Major tech group comes out against cyber bill

A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.

The Computer & Communications Industry Association (CCIA) on Thursday published a blog post saying the group is “unable to support” the Cybersecurity Information Sharing Act (CISA) in its current form.

ADVERTISEMENT

CISA would boost the exchange of cyber-threat data between companies and the government by giving businesses legal liability protection when sharing their information.

“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” wrote Bijan Madhani, public policy and regulatory counsel at CCIA. “In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”

Privacy advocates and many technologists have been fighting various iterations of the bill on similar grounds for years. In recent months, several prominent tech companies, including Apple, have joined them in opposition.

CCIA’s statement will give these opponents even more tech-industry support. The group’s members include Silicon Valley bigwigs such as Facebook, Google and Yahoo, telecom companies such as Sprint and T-Mobile, e-commerce giants Amazon and eBay, and Netflix and Microsoft.

“Members of Congress should pay attention: Nobody wants this bill,” said Evan Greer, campaign director for Fight for the Future, a digital rights group protesting CISA, shortly after CCIA made its announcement. “Not the public, not security experts and not even the industry it’s supposed to protect.”

The bill does have a broad array of proponents, including many traditional industry groups, a large bipartisan coalition of lawmakers and the White House. They have backed the measure as the necessary first step to better understand and minimize the fallout from the mammoth hacks that have plagued retailers like Target and Home Depot, banks such as JPMorgan, and Anthem, the nation’s second-largest health insurer.

“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement after the administration voiced its support in August.

On Capitol Hill, Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: NYT says Rosenstein wanted to wear wire on Trump | Twitter bug shared some private messages | Vendor put remote-access software on voting machines | Paypal cuts ties with Infowars | Google warned senators about foreign hacks Overnight Health Care: Opioids package nears finish line | Measure to help drug companies draws ire | Maryland ObamaCare rates to drop Google says senators' Gmail accounts targeted by foreign hackers MORE (D-Ore.) has been leading a small, but growing, coalition of privacy-minded lawmakers who are trying to amend the bill. Sens. Rand PaulRandal (Rand) Howard PaulConservatives left frustrated as Congress passes big spending bills Senate approves 4B spending bill Some employees' personal data revealed in State Department email breach: report MORE (R-Ky.) and Bernie SandersBernard (Bernie) SandersFive takeaways from Cruz, O'Rourke's fiery first debate Ben & Jerry’s co-founders announce effort to help 7 Dem House challengers Dems look to Gillum, Abrams for pathway to victory in tough states MORE (I-Vt.), both presidential candidates, have recently joined Wyden's opposition.

The group agrees with CCIA that the bill does not adequately require companies to remove sensitive data prior to sharing it with the government.

“This is a badly flawed bill,” Wyden told reporters earlier this month. “The benefits in terms of security are very modest. The privacy rights that Americans will see compromised, in my view, are very significant.”

CCIA said it is not opposed to an information-sharing bill in theory.

The group “recognizes the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats,” Madhani said.

But CISA, as written, not only undermines Americans’ privacy, Madhani added, but also allows the government to use data collected under the bill “for purposes unrelated to cybersecurity.”

Many lawmakers and officials from the finance and retail sectors, among others, have strenuously pushed back against these characterizations.

Over the years, they say, more provisions have been added requiring companies to strip personal data before it is shared with the government. The bill's authors have also narrowed the definition of “cyber threat indicator” and offered edits to further restrict government uses of the data.

“Our bill has been misportrayed,” said Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrTrump assures storm victims in Carolinas: 'We will be there 100 percent' Overnight Energy: Trump rolls back methane pollution rule | EPA watchdog to step down | China puts tariffs on US gas Graham: Mueller is going to be allowed to finish investigation MORE (R-N.C.), who co-sponsors the bill, at a recent U.S. Chamber of Commerce event. “People have lied about what’s in it.”

"Some people you just can't satisfy no matter what you do," added Sen. Dianne FeinsteinDianne Emiel FeinsteinGOP, Kavanaugh accuser struggle to reach deal GOP Senate candidate: Allegations against Kavanaugh 'absurd' Grassley panel scraps Kavanaugh hearing, warns committee will vote without deal MORE (D-Calif.), the Intelligence panel's ranking member, and CISA's other co-sponsor.

It’s believed CISA could hit the Senate floor as early as next week.