Amid a rising tide of security threats both foreign and domestic, the White House recently convened a Summit on Cybersecurity and Consumer Protection aimed at increasing security cooperation between government and private industry. Since the widely publicized attack against Sony Pictures, issues of cybersecurity have become a hot topic for the current Administration, culminating in this meeting of the minds between government, industry, and the public. When announced in January, President Obama said the goal of the Summit was to “bring everybody together — industry, tech companies, law enforcement, consumer and privacy advocates, law professors who are specialists in the field, as well as students — to make sure that we work through these issues in a public, transparent fashion.”
While few would argue that increased cybersecurity is something the nation should have a dialog on, the Summit was not without critics. Some questioned the White House’s motives when pushing for greater transparency and exchange of information with private industry, and there was the ever-present concern over privacy and respect of civil liberties. The true impact of the Summit on Cybersecurity and Consumer Protection won’t be known for some time, but there’s no question that it has already raised some very interesting points.
Government Information Exchange
At the Summit, the President explained that security was not something that either party should be working on in isolation of the other, “Government cannot do this alone. But the fact is that the private sector can’t do it alone either because it’s government that often has the latest information on new threats.” To this end, the President revealed his Executive Order entitled “Promoting Private Sector Cybersecurity Information Sharing”, which laid out the ground rules information exchange in as near to real-time as possible.
The very mention of government exchanging data with private industry is a red flag for many privacy advocates, and for good reason. Collecting even cursory data about an individual’s Internet usage can divulge a treasure trove of personal information, and print an eerily accurate image of a person’s digital life.
For what it’s worth, the Executive Order does attempt to address these concerns from the start. A sentence early on in Section 1 of the Order explains that collection and transmission of the data must be done in the most secure way possible, and always done with privacy in mind:
“Such information sharing must be conducted in a manner that protects the privacy and civil liberties of individuals, that preserves business confidentiality, that safeguards the information being shared, and that protects the ability of the Government to detect, investigate, prevent, and respond to cyber threats to the public health and safety, national security, and economic security of the United States.”
But a keen eye will note the second half of the sentence, which notes that any methods used must not interfere with “the ability of the Government to detect, investigate, prevent, and respond to cyber threats”. In other words, while protecting civil liberties is important, the government still needs to be able to fully utilize the data however they see fit if it is deemed to be an issue of national security.
Getting the Cold Shoulder
Despite the President’s hope that the Summit would bring together all the major players in the technology world, it seemed many companies didn’t take the event quite as seriously as the White House would have liked. According to Bloomberg, Facebook CEO Mark Zuckerberg, Yahoo CEO Marissa Mayer, and Google’s Larry Page and Eric Schmidt all turned down invitations to attend; leaving a conspicuous gap in attendance at an event that was supposed to represent the tech industry as a whole.
Given the government’s track record, it should come as no surprise. Public opinion of the government in regards to civil liberties is at an all-time low, and tech companies are wary of being seen working closely with the government after the public backlash from the Edward Snowden leaks. While Google, Facebook, and Yahoo did send individuals from their respective security divisions to the Summit to take part in the discussions, the absence of their most forward-facing executives is a clear statement that the tech elite aren’t willing to publically work together with the government unless everyone is playing by the same rules.