Major tech group comes out against cyber bill

A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.

The Computer & Communications Industry Association (CCIA) on Thursday published a blog post saying the group is “unable to support” the Cybersecurity Information Sharing Act (CISA) in its current form.

ADVERTISEMENT

CISA would boost the exchange of cyber-threat data between companies and the government by giving businesses legal liability protection when sharing their information.

“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” wrote Bijan Madhani, public policy and regulatory counsel at CCIA. “In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”

Privacy advocates and many technologists have been fighting various iterations of the bill on similar grounds for years. In recent months, several prominent tech companies, including Apple, have joined them in opposition.

CCIA’s statement will give these opponents even more tech-industry support. The group’s members include Silicon Valley bigwigs such as Facebook, Google and Yahoo, telecom companies such as Sprint and T-Mobile, e-commerce giants Amazon and eBay, and Netflix and Microsoft.

“Members of Congress should pay attention: Nobody wants this bill,” said Evan Greer, campaign director for Fight for the Future, a digital rights group protesting CISA, shortly after CCIA made its announcement. “Not the public, not security experts and not even the industry it’s supposed to protect.”

The bill does have a broad array of proponents, including many traditional industry groups, a large bipartisan coalition of lawmakers and the White House. They have backed the measure as the necessary first step to better understand and minimize the fallout from the mammoth hacks that have plagued retailers like Target and Home Depot, banks such as JPMorgan, and Anthem, the nation’s second-largest health insurer.

“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement after the administration voiced its support in August.

On Capitol Hill, Sen. Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Presented by National Taxpayers Union — Top Dems call for end to Medicaid work rules | Chamber launching ad blitz against Trump drug plan | Google offers help to dispose of opioids Top Dems call for end to Medicaid work rules after 18,000 lose coverage in Arkansas Overnight Health Care — Presented by National Taxpayers Union — Drug pricing fight centers on insulin | Florida governor working with Trump to import cheaper drugs | Dems blast proposed ObamaCare changes MORE (D-Ore.) has been leading a small, but growing, coalition of privacy-minded lawmakers who are trying to amend the bill. Sens. Rand PaulRandal (Rand) Howard PaulThe Hill's 12:30 Report: Trump escalates fight with NY Times The 10 GOP senators who may break with Trump on emergency On unilateral executive action, Mitch McConnell was right — in 2014 MORE (R-Ky.) and Bernie SandersBernard (Bernie) SandersKamala Harris: Trump administration ‘targeting’ California for political purposes Harry Reid says he won’t make 2020 endorsement until after Nevada caucus Gillibrand to appear on Fox News Monday night MORE (I-Vt.), both presidential candidates, have recently joined Wyden's opposition.

The group agrees with CCIA that the bill does not adequately require companies to remove sensitive data prior to sharing it with the government.

“This is a badly flawed bill,” Wyden told reporters earlier this month. “The benefits in terms of security are very modest. The privacy rights that Americans will see compromised, in my view, are very significant.”

CCIA said it is not opposed to an information-sharing bill in theory.

The group “recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats,” Madhani said.

But CISA, as written, not only undermines Americans’ privacy, Madhani added, but also allows the government to use data collected under the bill “for purposes unrelated to cybersecurity.”

Many lawmakers and officials from the finance and retail sectors, among others, have strenuously pushed back against these characterizations.

Over the years, they say, more provisions have been added requiring companies to strip personal data before it is shared with the government. The bill's authors have also narrowed the definition of “cyber threat indicator” and offered edits to further restrict government uses of the data.

“Our bill has been misportrayed,” said Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrCohen to testify before Senate Intel on Tuesday Harris on election security: 'Russia can't hack a piece of paper' Schiff: Evidence of collusion between Trump campaign, Russia 'pretty compelling' MORE (R-N.C.), who co-sponsors the bill, at a recent U.S. Chamber of Commerce event. “People have lied about what’s in it.”

"Some people you just can't satisfy no matter what you do," added Sen. Dianne FeinsteinDianne Emiel FeinsteinFeinstein says she thinks Biden will run after meeting with him Trump judicial nominee Neomi Rao seeks to clarify past remarks on date rape Bottom Line MORE (D-Calif.), the Intelligence panel's ranking member, and CISA's other co-sponsor.

It’s believed CISA could hit the Senate floor as early as next week.