SalesForce Says It Doesn't Support CISA After Signing Letter That Suggested It Did

from the welcome-to-politics dept

One of the issues with various "cybersecurity information sharing" bills like CISPA from last year and CISA from this year, is that some tech companies have been (quietly) supportive of these bills. The whole focus of these bills is to encourage "cybersecurity information sharing" between private companies and the government. And, in theory, that may sound like a good thing. In reality, all the bills really do is focus on protecting companies from liability should they share private information they shouldn't have shared. And, of course, there's the fact that people who understand these things recognize that there's a hidden meaning behind CISA, in that it's really designed to give the NSA more "signatures" to use in its surveillance dragnet.

But, of course, for many companies, the bill just looks like a "get out of court free" bill -- because the entire focus is on protecting those companies from liability. Some companies take a more long-term, customer- or public-centric view of things and recognize all this, and have not supported CISA. Others, however, have been more supportive. A few weeks ago, the BSA -- which is really the Business Software Alliance, but refers to itself as The Software Alliance -- sent a letter to Congress outlining some of the issues that its members were supporting. This included a bunch of reasonable and good things, like much needed ECPA reform. However, it also included this:
Cyber Threat Information Sharing Legislation will promote cybersecurity and protect sensitive information by enabling private actors in possession of information about vulnerability and intrusions to more easily share that information voluntarily with others under threat, thus enabling the development of better solutions faster.
Now, it's notable that this line does not directly endorse CISA. And it's pretty clear that's on purpose. Of the bullet points in the letter three of the other four all name specific bills that the letter is supporting. Leaving out specific support of CISA is an interesting choice and at least indicates some hesitancy among some of the companies signing onto the letter to actually support CISA in its current form.

Of course, the problem is that, right now, there are no real alternatives being offered, and politicians who support CISA can and will point to this letter to argue that "the tech industry supports CISA." And, with that in hand, the good folks at Fight for the Future kicked off a campaign called, calling on the companies who signed the letter -- including Apple, Microsoft, Adobe, Symantec,, Oracle and more to renounce the letter itself.

It appears that they've claimed their first scalp, as has issued a press release saying they do not support CISA and have never supported CISA. The quote is from the company's chief legal officer, Burke Norton, who is the same representative who signed the letter:
“At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers' data,” said Burke Norton, chief legal officer, Salesforce. “Contrary to reports, Salesforce does not support CISA and has never supported CISA.”
And here he is on the letter:
Again, it's absolutely true that the letter did not directly support CISA. And it could have. As mentioned, most of the other bulletpoints list out bills by name and/or number. But the one on cybersecurity did not. Of course, one might argue that the BSA did this on purpose, knowing that if it cited CISA by name, all hell would rain down on them from the public.

Either way, perhaps this should act as a clear warning to tech companies that do want to support CISA. The public isn't going to like it very much. Similarly, this should provide further notice to companies in signing these kinds of letters that they should understand what it appears they're supporting as well.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cisa, cybersecurity, information sharing, liability
Companies: bsa, microsoft, oracle, salesforce

Reader Comments

Subscribe: RSS

View by: Time | Thread

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.