The tech industry is not a fan of the proposed Cybersecurity Information Sharing Act (CISA) currently being deliberated by the US Congress.
The Computer & Communications Industry Association (CCIA), which represents Amazon, Google, Facebook, Microsoft, and more big tech companies, has published a blog post slamming CISA, arguing it “does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government.”
CISA is intended to help facilitate the sharing of companies’ data with the US government in order to prevent and tackle crime. If passed, A US citizen wouldn’t be able to sue Google, say, using privacy/antitrust laws for passing on their data to US law enforcement. It also provides immunity from the Freedom of Information Act, The Guardian reports. But it has become the subject of vocal criticism from privacy activists.
After industry group BSA (which includes Salesforce, IBM, Adobe, and others) wrote a letter apparently supporting CISA, internet activist group Fight For The Future launched a campaign called YouBetrayedUs.org lambasting the group’s members over it.
“Many of these companies have previously claimed to fight for their users’ privacy rights,” the website says, “but by supporting this type of legislation, they have made it clear that they have abandoned that position, and are willing to endanger their users’ security and civil rights in exchange for government handouts and protection.”
Salesforce CEO Marc Benioff subsequently took to Twitter to distance himself from the controversial bill. “The letter clearly was a mistake and doesn’t imply CISA support,” he wrote. “To clarify. I’m against it.”
Here’s what Bijan Madhani, general counsel of CCIA, wrote about CISA (emphasis ours):
CCIA is unable to support CISA as it is currently written. CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government. In addition, the bill authorizes entities to employ network defence measures that might cause collateral harm to the systems of innocent third parties.
It is important to note that while appropriately constructed cybersecurity information sharing legislation can provide a more efficient regime for the voluntary sharing of appropriately limited information between the private sector and government, it is not the only means through which information sharing can occur. Current legal authorities permit companies to share cyber threat indicators with the government where necessary to protect their rights and the rights of their users, and should not be discounted as useful existing mechanisms.
The US Department of Homeland Security (DHS) has been critical of the bill, which The Guardian reports has bipartisan support. According to The Register, opponents include “champion of the free and open internet” Ron Wyden, as well as Bernie Sanders and Rand Paul — two presidential candidates.
In a statement, Fight For The Future campaign director Evan Greer hailed the CCIA’s position. “Members of Congress should pay attention: nobody wants this bill. Not the public, not security experts, and not even the industry it’s supposed to protect,” he said. “The safety of Internet users personal information is more fragile than ever, if Congress decides to make matters worse, everyone will know it was the result of ignorance and corruption.”