This morning, the Computer and Communications Industry Association (CCIA), a trade group that represents many large technology companies including Google, Facebook, and Yahoo, published a blog post saying they do not support the current version of the Cybersecurity Information Sharing Act of 2015 (CISA.)
"[CISA] does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government," the post read, "In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties … such a system should not come at the expense of users’ privacy, need not be used for purposes unrelated to cybersecurity, and must not enable activities that might actively destabilize the infrastructure the bill aims to protect."
CCIA represents a wide range of large technology companies including: Amazon, British Telecom, Cloudflare, Dish, eBay, Facebook, Foursquare, Google, Microsoft, Netflix, Pandora, Paypal, Samsung, Sprint, T-Mobile, and Yahoo.
"Internet users are outraged that Congress is even considering legislation that undermines the basic security of the Internet by sweeping away privacy protections and letting companies off the hook when they improperly share or leak our personal information," said Evan Greer, campaign director of Fight for the Future, "Members of Congress should pay attention: nobody wants this bill. Not the public, not security experts, and not even the industry it’s supposed to protect. The safety of Internet users personal information is more fragile than ever, if Congress decides to make matters worse, everyone will know it was the result of ignorance and corruption"
This new host of companies coming out against the current version of CISA is a major blow to the already teetering legislation. It is particularly notable that T-Mobile is a member of CCIA, as the sponsors of CISA have attempted to use the recent T-Mobile / Experian information breach as an excuse to push the bill to the Senate floor, even though cybersecurity experts say CISA would have done nothing to prevent it.
Last month, the Business Software Alliance, which represents Apple, Adobe, Microsoft, Salesforce, and others, clarified that it does not support CISA after Fight for the Future launched a campaign calling out companies that had signed a letter that appeared to support CISA-like legislation.
The YouBetrayedUs.org campaign sparked a major backlash from customers and Internet users, generating thousands of emails to the companies involved, and online calls for a boycott, which quickly lead to Salesforce’s CEO taking to twitter to say that his company does not support the bill and the original BSA letter was "a mistake."
Technology companies and members of Congress are under increasing pressure to oppose CISA, which has now been delayed multiple times in the Senate after grassroots uprisings. Fight for the Future and other groups are planning to escalate their efforts targeting both Congress and technology companies that remain silent or support CISA, and will be ready if the bill comes before the Senate in the coming weeks.