Congress on Friday adopted a $1.15 trillion spending package that included a controversial cybersecurity measure that only passed because it was slipped into the US government's budget legislation.

House Speaker Paul Ryan, a Republican of Wisconsin, inserted the Cybersecurity Information Sharing Act (CISA) into the Omnibus Appropriations Bill—which includes some $620 billion in tax breaks for business and low-income wage earners. Ryan's move was a bid to prevent lawmakers from putting a procedural hold on the CISA bill and block it from a vote. Because CISA was tucked into the government's overall spending package on Wednesday, it had to pass or the government likely would have had to cease operating next week.

Sen. Ron Wyden, a Democrat of Oregon, said the CISA measure, which backers say is designed to help prevent cyber threats, got even worse after it was slipped into the 2,000-page budget deal (PDF, page 1,728). He voted against the spending plan.

“These unacceptable surveillance provisions are a black mark on a worthy package that contains the biggest tax cut for working families in decades, an accomplishment I fought for in weeks of negotiations,” Wyden said in a statement. “Unfortunately, this misguided cyber legislation does little to protect Americans’ security and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers’ private data with only cursory review."

The CISA part of the spending package gives corporate America legal immunity when sharing consumers' private data about hacks and digital breaches with the Department of Homeland Security. The DHS can then funnel that information to other agencies, including the NSA and FBI, which can use that information for surveillance purposes.

Rep. Justin Amash, a Republican of Michigan, said the CISA language was tucked into the spending package to keep members of Congress in the "dark."

The President Barack Obama administration said he would sign the spending bill. The CISA language lines up with the president's priorities, which include a mandate that private companies take "reasonable efforts" to remove personal information unrelated to a cyber threat.

Rep. Zoe Lofgren, a Democrat from California, voted against the spending plan. "I was unable to vote for the Omnibus spending bill today because it included an extraneous provision purported to facilitate cybersecurity information sharing that—in effect—will function as a surveillance tool," she said in a statement.

The House voted Friday 316 to 113. The Senate later voted 65-33.

The National Retail Federation applauded the spending bill's passage, including the CISA provisions.

"Sharing information on cyber threats will create an atmosphere of community vigilance that will ensure that consumers' sensitive data is kept safe,” David French, the group's spokesman said.