Obama proposes new cybersecurity laws, seeks more information from private firms

14 Jan 2015

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

US President Barack Obama

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

In the wake of the cyberattack on Sony Pictures Entertainment, US President Barack Obama is looking to increase the flow of information from private companies to the US government.

Obama, worried about how little information the US state and its agencies have so far garnered from its – and the world’s – citizens and businesses, now wants a greater collaboration with private companies when it comes to cyberattacks.

“Our first order of business is making sure that we do everything to harden sites and prevent those kinds of attacks from taking place,” said Obama.

Specifically, his proposal encourages the private sector to share information about cyber threats with the Department of Homeland Security’s National Cybersecurity and Communications Integration Centre. In return, the state will develop a real-time report on all threats, and offer immunity to those who share their information.

The proposal will also look to “modernise” law enforcement authorities to combat cybercrime, as well as beef up the original plans on national data breach reporting.

Electronics Frontier Foundation responds to proposed legislation

The Electronics Frontier Foundation is less than impressed by what it calls the recycling of “old ideas”.

“Instead of proposing unnecessary computer security information sharing bills, we should tackle the low-hanging fruit,” the foundation said in a statement. “This includes strengthening the current information sharing hubs and encouraging companies to use them immediately after discovering a threat.”

Interestingly, the proposal made by Obama is not a million miles away from an alleged agreement between internet search giant Google and the US National Security Agency (NSA) from a few years back.

According to a piece in The Salon, which itself was an excerpt from @WAR: The Rise of the Military-Internet Complex by Shane Harris, Google’s discovery of Chinese cyberattacks – which led to the web giant leaving the country – resulted in a similar scenario.

It reports that the NSA, in return for receiving information on the cyberattack and developing some software to monitor future threats, through Google, would help the search engine by handing over its own information on global hack threats.

“According to officials who were privy to the details of Google’s arrangements with the NSA,” reads the piece, “the company agreed to provide information about traffic on its networks in exchange for intelligence from the NSA about what it knew of foreign hackers. It was a quid pro quo, information for information.”

Who knows what to believe?

This all makes Obama’s endeavours rather confusing, given that various laws introduced in the last 15 years sees countless ways for US state departments to grab anything and everything they want from US companies and citizens.

There’s Safe Harbor, drawn up between the EU and the US in 2000 to allow the interchange of data despite differences in data protection laws. There’s PRISM, the tactic highlighted by whistleblower Edward Snowden, which is even stronger. There’s FISA 702, the Patriot Act and even Executive Order 12333, other legislative ways to garner whatever is ‘needed’ to protect whatever needs protecting.

For example, FISA 702 allows the US government to install surveillance apparatus inside the data centres of US companies. Can’t get any closer to the information flows of US corporations than that, can you?

Interestingly, privacy campaigner Caspar Bowden has recently been interviewed by Computing.co.uk, where he spoke of the current Safe Harbor dispute between the US government and Microsoft in Dublin.

The dispute centres around Microsoft’s reluctance to disclose emails stored on the Irish server and the whole scenario, claimed Bowden, is a smokescreen.

“Even if Microsoft wins that case, and I hope they don’t because that’ll just shore up the whole rotten system, it will make no difference to surveillance by the NSA under FISA 702 or Executive Order 12333,” said Bowden.

It all paints a rather bizarre picture, whereby countless laws are already in place in the US that reach much farther than its geographical jurisdiction, yet reports emerge of tussles between public and private that may all be, in fact, imaginary.

US President Barack Obama image via Shutterstock

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com