Microsoft used to be a strong supporter of the Cyber Intelligence Sharing and Protection Act (CISPA), but something happened over the last few days and the company told CNET that the bill needed to strike a better balance between user privacy and protecting against cyber threats (thanks PHX-CORP).
The bill was approved by the U.S. House of Representatives by a 248 to 168 margin on Thursday and now heads to the Senate - either to be voted on or reconciled with a different bill that they might decide to take up instead. After that process it awaits either a signature or a veto from the president - with the administration promising the latter...
When asked directly by CNET, Microsoft, which had been a stronger supporter of the bill since November of last year, told the publication that any law meant to deal with internet security threats must allow "us to honor the privacy and security promises we make to our customers." Microsoft added that it wants to "ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy."
According to CNET, Microsoft vice president for government affairs Fred Humphries said he wanted to "commend" CISPA's sponsors and "Microsoft applauds their leadership." adding, "This bill is an important first step towards addressing significant problems in cyber security."
Naturally this unfettered praise was before any privacy concerns were raised.
CNET speculates that Microsoft seems to favor a Senate bill introduced in February called the Cybersecurity Act. At a Senate hearing in February, Microsoft vice president Scott Charney During that hearing he said that the Senate bill provides "an appropriate framework to improve the security of government and critical infrastructure systems," one which will be "flexible enough to permit future improvements to security" over time."
The EFF responded to the news about Microsoft's slight shift in position:
"We're excited to hear that Microsoft has acknowledged the serious privacy faults in CISPA," said Dan Auerbach, EFF staff technologist. "We hope that other companies will realize this is bad for users and also bad for companies who may be coerced into sharing information with the government."
The full statement from Microsoft to CNET can be found here.