i9ac66bd4f911170509d8b35d34cc2cca microsoft cispa cyber security n Microsoft Backs Away from CISPA Support Due to Privacy Concerns

Microsoft is backing away from its support of the controversial bill after serious concerns about the privacy of Internet users have come to light.

Microsoft, one of the earliest supporters of the controversial Cyber Intelligence Sharing and Protection Act (better known as CISPA), is now changing course, withdrawing much of its support of the bill. Microsoft voiced its support of the bill in November of 2011, months before most of the privacy concerns in the legislation were brought to light. It wasn’t until April 5th that a major petition was started online, garnering more than 800,000 signatures, and it wasn’t until April 16th that an anti-CISPA coalition released an open letter condemning the legislation.

While not wholeheartedly supporting CISPA (Fred Humphries, the top lobbyist for the software giant in Washington, would “commend” the legislators for taking the “first step in addressing [the] problems in cyber security.”), Microsoft is now saying that “any proposed legislation” should allow them to cooperate with law enforcement while “[allowing] us to honor the privacy and security promises we make to our customers.”

The issue arises from a specific phrase in the legislation, which says that “notwithstanding any other provisions of law,” companies may share information with any government agency that requests it, be that the IRS, the NSA, the Department of Homeland Security, or any other. That phrase, “notwithstanding,” is the root of the problem. The drafters of the legislation put that phrase in there specifically to allow CISPA to override any privacy laws currently in effect. Rep. Jared Polis from Colorado, a Democrat and one-time Web entrepreneur, argued on the House floor that CISPA would throw out “every single privacy law ever enacted in the name of cyber security.”

Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, an organization focused on privacy and other concerns in the modern, computer-driven world, welcomed Microsoft’s new statement. “We're excited to hear that Microsoft has acknowledged the serious privacy faults in CISPA,” he said. “We hope that other companies will realize this is bad for users and also bad for companies who may be coerced into sharing information with the government.”

Microsoft released the following statement to CNET:

Microsoft has previously stated support for efforts to improve cyber security, and sharing threat information is an important component of those efforts. Improvements to the way this information is shared would help companies better protect customers, and online services in the United States and around the world from criminal attack. Microsoft believes that any proposed legislation should facilitate the voluntary sharing of cyber threat information in a manner that allows us to honor the privacy and security promises we make to our customers.

Legislation passed by the House of Representatives yesterday is a first step in this legislative process. Since November, there has been active, constructive dialogue to identify and address concerns about the House bill, and several important changes were incorporated. We look forward to continuing to work with members of Congress, consumer groups, the civil liberties community and industry colleagues as the debate moves to the Senate to ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy.

CISPA was passed by the US House of Representatives by a vote of 248 to 168 on April 26th. President Obama has promised to veto the bill should it reach his desk.