Tech companies say no to CISA. Too late?

Twenty-three technology companies have come out against a U.S. Senate bill designed to encourage businesses to share cyberthreat information. Whether their opposition can stop the bill from passing is a big question mark.

This week, Apple and Dropbox joined the opposition to the Cybersecurity Information Sharing Act (CISA), as the Senate moves to vote on the bill in the coming days. Opponents, which have called the bill a surveillance bill in disguise, also include Google, Microsoft, and Amazon.com, according to a scorecard compiled by digital-rights group Fight for the Future.

Still, it appears that CISA likely has the support of 60-plus senators—enough to pass the bill in the Senate.

“I think it’s fair to say we’re facing an uphill battle to block the bill,” said a staffer for a senator opposing the bill.

But with Twitter, Yelp, and the Wikimedia Foundation also voicing opposition to the bill in recent days, opponents say they haven’t lost hope. Senators opposing the bill managed to put off an attempted vote in August.

“CISA is going to be very hard to stop, but these announcements by America’s most significant tech companies… definitely improve the privacy movement’s chances of stopping this bill.” — Holmes Wilson, co-founder of pro-privacy group Fight for the Future

“The tech company opposition to CISA is big,” the Senate staffer said. “We’ll have to see whether it makes a difference in stopping this thing.”

The voices of Apple and other tech companies opposing the bill are “impossible to ignore,” added Holmes Wilson, co-founder of Fight for the Future. “CISA is going to be very hard to stop, but these announcements by America’s most significant tech companies… definitely improve the privacy movement’s chances of stopping this bill.”

Several lawmakers spoke in favor of CISA on the Senate floor Wednesday. CISA, aiming to give businesses more information about ongoing cyberattacks and protect those who share it, “addresses a very real problem,” said Sen. Chuck Grassley, an Iowa Republican.

Tech companies who don’t like the bill don’t have to participate in the information-sharing process, added Sen. Richard Burr (R-N.C.), the bill’s sponsor.

“This is a voluntary bill; there’s nothing mandatory in it,” he said. “Choose not to inform the federal government when hackers have penetrated your system and stolen personal data out of it. Don’t ruin it for everybody else.”

It’s ironic that some of the biggest opponents of the bill are companies that “hold the largest banks of personal data in the world,” Burr added. “The decision whether they utilize this voluntary system to further protect the personal data that’s in their system is between them and their customers.”

Sponsors of CISA aim to encourage businesses to share information about cyberattacks with each other and with government agencies. The bill would protect businesses that share cyberthreat information from consumer privacy lawsuits and from federal antitrust enforcement for sharing information with competitors.

But for companies sharing threat information with government agencies, the bill has limited requirements regarding stripping out customers’ personal information, opponents say. Shared information would go to the parent agencies of the FBI and the NSA, which could in turn use the customer data to investigate crimes unrelated to cybertheft, critics say.

The bill has several procedural hurdles to clear on the Senate floor this week, and a final vote is expected early next week. If the bill passes in the Senate, it would go to a conference committee to work out the differences between CISA and two similar House of Representatives bills that have already passed.

President Barack Obama has raised concerns about privacy protections in a past cyberthreat information-sharing bill, but his administration indicated support for CISA in August. CISA’s other high-profile supporters include the U.S. Chamber of Commerce, the National Cable & Telecommunications Association, and mobile-carrier trade group CTIA.

In recent days, privacy advocates at Fight for the Future and the Electronic Frontier Foundation have pushed for the public to add their voices to the opposition.

In a Wednesday e-mail, the EFF urged people to contact their senators and voice opposition to CISA.

“CISA is fundamentally flawed because it creates aggressive spying powers for the government and broad immunity clauses for companies,” the group wrote. “It’s only your e-mails, faxes, and phone calls that have stopped this bill from moving forward.”