When Apple and Dropbox join forces, you know something big is happening. And that something big is controversial security bill CISA, the Cybersecurity Information Sharing Act. Just days before the United States Senate is expected to take the legislation to a vote, both tech companies are voicing concerns about how much privacy will be sacrificed under the guise of security. The bill, which has long drawn the ire of tech giants like Google, Facebook, Twitter, and Reddit, would effectively make it easier for private companies to collect their users’ personal data and share it with the National Security Agency or other government branches historically involved in surveillance.
“We don’t support the current CISA proposal,” Apple said in a statement. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.” Sounding off in support was Amber Cottle, head of Dropbox global public policy and government affairs, who noted, “While it’s important for the public and private sector to share relevant data about emerging threats, that type of collaboration should not come at the expense of users’ privacy.”
Citing Apple’s experience with security matters, Tiffiniy Cheng, co-founder of the digital rights advocacy group Fight for the Future said, “Apple gets privacy and security better than most companies, and way better than Congress does. Our lawmakers’ lack of understanding of cybersecurity isn’t just embarrassing, it’s dangerous. They should listen to the experts and abandon this hopelessly flawed bill.”
And while Apple and Dropbox are the latest to join the growing legions of organizations opposed to CISA, the tech community at large remains rather divided on the bill. Notably, Internet Service Providers like Comcast, Verizon, and AT&T are considered to be part of “Team NSA” by Fight for the Future, who took “public statements made by companies in official blog posts, tweets, to the media, or via their industry associations” into consideration when determining whether companies were for or against increased surveillance. “Remaining silent on essential policy questions that affect a company’s users,” Fight for the Future added, “Was also counted against that company’s score.”
CISA advocates on the Hill claim that they have the necessary support to pass the bill, and co-sponsor Sen. Dianne Feintstein, D-Calif., pointed out, “A bank would not be able to share a customer’s name or account information.” She continued, “Things like Social Security numbers, addresses, passwords, and credit information would be unrelated to a cyberthreat and would, except in very exceptional circumstances, be removed” before finding their way into federal hands.
Still, considering the growing opposition in the public sector, many seem wary of the bill’s future. “Sharing information about cybersecurity threats is a worthy goal,” said Sen. Ron Wyden, D-Ore. “Yet if you share more information without strong privacy protections, millions of Americans will say, ‘That is not a cybersecurity bill. It is a surveillance bill.'”