While the Computer and Communications Industry Association (CCIA) supports the goals of the Cybersecurity Information Sharing Act of 2015 (CISA, S. 754) it opposes the bill due to privacy concerns, the group said in a blog post Thursday.
CCIA noted CISA seeks to facilitate the timely sharing of cyber threat indicators between and among the private sector and the government, however “CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” Bijan Madhani, public policy and regulatory counsel at CCIA, wrote.
CCIA is an international nonprofit membership organization dedicated to innovation and enhancing society’s access to information and communications, the association said in its website description. “CCIA promotes open markets, open systems, open networks and full, fair and open competition in the computer, telecommunications and Internet industries.”
Madhani also noted the bill authorizes entities to use network defense measures that could cause collateral harm to the systems of innocent third parties.
CCIA affirmed appropriately constructed cybersecurity information sharing legislation can provide a more efficient system for voluntarily sharing limited information between the government and the private sector. However, the association said the legislative system is not the only means by which information sharing can occur.
“Current legal authorities permit companies to share cyber threat indicators with the government where necessary to protect their rights and the rights of their users, and should not be discounted as useful existing mechanisms,” Madhani said.
A system whereby the government and private sector can readily share data about emerging cyber threats can be good, but it should not come at the expense of users’ privacy and be used for non-cybersecvurity related purposes, Madhani said. It also should not allow activities that could destabilize the infrastructure the bill seeks to defend, CCIA said.
CCIA wants to work with Congress to improve CISA and other cybersecurity information sharing bills, “with the hope that a limited and efficient voluntary information sharing regime, with robust privacy protections and use restrictions, will result,” Madhani said.
CCIA was not one of the 55 civil society organizations and experts that wrote an April letter opposing CISA.