SalesForce Says It Doesn't Support CISA After Signing Letter That Suggested It Did

from the welcome-to-politics dept

Cyber Threat Information Sharing Legislation will promote cybersecurity and protect sensitive information by enabling private actors in possession of information about vulnerability and intrusions to more easily share that information voluntarily with others under threat, thus enabling the development of better solutions faster.

“At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers' data,” said Burke Norton, chief legal officer, Salesforce. “Contrary to reports, Salesforce does not support CISA and has never supported CISA.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

One of the issues with various "cybersecurity information sharing" bills like CISPA from last year and CISA from this year, is that some tech companies have been (quietly) supportive of these bills. The whole focus of these bills is to encourage "cybersecurity information sharing" between private companies and the government. And, in theory, that may sound like a good thing. In reality, all the bills really do is focus onshould they share private information they shouldn't have shared. And, of course, there's the fact that people who understand these things recognize that there's a hidden meaning behind CISA, in that it'sdesigned to give the NSA more "signatures" to use in its surveillance dragnet.But, of course, for many companies, the bill just looks like a "get out of court free" bill -- because the entire focus is on protecting those companies from liability. Some companies take a more long-term, customer- or public-centric view of things and recognize all this, and have not supported CISA. Others, however, have been more supportive. A few weeks ago, the BSA -- which is really the Business Software Alliance, but refers to itself as The Software Alliance -- sent a letter to Congress outlining some of the issues that its members were supporting. This included a bunch of reasonable and good things, like much needed ECPA reform . However, it also included this:Now, it's notable that this linedirectly endorse CISA. And it's pretty clear that's on purpose. Of the bullet points in the letter three of the other four all name specific bills that the letter is supporting. Leaving out specific support of CISA is an interesting choice and at least indicates some hesitancy among some of the companies signing onto the letter to actually support CISA in its current form.Of course, the problem is that, right now, there are no real alternatives being offered, and politicians who support CISA can and will point to this letter to argue that "the tech industry supports CISA." And, with that in hand, the good folks at Fight for the Future kicked off a campaign called YouBetrayedUs.org , calling on the companies who signed the letter -- including Apple, Microsoft, Adobe, Symantec, Salesforce.com, Oracle and more to renounce the letter itself.It appears that they've claimed their first scalp, as Salesforce.com has issued a press release saying they do not support CISA and have never supported CISA. The quote is from the company's chief legal officer, Burke Norton, who is the same representative who signed the letter:And here he is on the letter:Again, it's absolutely true that the letter did not directly support CISA. And it could have. As mentioned, most of the other bulletpoints list out bills by name and/or number. But the one on cybersecurity. Of course, one might argue that the BSA did this on purpose, knowing that if it cited CISA by name, all hell would rain down on them from the public.Either way, perhaps this should act as a clear warning to tech companies thatwant to support CISA. The public isn't going to like it very much. Similarly, this should provide further notice to companies in signing these kinds of letters that they should understand what it appears they're supporting as well.

Filed Under: cisa, cybersecurity, information sharing, liability

Companies: bsa, microsoft, oracle, salesforce