The pertinent part is as follows;
SEC. 3. ADDRESSING INFORMATION AND COMMUNICATION TECHNOLOGY PRODUCTS AND SERVICES THAT POSE UNDUE OR UNACCEPTABLE RISK.
(a) In General.-The Secretary, in consultation with the relevant executive department and agency heads, is authorized to and shall take action to identify, deter, disrupt, prevent, prohibit, investigate, or otherwise mitigate, including by negotiating, entering into, or imposing, and enforcing any mitigation measure to address any risk arising from any covered transaction by any person, or with respect to any property, subject to the jurisdiction of the United States that the Secretary determines-
(1) poses an undue or unacceptable risk of-
(A) sabotage or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology products and services in the United States;
(B) catastrophic effects on the security or resilience of the critical infrastructure or digital economy of the United States;
(C) interfering in, or altering the result or reported result of a Federal election, as determined in coordination with the Attorney General, the Director of National Intelligence, the Secretary of Treasury, and the Federal Election Commission; or
(D) coercive or criminal activities by a foreign adversary that are designed to undermine democratic processes and institutions or steer policy and regulatory decisions in favor of the strategic objectives of a foreign adversary to the detriment of the national security of the United States, as determined in coordination with the Attorney General, the Director of National Intelligence, the Secretary of Treasury, and the Federal Election Commission; or
(2) otherwise poses an undue or unacceptable risk to the national security of the United States or the safety of United States persons.
(b) Procedure.-
(1) IN GENERAL.-Not later than 180 days after the date of enactment of this Act, the Secretary, in consultation with the relevant executive department and agency heads, shall review any transaction described in subsection (a) to-
(A) determine, not later than 180 days after the date on which the Secretary initiates such review, if such transaction poses an undue or unacceptable risk under subsection (a)(2) and qualifies as a covered transaction; and
(B) with respect to a transaction found to pose an undue or unacceptable risk and qualify as a covered transaction, determine whether-
(i) the covered transaction should be prohibited; or
(ii) any other action should be taken to mitigate the effects of the covered transaction.
What this essentially says is the Government has the right to determine is they don't like something. BUT, how do they know that 'something' is valid as something that should be treated per the legislation without due process, i.e. due process is the process by which 'something' would be determined to warrant 'corrective' action. Once judged to warrant such action, such action would then be taken.
The legislation outlined above, completely BYPASSES due process and instead grants Government a unilateral 'right' to 'lawfully' assume 'something' to warrant action without actually knowing this to be the case. In other words, it throws due-process out the window, and the rights afforded to citizens therein.
The hyperbole that this is '
patriot act level spying' is, in fact, demonstrable true.
Worse yet, this effectively destroys whistleblowing (in the broadest sense), making it lawful to prosecute under the guise of "National Security".