Editor’s note: This story has been updated to include additional information from BSA|The Software Alliance.
Cloud computing giant Salesforce has apparently had a change of heart on CISA, the controversial cybersecurity information-sharing bill making its way through Congress.
Just last week, the company joined other tech giants and BSA|The Software Alliance in a letter to Congress, urging “prompt House and Senate action” on “cyberthreat information sharing legislation.” The letter doesn’t explicitly mention S. 754, the Cybersecurity Information Sharing Act of 2015, known as CISA, which the Senate is expected to take up this fall, or any other specific piece of cyber legislation. But privacy advocates nonetheless saw it as an endorsement of the bill, and the nonprofit Fight for the Future led a campaign against the letter’s signatories, including Salesforce.
Taking to Twitter, Salesforce CEO Marc Benioff said he now regretted that his company signed the letter.
“The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it,” he tweeted Friday. He also tweeted, “Contrary to reports Salesforce doesn’t support the Cybersecurity Information Sharing Act of 2015 (CISA.)”
The company reiterated Benioff’s comments in a statement released Friday: “At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers’ data,” said Burke Norton, chief legal officer for Salesforce. “Contrary to reports, Salesforce does not support CISA and has never supported CISA.”
The move comes after Fight for the Future’s YouBetrayedUs.org called for a boycott of Salesforce’s Heroku platform. Fight for the Future said people used its site to send out more than 23,000 emails to the companies that signed the letter.
“We’re pleased that Salesforce has issued this correction, ending their support for CISA,” said Fight for the Future co-founder Holmes Wilson in a release. “We think this sends a clear message to every other tech company, that their customers care deeply about the political stances they take on legislation that harms privacy, and that CISA’s provisions for unchecked corporate / government data sharing are completely unacceptable to Internet users.”
BSA|The Software Alliance also appears to be backpedaling on the letter, posting a notice on their website saying, “BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress.” It added that it “does not support any of the three current bills pending before Congress.”
Lawmakers have been eager to bolster the country’s cyber defenses in the wake of the recent breaches to the Office of Personnel Management’s systems that exposed the data of more than 22 million people. And last year, Sony Pictures Entertainment was targeted in a cyberattack that U.S. officials have blamed on North Korea.
CISA, drafted by the Senate Intelligence Committee, would indemnify businesses that shared cyberthreat information with the government and with each other, but privacy and civil liberties groups are concerned it will become a license for companies to turn data over to the NSA. The Senate delayed a vote on the bill before the August recess. Now, the legislation must compete with a full docket of issues in that chamber, including the impending government shutdown and the Iran nuclear deal. The House has already passed two companion bills, which lawmakers would have to reconcile with the Senate version, if it ever clears the floor.