Microsoft added that it wants to "ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy." That's a noticeable change — albeit not a complete reversal — from Microsoft's position when CISPA was introduced in November 2011. To be sure, Microsoft's initial reaction to CISPA came before many of the privacy concerns had been raised. An anti-CISPA coalition letter (PDF) wasn't sent out until April 16, and a petition that garnered nearly 800,000 signatures wasn't set up until April 5.
What makes CISPA so controversial is a section saying that, "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, the NSA, or other agencies. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more.