Tech Giants Oppose US Threat Intel Sharing Bill

Apple and Dropbox have joined a long list of big name tech companies opposed to a new cyber security information sharing bill passing through Congress.

The Senate is expected to vote on the Cybersecurity Information Sharing Act (CISA) in just days.

It would give private companies legal cover if they wanted to send threat information on their customers to the Department of Homeland Security, which would be required to share that with other relevant government agencies.

Supporters say the threat sharing would be completely voluntary and that sensitive information would in most cases be anonymized.

However, persistent privacy concerns seem to be the main reason why so many tech companies have come out against it.

"The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy," Apple said in a statement sent to the Washington Post.

Dropbox expressed similar sentiments, arguing that while it’s important to share information between private and public sectors, “that type of collaboration should not come at the expense of users’ privacy."

The two join a list of big names including Google, Facebook, Amazon and Microsoft in opposition to CISA.

They sent an open letter via industry body the Computer and Communications Industry Association raising the same privacy concerns.

"In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties," it added.

Twitter has also expressed its opposition to the bill.

Although the president is for the bill as it stands, the Department for Homeland Security is surprisingly not.

It argued back in July that the proposed law “could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers.”

CISA is a slightly tweaked version of the much-hated CISPA which was ultimately kicked into the political long grass in 2013.

What’s hot on Infosecurity Magazine?