I have some good news, and some bad news. The good news is, Firefox maker Mozilla has come out firmly against the Cyber Intelligence Sharing and Protection Act, better known as CISPA, marking the first time a Silicon Valley company has criticized the contentious cybersecurity bill. On the other hand, Microsoft — which recently hinted that it had switched to the anti-CISPA camp — has reconfirmed that, actually, it is in completely support of CISPA. How brave…
In an email with Forbes’ cybersecurity journalist Andy Greenberg, Mozilla released the following statement:
While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.
Mozilla’s complaints echo those of the most ardent CISPA critics around, groups like the Electronic Frontier Foundation (EFF). In fact, it is even more critical than that of the Center for Democracy & Technology (CDT), which believes CISPA is at least headed in the right direction, even if it is still fundamentally flawed.
Microsoft, by contrast, has once again come out in praise of CISPA following reports that it had reneged its support for the bill.
“Microsoft’s position remains unchanged,” said Christina Pearson, a Microsoft spokeswoman, in a statement to The Hill. “We supported the work done to pass cybersecurity bills last week in the House of Representatives and look forward to continuing to work with all stakeholders as the Senate takes up cybersecurity legislation.”
Microsoft, along with a slew of other firms, has long been a supporter of CISPA, having sent the House Intelligence Committee a letter (pdf) on November 30,2011, commending the committee for crafting the legislation. Facebook, Intel, IBM, AT&T, Verizon, and a vast number of other companies and industry trade groups have also backed the bill.
Originally submitted in November of last year by House Intelligence Committee Chairman Rep. Mike Rogers (R-MI) and Ranking Member Rep. Dutch Ruppersberger (D-MD), CISPA passed the House with a Republican-dominated vote of 248 to 168 on Thursday of last week. The legislation seeks to free up lines of communications between the federal government and businesses. Under CISPA, private companies may voluntarily share “cyber threat intelligence” with the federal government. The bill also allows the government to more easily share classified information with the private sector. Supporters of the bill say CISPA is necessary to help stop a “cyber 9-11.”
Critics fear, however, that CISPA is worded too broadly, allowing it to be used in ways that violate individual privacy, and erode our Fourth Amendment rights against unreasonable searches and seizures. Despite some progress on the privacy front, CISPA still explicitly overrides all preexisting laws, and gives immunity from lawsuits and criminal changes to companies who share cyber threat intelligence with the government. The bill also still allows shadowy organizations, like the National Security Agency, to access data shared under CISPA.
CISPA’s next stop is in the Senate, where it is expected to face greater opposition. There, it will go up against a number of other competing cybersecurity bills, including the Cybersecurity Act of 2012, and the SECURE IT Act. The Senate is expected to take up debate on cybersecurity legislation sometime in the coming weeks.