A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.
The Computer & Communications Industry Association (CCIA) on Thursday published a blog post saying the group is “unable to support” the Cybersecurity Information Sharing Act (CISA) in its current form.
{mosads}CISA would boost the exchange of cyber-threat data between companies and the government by giving businesses legal liability protection when sharing their information.
“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” wrote Bijan Madhani, public policy and regulatory counsel at CCIA. “In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”
Privacy advocates and many technologists have been fighting various iterations of the bill on similar grounds for years. In recent months, several prominent tech companies, including Apple, have joined them in opposition.
CCIA’s statement will give these opponents even more tech-industry support. The group’s members include Silicon Valley bigwigs such as Facebook, Google and Yahoo, telecom companies such as Sprint and T-Mobile, e-commerce giants Amazon and eBay, and Netflix and Microsoft.
“Members of Congress should pay attention: Nobody wants this bill,” said Evan Greer, campaign director for Fight for the Future, a digital rights group protesting CISA, shortly after CCIA made its announcement. “Not the public, not security experts and not even the industry it’s supposed to protect.”
The bill does have a broad array of proponents, including many traditional industry groups, a large bipartisan coalition of lawmakers and the White House. They have backed the measure as the necessary first step to better understand and minimize the fallout from the mammoth hacks that have plagued retailers like Target and Home Depot, banks such as JPMorgan, and Anthem, the nation’s second-largest health insurer.
“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement after the administration voiced its support in August.
On Capitol Hill, Sen. Ron Wyden (D-Ore.) has been leading a small, but growing, coalition of privacy-minded lawmakers who are trying to amend the bill. Sens. Rand Paul (R-Ky.) and Bernie Sanders (I-Vt.), both presidential candidates, have recently joined Wyden’s opposition.
The group agrees with CCIA that the bill does not adequately require companies to remove sensitive data prior to sharing it with the government.
“This is a badly flawed bill,” Wyden told reporters earlier this month. “The benefits in terms of security are very modest. The privacy rights that Americans will see compromised, in my view, are very significant.”
CCIA said it is not opposed to an information-sharing bill in theory.
The group “recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats,” Madhani said.
But CISA, as written, not only undermines Americans’ privacy, Madhani added, but also allows the government to use data collected under the bill “for purposes unrelated to cybersecurity.”
Many lawmakers and officials from the finance and retail sectors, among others, have strenuously pushed back against these characterizations.
Over the years, they say, more provisions have been added requiring companies to strip personal data before it is shared with the government. The bill’s authors have also narrowed the definition of “cyber threat indicator” and offered edits to further restrict government uses of the data.
“Our bill has been misportrayed,” said Senate Intelligence Committee Chairman Richard Burr (R-N.C.), who co-sponsors the bill, at a recent U.S. Chamber of Commerce event. “People have lied about what’s in it.”
“Some people you just can’t satisfy no matter what you do,” added Sen. Dianne Feinstein (D-Calif.), the Intelligence panel’s ranking member, and CISA’s other co-sponsor.
It’s believed CISA could hit the Senate floor as early as next week.