Tech Giants Facebook, Google, Yahoo Speak Out Against Cyber Security Bill 'CISA,' Due Before US Senate

Privacy activists aren’t the only ones who hate CISA. A lobbying group representing some of the most powerful technology companies in the world said Thursday it opposes the Cybersecurity Information Sharing Act, a bill due for consideration in the U.S. Senate.

The bill, which proposes to “improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes,” has undergone a number of revisions since it was introduced in July 2014. The primary concern for the Electronic Frontier Foundation, Fight for the Future, and other privacy organizations has been that vague language in the bill would remove safeguards meant to prevent companies from sharing customer information without their permission. Now, it seems, the group representing Facebook, Google, Yahoo, and multiple cybersecurity companies agrees.

“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” the Computer and Communications Industry Association said in a statement. The group also represents Netflix, eBay, Microsoft, Amazon, T-Mobile and others.

“In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties. …. Current legal authorities permit companies to share cyber threat indicators with the government where necessary to protect their rights and the rights of their users, and should not be discounted as useful existing mechanisms.”

This statement comes after Sens. Dianne Feinstein, D-Calif, and Richard Burr, R-N.C., the leaders of the Senate Intelligence Committee, cited a breach at T-Mobile/Experian as proof that Congress should pass CISA quickly. The problem, according to cybersecurity experts, is that the Experian was hacked only after the credit data company implemented encryption incorrectly. CISA wouldn’t have made a difference.