Microsoft backs off CISPA support: Does it matter?


The Cyber Intelligence Sharing and Protection Act (CISPA) may have easily passed the House of Representatives last week, but it appears that support for the controversial cybersecurity bill is beginning to crumble. Over the weekend, Microsoft, long considered a CISPA supporter, told CNet that it now has concerns about the bill regarding personal privacy.

As Declan McCullagh reports:

In response to queries from CNET, Microsoft, which has long been viewed as a supporter of the Cyber Intelligence Sharing and Protection Act, said this evening that any law must allow “us to honor the privacy and security promises we make to our customers.”

Microsoft added that it wants to “ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy.”

While this is far from an outright condemnation of the bill, it is clear that Microsoft shares some of the concerns about CISPA that privacy advocates have been expressing for months. It is also a significant change in Microsoft’s position (pdf), which was that it “applauded” the bill’s leadership for drafting the legislation.

Depending on who you talk to, the primary complaints about CISPA, which allows the government and businesses to more easily share “cyber threat intelligence” with each other, are as follows:

First, CISPA removes any liability from companies that share information with the federal government, as long as the data is somehow related to a number of categories, including “cybersecurity” or “national security.” Both of these categories remain overly broad, for some critics.

Second, CISPA allows the National Security Agency, and other government organizations that lack clear public oversight, to access the information, which remains one of two primary complaints of the Center for Democracy & Technology, a leader in the fight against CISPA.

Third — and this is the one area Microsoft likely has beef with — CISPA would supersede all other laws. Because of this, it is not possible for companies to offer any real privacy protection for their users whatsoever, since businesses could simply override any privacy policy anytime they like by sharing user data with the government. Nothing about that provision would allow Microsoft to “honor the privacy and security promises” it makes to its customers — at least, not in any legal way.

Now, it is important to note that CISPA does not require anyone to sharing anything. Microsoft could simply say, “We are never going to turn any cyber threat intelligence over to the government,” and in doing so maintain users’ privacy expectations. It could even strip all of the data it shares of any personally identifiable details, like name, IP address, or anything else it fears might cause customers to rebel. It could — but it wouldn’t be legally required to do so, and therein lies the problem: CISPA removes current protections for individual privacy while failing to replace them with anything equally robust.

Another problem is that CISPA has overwhelming support from the business community. Given Microsoft’s high profile, it’s possible that other companies will back off as well. (Though there’s no evidence that they have done so yet.) But if they don’t, the pro-CISPA camp will remain vast and powerful.

Regardless, it is encouraging to see Microsoft moving in this direction. And I hope other companies will follow suit. As I’ve mentioned before, it is highly unlikely that CISPA will make it through the Senate without undergoing some serious changes. And the provision in CISPA that allows companies to ignore all existing laws could possibly be stripped from the legislation.

All that said, CISPA remains highly problematic for a number of reasons, as mentioned above. But the bill’s passage by the House appears to have only incited more opposition to the bill, not less — and none of it has to do with Microsoft, at least not yet.

CISPA is expected to go before the Senate sometime in May.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.


Lisa Su wants to lead AMD and the tech industry into the future

AMD may have played second fiddle to Intel and Nvidia for many years, but that looks set to change in 2019. Along with major product announcements at Computex, CEO Lisa Su made it clear: AMD is ready to lead.

Tesla is now doomed. Here’s how its EV dream will soon come crashing down

Tesla changed the world when it introduced the Roadster. Without it, the EVs from every major company would not be on sale today. It has also run out of hope of ever surviving.
Movies & TV

How I learned to stop worrying and love Robert Pattinson as Batman

Robert Pattinson playing Batman is big news, and it's far from the end of the world for DC's Dark Knight, despite what some fans have argued. Here's why the Twilight actor could mean good things for the DC Comics hero.

iTunes had to die to be reborn, and it’s making me nostalgic

Apple’s decision to kill off iTunes-as-we-know-it, as announced during WWDC 2019, makes me nostalgic because I still rely on iTunes today for the same reason it was created back in 2001.

How the Mac Pro’s modular internals prophesy a new future for PC design

Apple's new Mac Pro is here and it looks set to offer video editors a perfect blend of sheer power and expansive expandability. But what if the changes in Apple's new system bleed through into the PC industry as a whole?

The new Mac Pro was the only way to save the Mac from the iPad’s killing blow

The Mac Pro and the iPad were in the spotlight this year at WWDC 2019. Why? Well, the two products paint an interesting picture about the future of both platforms and where Apple is headed with them.

Sign In with Apple sticks it to Google and Facebook, for the good of everyone

Apple wants you to use its new Sign In with Apple service, which promises to free you from password hell, without selling your soul to the advertising devil. Is it worth using when it launches this year?

As Google keeps racing ahead, where is Apple’s A.I. strategy?

The contrast between Google’s I/O developer conference and Apple’s WWDC on the topic of artificial intelligence is stark, but what does it mean? We take a look at how Apple has fallen behind and what it might do to catch up.
Movies & TV

Why choose? Disney Plus and Netflix are the peanut butter and jelly of streaming

Instead of debating which streaming video service is better, we should instead be talking about how Netflix and Disney Plus are two equally great and totally different streaming options that will go even better together.

Google Stadia’s platform for everyone promise is already broken

Google Stadia, the upcoming cloud gaming service, pitches itself on accessibility. It's a platform for everyone, playable on any screen. Except that's not quite true. Stadia has many restrictions, terms, and conditions.

Orwell’s 1984 was nothing like actual 1984. But it’s exactly like 2019

70 years ago today, George Orwell published 1984: a dystopian novel that sat squarely in the realm of fiction at the time it was published. Today, however, the book is an astonishingly accurate depiction of the world we live in now -- and…

Microsoft's Xbox Project Scarlett console is awesome, and it doesn't matter

Microsoft has set a release date for Project Scarlett, its next-generation game console. It promises incredible performance, stunning 8K visuals, and lightning-quick load times -- but none of that matters. The console's relevance is waning.

BMW’s i8 Roadster is the Mazda Miata of hybrids. And I mean that in a good way

The i8 Roadster is not best in class for power, speed, or outright abilities. What is does offer is some of the best driving fun for the money. Sounds exactly like the Mazda MX-5 Miata to us.

Ubisoft says its games ignore politics. So why are they so political?

Prior to E3, Ubisoft reiterated again that it doesn't make political statements in games. At its press conference, however, we saw previews of Watch Dogs Legion and Ghost Recon Blackpoint that suggest otherwise.