SalesForce Says It Doesn't Support CISA After Signing Letter That Suggested It Did

from the welcome-to-politics dept

One of the issues with various “cybersecurity information sharing” bills like CISPA from last year and CISA from this year, is that some tech companies have been (quietly) supportive of these bills. The whole focus of these bills is to encourage “cybersecurity information sharing” between private companies and the government. And, in theory, that may sound like a good thing. In reality, all the bills really do is focus on protecting companies from liability should they share private information they shouldn’t have shared. And, of course, there’s the fact that people who understand these things recognize that there’s a hidden meaning behind CISA, in that it’s really designed to give the NSA more “signatures” to use in its surveillance dragnet.

But, of course, for many companies, the bill just looks like a “get out of court free” bill — because the entire focus is on protecting those companies from liability. Some companies take a more long-term, customer- or public-centric view of things and recognize all this, and have not supported CISA. Others, however, have been more supportive. A few weeks ago, the BSA — which is really the Business Software Alliance, but refers to itself as The Software Alliance — sent a letter to Congress outlining some of the issues that its members were supporting. This included a bunch of reasonable and good things, like much needed ECPA reform. However, it also included this:

Cyber Threat Information Sharing Legislation will promote cybersecurity and protect sensitive information by enabling private actors in possession of information about vulnerability and intrusions to more easily share that information voluntarily with others under threat, thus enabling the development of better solutions faster.

Now, it’s notable that this line does not directly endorse CISA. And it’s pretty clear that’s on purpose. Of the bullet points in the letter three of the other four all name specific bills that the letter is supporting. Leaving out specific support of CISA is an interesting choice and at least indicates some hesitancy among some of the companies signing onto the letter to actually support CISA in its current form.

Of course, the problem is that, right now, there are no real alternatives being offered, and politicians who support CISA can and will point to this letter to argue that “the tech industry supports CISA.” And, with that in hand, the good folks at Fight for the Future kicked off a campaign called, calling on the companies who signed the letter — including Apple, Microsoft, Adobe, Symantec,, Oracle and more to renounce the letter itself.

It appears that they’ve claimed their first scalp, as has issued a press release saying they do not support CISA and have never supported CISA. The quote is from the company’s chief legal officer, Burke Norton, who is the same representative who signed the letter:

?At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers’ data,? said Burke Norton, chief legal officer, Salesforce. ?Contrary to reports, Salesforce does not support CISA and has never supported CISA.?

And here he is on the letter:

Again, it’s absolutely true that the letter did not directly support CISA. And it could have. As mentioned, most of the other bulletpoints list out bills by name and/or number. But the one on cybersecurity did not. Of course, one might argue that the BSA did this on purpose, knowing that if it cited CISA by name, all hell would rain down on them from the public.

Either way, perhaps this should act as a clear warning to tech companies that do want to support CISA. The public isn’t going to like it very much. Similarly, this should provide further notice to companies in signing these kinds of letters that they should understand what it appears they’re supporting as well.

Filed Under: , , ,
Companies: bsa, microsoft, oracle, salesforce

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “SalesForce Says It Doesn't Support CISA After Signing Letter That Suggested It Did”

Subscribe: RSS Leave a comment
1 Comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...