, but critics have keyed into the law's allowance for using the data to address or investigate a "specific threat" of death, serious bodily harm, serious economic harm, terrorism, harm to a minor and more.

As Wired noted, an earlier bill only allowed information sharing in the case of "imminent threats," but the new "specific" verbiage disregards any timeliness.

The House Committee on Rules described the information sharing measure as "a voluntary cybersecurity information sharing process that will encourage public and private sector entities to share cyberthreat information, without legal barriers and the threat of unfounded litigation — while protecting private information."

As benign as that description may sound, several legislators released comments decrying the implications of the CISA measures.

"I was unable to vote for the omnibus spending bill today because it included an extraneous provision purported to facilitate cybersecurity information sharing that — in effect — will function as a surveillance tool," California Rep. Zoe Lofgren said in a statement.

Oregon Sen. Ron Wyden was even more critical, saying the "unacceptable surveillance provisions" are a "black mark" on the rest of the appropriations bill. He even implied that the information sharing provisions are worse than in previous incarnations.

"Ultimately, I cannot vote for this badly flawed CISA bill. The latest version of CISA is the worst one yet — it contains substantially fewer oversight and reporting provisions than the Senate version did," he said in a statement. "That means that violations of Americans' privacy will be more likely to go unnoticed."

To Wyden's point, 55 civil society groups, security experts and academics, wrote earlier this year that CISA would "seriously threaten privacy and civil liberties, and could undermine cybersecurity, rather than enhance it."

These complaints may be blowing the scope of the bill out of proportion, according to Randy Sabett, vice chair of the privacy and data protection group at the law firm Cooley.

"I try to maintain a relatively open mind toward the arguments that people raise when they start talking about privacy and civil liberties, but I guess where I have difficulty is with some of these sweeping statements that it's a pure surveillance bill," he said.

Sabett pointed to CISA's voluntary nature — it doesn't compel any company to share data with the government, only prevents them from being sued for it. On the other hand, the law unequivocally requires both federal authorities and companies to scrub personal information from shared data.

Additionally, the law compels the government to issue regular privacy update reports to monitor any abuses, Sabett said.

And there are many who support the information sharing law, including Obama administration officials and industry groups.

"Cybersecurity is a top priority for DHS and the Obama administration, and this bipartisan effort is a significant step forward in strengthening our nation's cybersecurity," Homeland Security Secretary Jeh Johnson said in a statement after the omnibus spending bill was passed. "I look forward to working with Congress on further strengthening DHS' cybersecurity mission."