Facebook Accused of Secretly Backing Controversial Cybersecurity Bill

Facebook stands out among tech companies for not having condemned the controversial Cybersecurity Information Sharing Act.
Facebook Accused of Secretly Backing Controversial Cybersecurity Bill
Jonathan Zhou
10/26/2015
Updated:
10/26/2015

Facebook has been accused of lending covert political support to a controversial cybersecurity bill that digital rights activists argue would further empower state surveillance.

The online group Fight for the Future accused the social media network of secretly supporting the Cybersecurity Information Sharing Act (CISA), crediting several unnamed sources on Capitol Hill. The group also pointed out that Facebook’s chief lobbyist in the Senate, Myriah Jordan, was general counsel for Sen. Richard Burr, who sponsored CISA, until 2011.

“Multiple sources on the hill have reported that Facebook is THE tech company lobbying in favor of CISA, several offices have heard from Facebook that they support CISA,” Jeff Lyon, CTO of Fight for the Future, wrote in a Reddit post. Lyon added that they were not at liberty to disclose the names of their sources.

The charge received a boost from NSA whistleblower Edward Snowden, who shared the post with his 1.5 million plus Twitter followers on Sunday.

The Senate voted 83–14 to end debates on the amendments for CISA last Thursday, and is scheduled for a final vote on Tuesday, Oct. 27, where it is expected to pass. The House has already passed the bill, and the White House gave tacit approval of the legislation in a statement from August.

As CISA approached the finishing line, a number of technology companies came out against the bill, and activists groups redoubled their efforts to lobby against the bill, which they argue would vastly expand the power of the NSA and other federal agencies to conduct surveillance.

“Congress is trying to pass a ‘cybersecurity’ bill that threatens your privacy. Join us & others to oppose:

In a statement given to Forbes, Facebook denies that it lobbied in support of CISA, but also refused to take sides on the issue. Facebook’s neutrality has been seized on as evidence of the company’s support for the bill.

“Unlike all the other big tech companies that have come out against CISA, Facebook is still silent,” Lyons wrote.

Facebook, however, is a member of the Computer and Communications Industry Association, which states that while it supports “a more robust system through which the government and private sector can readily share data about emerging threats,” it is “unable to support CISA as it is currently written.” 

CISA is described by its bipartisan supporters as legislation that will further enhance cybersecurity by encouraging the exchange of information between government agencies and private companies.

“We know how important improving cybersecurity is for the national security of our country and the financial security of the economy. Even though this bill is not our perfect bill, we’re going to cooperate with Republican colleagues,” Sen. Harry Reid said, supporting the bill on Oct. 21.

Critics, however, argue the law goes too far, and would grant companies immunity to break their own privacy policies when sharing data with the government.

“The bill’s broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise,” the Electronic Frontier Foundation said in a statement last week. The EFF, a 25-year-old nonprofit defending civil liberties in the digital world, argues that the bill would allow companies to share private data with the Department of Homeland Security without getting a warrant first, and that the agency would be compelled to share that data with the NSA and other federal agencies “in real time.”

Private companies are incentivized by CISA to share data with federal agencies because of the selective legal immunity the action would offer, some critics of CISA argue.

“If a company voluntarily shares a cyber indicator with the government, the government cannot use that data to initiate any regulatory action against the company,” notes national security journalist Marcy Wheeler in a blog post. “In the future, then, any Wyndham Hotels or Chrysler that have long ignored known vulnerabilities will be able to avoid [Federal Trade Commission] lawsuits or [National Highway Traffic Safety Administration] recalls simply by telling the government about the vulnerability—and continuing to do nothing to protect customers.”