Some of the world’s largest tech firms have come together to issue a public protest against a controversial US cybersecurity bill.
The Cybersecurity Information Sharing Act (CISA), due to be laid out for Senate consideration in the next few weeks, has noble aims based around the sharing of threat intelligence between private companies and the government.
But its critics say it does not adequately protect users’ privacy. One of those, the Computer & Communications Industry Association (CCIA), says the current proposal fails to “limit the permissible uses of information shared with the government.”
Furthermore, the association says the existing bill will allow network defensive measures that could inadvertently cause harm to innocent third parties.
In an open letter published Thursday, the CCIA, which represents Google, Facebook, Microsoft, Amazon, and eBay, as well as several other major tech firms, said it approved of the goal of the legislation – to aid in the fight against crime and terrorism – but could not support it in its current form, saying it:
...recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats. But such a system should not come at the expense of users' privacy, need not be used for purposes unrelated to cybersecurity, and must not enable activities that might actively destabilize the infrastructure the bill aims to protect.
The CCIA says it is keen to work with the US government to improve CISA, as well as other cybersecurity legislation, but it hopes the end result will be based more around a voluntary framework backed up by a strong level of privacy protection and with appropriate restrictions on use baked in.
The current bill has attracted wide support from both Democrats and Republicans, but there are some dissenting voices on both sides of the political spectrum:
Democrat Ron Wyden of Oregon said:
CCIA represents some of the biggest names in tech and their opposition to the current version of Cisa is a shot in the arm for those of us fighting for privacy and security...
These companies understand it is untenable and bad for business to enact flawed 'cybersecurity' policies that infringe on users' privacy while doing little to prevent sophisticated hacks. By coming out against this bill, CCIA's members, including Google, Yahoo, and Facebook, have made the clear statement that they have their users' backs.
Republican Rand Paul has been less bashful in expressing his distaste for CISA – a rewrite of the highly controversial Cyber Intelligence Sharing and Protection Act (CISPA) – saying that it would “transform websites into government spies” by granting:
new spying powers that gut privacy laws and allow internet providers and websites to hand over personal data to ANY agency in the federal government.
Furthermore, Rand says, CISA would trample Fourth Amendment privacy protections, circumvent the Freedom of Information Act and give government agencies the ability to access citizens’ private information without a warrant, all without actually improving the government’s ability to prevent cyber attacks.
Not all government agencies are overly enamoured by the new bill either – in August, Department of Homeland Security Deputy Secretary Alejandro Mayorkas, said the Act “raises privacy and civil liberties concerns”, and the legal immunity given to data-sharing companies could “sweep away important privacy protections.”
Proponents of the bill – such as Senate Intelligence Committee Chairman Richard Burr and Vice Chairman Dianne Feinstein – have an entirely different point of view of course, emphasising how the sharing of information is entirely voluntary, yet eminently essential.
The pair cited the recent T-Mobile/Experian breach, although there’s no evidence it could have been prevented had there have been better lines of communication between industry and government.
Anonymous
I appreciate these big companies sticking up for our privacy I really do , but these companies are sucking up so much of our personnel data themselves they are quite hypocritical IMO.