Tech Industry Trade Groups Are Coming Out Against CISA. We Need Individual Companies To Do The Same
As if “national security” weren’t enough, now Congress is trying to use “cybersecurity” as an excuse to chip away at our right to privacy—and it’s riding on the coattails of incidents like the Experian and OPM breaches. Once again for continuity, it bears repeating that the Cybersecurity Information Sharing Act (CISA) would not have stopped the recent high-profile security breaches.
We’re not falling for it, and fortunately neither are industry trade groups Computer and Communications Industry Association (CCIA) and the Business Software Alliance (BSA).
CCIA and BSA’s public opposition to the legislation is significant because it shows that tech companies are feeling the pressure to oppose the inept legislative effort, which bears striking resemblance to NSA’s ‘collect it all’ intelligence doctrine.
BSA came out in opposition to CISA after it sent a “data agenda policy letter” that seemed to indicate that it supported CISA. The organization was slammed with emails in a campaign coordinated by Fight for the Future. Shortly afterwards, the BSA issued a statement making it clear that the trade organization opposes CISA. It stated
BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress.
We will continue to work with the Congress, others in industry and the privacy community to advance legislation that effectively deals with cyber threats, while protecting individual privacy.
The CCIA also presciently recognized the important individual privacy concerns in CISA. In its opposition, the group said
CCIA is unable to support CISA as it is currently written. CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government.>
CCIA recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats. But such a system should not come at the expense of users’ privacy, need not be used for purposes unrelated to cybersecurity, and must not enable activities that might actively destabilize the infrastructure the bill aims to protect.
As Congress is currently debating the bill, and wants to pass it in a “matter of days,” the trade groups’ opposition to the bill is crucial.
Salesforce, reddit, Yelp, Twitter, and Apple Lead the Way
Although BSA and CCIA have now made public statements against CISA, most of their members haven’t. BSA includes Adobe, Autodesk, Dell, IBM, Microsoft, Oracle, and Symantec. CCIA’s counts Amazon, CloudFlare, Facebook, Google, Netflix, T-Mobile, and Yahoo! among its members. The only major companies that have publicly opposed CISA are Salesforce, reddit, Yelp, Twitter, and Apple.
After concerned activists questioned Salesforce for seemingly supporting CISA, the company came out unequivocally against the legislation. Burke Norton, the company’s Chief Legal Officer said
At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers' data. Contrary to reports, Salesforce does not support CISA and has never supported CISA.
In its opposition, reddit stated:
Reddit has opposed bad "cybersecurity" bills that undermine user privacy for years. We.
Yelp is against the bill and warned:
Congress is trying to pass a "cyber security" bill that threatens your privacy. Join us & others to oppose.
Twitter opposes the bill because:
Security+privacy are both priorities for us and therefore we can't support #CISA as written. We hope to see positive changes going forward.
Apple issued a statement today that says:
We don't support the current CISA proposal. The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy.
CISA is Not the Panacea, Other Companies Should Speak Up
CISA is fundamentally flawed in its approach to cybersecurity. Its information sharing regime wouldn’t even fix the most recent public breaches, since it doesn't address basic problems, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
Instead, CISA provides broad immunities for companies to share personal information with the federal government, vague definitions that do not define what information can and cannot be shared, information can be used for purposes unrelated to cybersecurity, and has the potential to be used as another tool to conduct surveillance.
It’s time for other tech companies to follow Salesforce, reddit, Yelp, Twitter, and Apple’s lead, especially those that claim to stand up for user privacy, to speak out in opposition to CISA.
In the meantime, you can take action and call your senator now to vote against CISA.
Recent DeepLinks Posts
Feb 27, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games