Privacy advocates are stepping up their lobbying efforts against the controversial cyber threat information sharing bill currently in Congress after several tech giants indicated their support.
Activist group Fight for the Future criticized Salesforce for supporting legislation which would “grant blanket immunity for American companies to participate in government mass surveillance programs like PRISM, without meaningfully addressing any of the fundamental cyber security problems we face in the U.S.” Accordingly, Fight for the Future said it will abandon the Heroku cloud application platform within the next 90 days and encourages others to follow suit. The letter to Salesforce CEO Marc Benioff was posted on the site YouBetrayedUs.org.
Fight for the Future is calling for Web developers and organizations “to boycott Heroku/Salesforce due to their support for this bad bill,” Evan Greer, the group’s CTO, said in an email.
The bill in question is the Cybersecurity Information Sharing Act (CISA), which has been the subject of intense lobbying by privacy groups and security experts over the past few months. Co-sponsored by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.), the bipartisan bill is meant to improve public and private sector cyber security by creating incentives for businesses to share threats information with each other and with government agencies. A voluntary program, the bill sets up incentives for businesses to share threat information with each other and with government agencies, which would eventually result in tools and data to protect business and government networks.
The lawmakers may be calling the bill an information-sharing bill, but a government surveillance bill by any other name is just as dangerous. The Center for Democracy and Technology has said the bill’s “broad use permissions suggest that the legislation is as much about surveillance as it is about cyber security.”
The draft bill has pitted privacy advocates and security professionals against businesses. Privacy advocates say the bill could result in companies improperly sharing individuals’ sensitive personal information with the government — including law enforcement and surveillance agencies. Businesses, on the other hand, support the bill as it includes liability protections for those participating in the voluntary information sharing program.