Called the Cybersecurity Information Sharing Act (CISA), the bill is opposed by Apple, Google, Twitter and Wikipedia, while some companies like Verizon, Comcast, HP, and Cisco have either backed the legislation or remained silent, The Guardian reports.
The U.S. Chamber of Commerce and dozens of other industry and business groups support the legislation, and say it will encourage companies and the government to share information that could stop high-profile cyber attacks like the ones that affected Sony Pictures Entertainment, Target, and Anthem, Reuters reports.
While CISA is aimed at tightening online security, many are worried that it does indeed impinge on people’s civil liberties and privacy and there are concerns that it could make personal consumer information an easier target for hackers, per the Guardian.
Surprisingly, even the Department of Homeland Security has come out against it, even though the agency will serve as the entry point for all of the information from the bill, and it adds that CISA “could sweep away important privacy protections,” the Guardian notes.
A preliminary vote on the bill could happen as early as Wednesday, and it’s a tough call on how the vote will go. The bill has its bipartisan supporters and bipartisan detractors. Senator Ron Wyden (D-Ore.) directed his opposition at President Barack Obama:
“I heard for days that this bill would have prevented the OPM (Office of Personnel Management) attack,” he said. “After technologists reviewed that particular argument, that claim has essentially been withdrawn.
“There is a saying now in the cybersecurity field, Mr. President: If you can’t protect it, don’t collect it. If more personal consumer information flows to the government without strong protections, my view is that’s going to be a prime target for hackers.”
Numerous big tech companies have also voiced opposition to the bill, arguing that it doesn’t protect users’ privacy or offer much protection against cyber attacks, Reuters reports.
The Computer and Communications Industry Association (CCIA), a non-profit trade organization that represents Facebook, Google, and other tech firms, says it also opposes CISA as it is currently written. Twitter announced on Tuesday that it couldn’t support CISA in its present form.
Apple Inc., also weighed in, according to The Washington Post.
“We don’t support the current CISA proposal,” Apple said in a statement. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.”
Apple has caught heat from the government in the past for having taken an aggressive stance on user privacy, encrypting messages between iPhone users, the Post notes.
Dropbox also expressed concerns and said that the bill needed better privacy protections in order to gain the company’s support.
“While it’s important for the public and private sector to share relevant data about emerging threats,” remarked Amber Cottle, head of Dropbox global public policy and government affairs, “that type of collaboration should not come at the expense of users’ privacy.”
The Post notes that Yelp, reddit, Twitter, and the Wikimedia Foundation — responsible for running Wikipedia — have stated that they also oppose CISA.
The Silicon Valley firms Facebook and Yahoo have also raised concerns about the bill through the CCIA.
Dianne Feinstein (D-Calif.), a co-sponsor of the bill and a ranking member on the Senate Intelligence Committee, remarked Tuesday that the bill allows companies to share information on “cyber threats” with the government, but doesn’t share personal data.
“A bank would not be able to share a customer’s name or account information,” she said. “Things like Social Security numbers, addresses, passwords and credit information would be unrelated to a cyber threat and would, except in very exceptional circumstances, be removed” before being sent to authorities.
“A bank would not be able to share a customer’s name or account information,” Feinstein said. “Things like Social Security numbers, addresses, passwords and credit information would be unrelated to a cyber threat and would, except in very exceptional circumstances, be removed” before being transmitted to authorities.
That doesn’t convince Wyden, however. The steep number of tech companies allied against CISA shows that it doesn’t have sufficient privacy safeguards, he noted, per the Post.
“Sharing information about cybersecurity threats is a worthy goal,” he said. “Yet if you share more information without strong privacy protections, millions of Americans will say, ‘That is not a cybersecurity bill. It is a surveillance bill.'”
Nevertheless, the bill’s supporters think they have about 70 votes in the Senate, enough to approve the legislation, which is backed by the Obama administration.
The Internet activist organization Electronic Frontier Foundation (EFF) note that if the bill is approved, the Department of Homeland Security (DHS)will no longer be the lead agency making decisions on the “cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies — like the NSA — “in real-time.” CISA also gives companies the authority to bypass the DHS and share the information immediately with other agencies, especially the intelligence agencies, and this means that privacy protections enacted by the DHS won’t be applied to the information. That, in turn, means it will be much easier for improper and overly-expansive information sharing, the EFF reports.
Once any government agency (including local law enforcement) receives this information, it can use the information for other reasons besides cybersecurity purposes. The bill’s provisions give the government an extreme amount of leeway in how to use the information for purposes other than cybersecurity, the group notes. The public won’t know what information is being collected, shared, or used. The bill will exempt all of this from being disclosed under the Freedom of Information Act.
The EFF is encouraging the public to get in touch with their legislators to help stop CISA, and, if interested, you can do that here.