President Barack Obama is set to sign an executive order aimed at encouraging companies to share more information about cyber-security threats with the government and each other, which is partly in response to cyber-attacks such as the one on Sony Entertainment last November.
The order will encourage companies to create “information sharing and analysis organizations” (ISAOs) or hubs to share cyber-threat data with each other as well as federal agencies such as the Department of Homeland Security. Companies would share the information, which could include the personal data of their clients, voluntarily.
“We believe that by clearly defining what makes for a good ISAO, it will make tying liability protection to private sector organizations easier and more accessible to the public and to privacy and civil liberties advocates,” says Michael Daniel, Obama’s cyber coordinator, in a conference call with reporters this week.
The proposed order does seem to face an uphill battle of sorts. Indeed, big Silicon Valley companies are hesitant to fully support more mandated cyber-security information sharing without reforms to government surveillance practices exposed by former National Security Agency contractor Edward Snowden.
Perhaps the most interesting sign of tensions is that there was a White House summit on cyber-security and consumer protection at Stanford today. However, in what is widely believed to be a reflection of growing tension, Facebook Chairman and Chief Executive Officer Mark Zuckerberg, Yahoo CEO Marissa Mayer, and Google’s Larry Page and Eric Schmidt all declined invitations to attend the conference. They sent their top information security executives to the summit instead.
That’s not to imply there wasn’t outright tension at the summit. Apple chief executive Tim Cook delivered what the Wall Street Journal Digital termed a "fiery" speech, aimed at those he said compromise the right to privacy and security of people around the world. The speech sent what WSJ.D calls “a jolt” through the summit, which up until Cook’s speech, had consisted of pledges from government officials and business executives to work more closely together to stop breaches.
Cook didn’t mention the U.S. government or any federal agency by name, but his critique of unspecified parties that don’t do enough to protect privacy is thought by industry observers to reflect the anger many technology executives share about the U.S. government’s data collection practices and spying, WSD.J reports.
“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money,” Cook said. “We risk our way of life.”
Cook went on to say that the industry must get this right, and that history has shown that sacrificing our right to privacy can have dire consequences, WSJ.D reports. We still live in a world where all people are not treated equally. Too many people don’t feel free to practice their religion, or express their opinion, or love who they choose, Cook said.
Many people, he said, live “in a world in which that information can make the difference between life and death,” Cook said.
On the other hand, Cook also did pledge to work more closely with the White House and Congress to improve data security, though he stopped short of saying what that cooperation might entail.
What are your thoughts on cyber-security and personal privacy? Are big Silicon Valley companies right to be hesitant to fully support more mandated cyber-security information sharing—particularly with the government? On the other hand, would it be beneficial if the U.S. government were to dedicate increasing resources to battling cyber-threats directed at private industry?