GREEN AS GRASS APPLE CEO Tim Cook continues to ride around on a privacy horse, and has revealed that Apple cannot stand by the controversial Cybersecurity Information Sharing Act (CISA).
Cook and Apple are not alone here, but they carry a lot of weight when it comes to customer base and potential impact. Also, quite a lot of things that Apple does, see iPhones and tablets, are fashionable and popular. This could extend to the opposition of this onerous legislation.
Apple told The Washington Post: "We don't support the current CISA proposal. The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."
Storage thang Dropbox has also stepped forward, again confirming its position to The Washington Post. We asked the company to comment, and it was keen on sharing.
"We care deeply about the privacy and security of our users and can't support CISA as currently written without more robust privacy protections," said Amber Cottle, head of global public policy and government affairs, Dropbox.
"While it's important for the public and private sector to share relevant data about emerging threats, that type of collaboration should not come at the expense of users' privacy."
Privacy group Fight for the Future is already celebrating Apple having joined the burgeoning campaign.
"Apple gets privacy and security better than most companies, and way better than Congress does," said Fight for the Future co-founder Tiffiniy Cheng,
"Our lawmakers' lack of understanding of cyber security isn't just embarrassing, it's dangerous. They should listen to the experts and abandon this hopelessly flawed bill."
Fight for the Future is a very vocal opponent of such foot-on-throat regulation, and is ready to launch the Internet Defence League and its network of 1,500 supporting sites in the direction of the Senate as it prepares to discuss and debate the CISA.
The Electronic Frontier Foundation is also revving its opposition engines, and has made it clear that it doesn't have the time for CISA.
"CISA provides broad immunities for companies to share personal information to the federal government, vague definitions that do not define what information can and cannot be shared, what information can be used for purposes unrelated to cyber security, and has the potential to be used as another tool to conduct surveillance," the group said in a call to arms.
"It's time for other tech companies to follow Salesforce, Reddit, Yelp, Twitter, and Apple, especially those that claim to stand up for user privacy, and to speak out in opposition to CISA."
The past few days has seen more meat added to the opposition camp, including reviews site Yelp, information dox outfit Wikipedia and people mood and thought diary Twitter. Combined they represent a united opposition, and a huge user and customer base, against CISA.
Twitter used its account concerned with policy, to stake out its opposition.
Security+privacy are both priorities for us and therefore we can't support #CISA as written. We hope to see positive changes going forward.— Policy (@policy) October 20, 2015
The arrival of fresh support from California was welcomed by Fight for the Future. Evan Greer, head of the outfit, expressed pleasure at the public backing from Twitter, having already celebrated the other arrivals earlier this week.
"Twitter is joining a growing chorus of major technology companies that have recently come out strongly against the latest version of CISA, echoing concerns from security experts and privacy advocates that CISA would fail to prevent cyber attacks while dramatically expanding government surveillance and undermining user privacy," said Greer.
Congress is trying to pass a "cyber security" bill that threatens your privacy. Join us & others to oppose: http://t.co/WtpEoS4ESS— Yelp (@Yelp) October 19, 2015
"Over the weekend Yelp, Reddit, and Wikipedia weighed in against CISA. Last week, the Computer & Communications Industry Association (CCIA), an industry association representing tech giants Google, Facebook, Yahoo, Amazon, Sprint, and others, also issued a statement slamming the bill.
"Mozilla, imgur, WordPress, Craigslist, Namecheap, and hundreds of other companies have opposed CISA and similar information sharing legislation in the past."
Greer reckons that the last minute swelling might work in favour of the no camp when CISA hits the US government for debate and approval.
The CISA is up for debate in the dusty Senate in the next few weeks. It is painted as a benefit in terms of terrorism and information sharing, but the CCIA, which supports such aims, sees it as a big negative and would like to see it rewritten.
"The CCIA fully supports [the] goal. However, the CCIA is unable to support CISA as it is currently written. CISA's prescribed mechanism for the sharing of cyber threat information does not sufficiently protect users' privacy or appropriately limit the permissible uses of information shared with the government," said the CCIA in a blog post.
"In addition, the bill authorises entities to employ network defence measures that might cause collateral harm to the systems of innocent third parties."
The CCIA's members, which include Microsoft, Google, Yahoo and Facebook, are rather vocal about government overreach and have all made individual efforts to make their opposition clear.
The overseeing trade group, which speaks for them all, said that, while legislation may sort out some problems, it is not the CISA as it is currently written.
"It is important to note that, while appropriately constructed cybersecurity information sharing legislation can provide a more efficient regime for the voluntary sharing of appropriately limited information between the private sector and government, it is not the only means through which information sharing can occur," the group said.
"Current legal authorities permit companies to share cyber threat indicators with the government where necessary to protect their rights and the rights of their users, and should not be discounted as useful existing mechanisms."
The CCIA said that there is a need for a system through which emerging threat data is efficiently shared, but that the need to preserve privacy is more important. As such, it will not back the CISA as it stands.
"Still, the CCIA recognises the goal of seeking to develop a more robust system through which the government and private sector can readily share data about emerging threats," the association explained.
"But such a system should not come at the expense of users' privacy, need not be used for purposes unrelated to cyber security, and must not enable activities that might actively destabilise the infrastructure the bill aims to protect.
"The CCIA looks forward to working with Congress to improve CISA and other related cyber security information sharing bills, with the hope that a limited and efficient voluntary information sharing regime, with robust privacy protections and use restrictions, will result." µ
Another of Roscomnadzor's mega-fines is in the offing
Shift will enable 'more flexible handset design', reports WSJ
Because with the good, comes the bad
Three models get papped ahead of launch