Major tech group comes out against cyber bill

A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.

The Computer & Communications Industry Association (CCIA) on Thursday published a blog post saying the group is “unable to support” the Cybersecurity Information Sharing Act (CISA) in its current form.


CISA would boost the exchange of cyber-threat data between companies and the government by giving businesses legal liability protection when sharing their information.

“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” wrote Bijan Madhani, public policy and regulatory counsel at CCIA. “In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”

Privacy advocates and many technologists have been fighting various iterations of the bill on similar grounds for years. In recent months, several prominent tech companies, including Apple, have joined them in opposition.

CCIA’s statement will give these opponents even more tech-industry support. The group’s members include Silicon Valley bigwigs such as Facebook, Google and Yahoo, telecom companies such as Sprint and T-Mobile, e-commerce giants Amazon and eBay, and Netflix and Microsoft.

“Members of Congress should pay attention: Nobody wants this bill,” said Evan Greer, campaign director for Fight for the Future, a digital rights group protesting CISA, shortly after CCIA made its announcement. “Not the public, not security experts and not even the industry it’s supposed to protect.”

The bill does have a broad array of proponents, including many traditional industry groups, a large bipartisan coalition of lawmakers and the White House. They have backed the measure as the necessary first step to better understand and minimize the fallout from the mammoth hacks that have plagued retailers like Target and Home Depot, banks such as JPMorgan, and Anthem, the nation’s second-largest health insurer.

“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement after the administration voiced its support in August.

On Capitol Hill, Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Tech companies duke it out at Senate hearing | Seven House Republicans vow to reject donations from Big Tech Overnight Energy: Biden will aim to cut US emissions in half by 2030 | Oil and gas leasing pause on public lands will last at least through June Senate Democrats introduce bill to reform energy tax credits MORE (D-Ore.) has been leading a small, but growing, coalition of privacy-minded lawmakers who are trying to amend the bill. Sens. Rand PaulRandal (Rand) Howard PaulHillicon Valley: Tech companies duke it out at Senate hearing | Seven House Republicans vow to reject donations from Big Tech Senate panel greenlights sweeping China policy bill Senate GOP keeps symbolic earmark ban MORE (R-Ky.) and Bernie SandersBernie SandersOn The Money: Yellen touts 'whole-of-economy' plan to fight climate change | Senate GOP adopts symbolic earmark ban, digs in on debt limit GOP lawmaker demands review over FBI saying baseball shooting was 'suicide by cop' House Dems to unveil drug pricing measure ahead of Biden package MORE (I-Vt.), both presidential candidates, have recently joined Wyden's opposition.

The group agrees with CCIA that the bill does not adequately require companies to remove sensitive data prior to sharing it with the government.

“This is a badly flawed bill,” Wyden told reporters earlier this month. “The benefits in terms of security are very modest. The privacy rights that Americans will see compromised, in my view, are very significant.”

CCIA said it is not opposed to an information-sharing bill in theory.

The group “recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats,” Madhani said.

But CISA, as written, not only undermines Americans’ privacy, Madhani added, but also allows the government to use data collected under the bill “for purposes unrelated to cybersecurity.”

Many lawmakers and officials from the finance and retail sectors, among others, have strenuously pushed back against these characterizations.

Over the years, they say, more provisions have been added requiring companies to strip personal data before it is shared with the government. The bill's authors have also narrowed the definition of “cyber threat indicator” and offered edits to further restrict government uses of the data.

“Our bill has been misportrayed,” said Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrBipartisan Senate group announces support for ban on big cat ownership Senate confirms SEC chief Gensler to full five-year term A proposal to tackle congressional inside trading: Invest in the US MORE (R-N.C.), who co-sponsors the bill, at a recent U.S. Chamber of Commerce event. “People have lied about what’s in it.”

"Some people you just can't satisfy no matter what you do," added Sen. Dianne FeinsteinDianne Emiel FeinsteinLawmakers react to guilty verdict in Chauvin murder trial: 'Our work is far from done' Senate Democrats call on Biden to restore oversight of semiautomatic and sniper rifle exports Overnight Defense: Army moves to combat sexual crimes | Eight West Point cadets expelled | Democratic senators want to restrict F-35 sale to UAE MORE (D-Calif.), the Intelligence panel's ranking member, and CISA's other co-sponsor.

It’s believed CISA could hit the Senate floor as early as next week.