Apple, Dropbox Slam CISA Cyber-Security Bill - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
10/21/2015
01:20 PM
Larry Loeb
Larry Loeb
Commentary
50%
50%

Apple, Dropbox Slam CISA Cyber-Security Bill

Apple and Dropbox join the swelling ranks of tech companies voicing their opposition to the Cybersecurity Information Sharing Act (CISA) and the lack of privacy protections.

14 Security Fails That Cost Executives Their Jobs
14 Security Fails That Cost Executives Their Jobs
(Click image for larger view and slideshow.)

Apple and Dropbox have joined a number of other tech companies in opposing the Cybersecurity Information Sharing Act (CISA), which would give the US government new powers to spy on Americans.

The companies' opposition to the bill comes a few days before the Senate expects to vote on CISA, which would enable the sharing of cyberthreat indicators between private sector businesses and the US government. It is backed by the Obama administration.

"We don't support the current CISA proposal. The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy," according to a statement released by Apple Oct. 20, The Washington Post reported

While Apple's position statement joins the trend of tech companies opposing the bill in the last few days, CEO Tim Cook has long been a strong advocate of privacy.

(Image: nikauforestT/iStockphoto)

(Image: nikauforestT/iStockphoto)

At the WSJDLive conference in Laguna Beach, Calif., Monday Cook said, "Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."

Dropbox also made a strong statement against the bill.

"While it's important for the public and private sector to share relevant data about emerging threats," said Amber Cottle, head of Dropbox global public policy and government affairs, "that type of collaboration should not come at the expense of users' privacy."

Further, Burke Norton, Salesforce's chief legal officer, told the Electronic Frontier Foundation that, "At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers' data. Contrary to reports, Salesforce does not support CISA and has never supported CISA."

Several other tech companies, including Yelp, Reddit, Twitter, and the Wikimedia Foundation (which runs Wikipedia) have come out against CISA in recent days, according to The Washington Post.

[Read 3 Reasons Why Giving Government a Backdoor Is a Bad Idea.]

Additionally, two tech industry trade groups, the Computer and Communications Industry Association (CCIA) and the Business Software Alliance (BSA), have expressed their opposition to CISA.

CCIA members include Google, Facebook, Yahoo, Amazon, CloudFlare, T-Mobile, and Netflix. BSA members include Adobe, Autodesk, Dell, IBM, Microsoft, Oracle, and Symantec.

The CCIA said in a statement that, "the mechanism for sharing of cyber threat information does not sufficiently protect users' privacy or appropriately limit the permissible uses of information shared with the government. In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties."

The statement added, "... Such a system should not come at the expense of users' privacy, need not be used for purposes unrelated to cybersecurity, and must not enable activities that might actively destabilize the infrastructure the bill aims to protect."

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
10/24/2015 | 2:46:47 PM
Re: On the offense
I won't go that far.  There are good arguments, in both theory and in practice, to be made in favor of offensive cybersecurity measures, and a lot of it is up for fair debate from both a technical and a legal/policy perspective (see, e.g., informationweek.com/government/cybersecurity/offensive-cybersecurity-theory-and-reality/d/d-id/1108269? ) but that's rather the point: it's debatable.
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/21/2015 | 7:12:36 PM
Re: On the offense
Yeah, that part of it seems not well thought out at all.

Or, perhaps, written by a policy wonk with no computer experience.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
10/21/2015 | 7:06:03 PM
On the offense
The part about authorizing steps that could harm innocent third-party systems is interesting to me; apparently CISA authorizes offensive cybersecurity measures (at least, by my reading of this interpretation of the bill).
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/21/2015 | 5:06:37 PM
Re: Apple, Dropbox Slam CISA Cyber-Security Bill
You make some valid points here.

But the problem is that the bill ,as written, does not assure privacy of the information that will be shared.

The overall goal of stopping cyberattacks is a good one, but it seems that this bill need more work on it.
UTIWARI
50%
50%
UTIWARI,
User Rank: Apprentice
10/21/2015 | 3:43:56 PM
Apple, Dropbox Slam CISA Cyber-Security Bill
Argument in favor of civili liberties is very clear, sexy and easier to make. It also makes for a positive press for these profit driven organizations when they oppose our unpopular government and any legislation seemingly attempt to impact our privacy. However, it is these same companies, however large they may be, who aren't able to provide iron clad promises of security and privacy of their customer's data. Breaches happen everyday, a small fraction of it is disclosed thanks to the disclosure laws, otherwise, consumers won't even even know (and in fact don't really know the real extent of security and privacy losses they incur as people trust these internet based companies). I believe government has an important role to play when no single company or corporate is capable of taking on the role of central agency responsible for coordinating and disseminating cyber threat information so that proactive measures can be taken by all in ways that minimizes damage. Cybersecurity is important for our healthcare, finance/banking, electric grid, power plants, national defense, education system, virtually every aspect of modern lifestyle is related to cyber. I think people should work together to jointly address this very real problem in partnership with Government. Also, we are a nation of laws, therefore, a common sense legal framework is necessary to enable cooperation. Since congress usually doesn't get it right due to lobbying pressures and the politicians aren't known to be cyber security experts, it is all the more important for the industry to work together and help to get this done right.
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll