Tech Industry In Search of Leadership At White House Cyber Summit 44
chicksdaddy writes: President Obama travels to Stanford University on Friday to join Apple CEO Tim Cook in talking about the need for more private-public sector cooperation to fight cyber crime. But technology industry executives attending the White House Summit on Cybersecurity and Consumer Protection complain that a major obstacle to cooperation is a lack of legislative action that clarify the rules of the road for private firms when it comes to sharing information about customers with the government and each other.
The controversy over government surveillance has put the ball in the government's court, said Michael Brown, RSA's Global Public Sector Vice President. "They need to articulate what amount of access to private information is 'appropriate and legal' for law enforcement and the government," Brown said. "It's not just about 'when, where, and how.' They also need to clearly articulate 'why' – for example: this is a matter of public safety and this is the only way we can get this information."
Also on the to-do list, say executives: a re-writing of the 80s-era Computer Fraud and Abuse Act and a federal data breach notification law that creates a consistent, national standard. Currently, 48 states have passed such laws, creating a compliance mess for private firms that discover they have leaked customer data.
The controversy over government surveillance has put the ball in the government's court, said Michael Brown, RSA's Global Public Sector Vice President. "They need to articulate what amount of access to private information is 'appropriate and legal' for law enforcement and the government," Brown said. "It's not just about 'when, where, and how.' They also need to clearly articulate 'why' – for example: this is a matter of public safety and this is the only way we can get this information."
Also on the to-do list, say executives: a re-writing of the 80s-era Computer Fraud and Abuse Act and a federal data breach notification law that creates a consistent, national standard. Currently, 48 states have passed such laws, creating a compliance mess for private firms that discover they have leaked customer data.
Sharing PII between government and businesses (Score:4, Insightful)
Saw this in the news earlier.
So, Obama wants software companies to cooperate with the Feds more to help deal with cyber-security issues...
So, anyone else see this as government-mandated backdoors in everything?
Re: (Score:2)
I remember the fiasco in the 90's when news got out about Clipper chip back doors... ...just figured that they got quieter about it since then
http://en.wikipedia.org/wiki/C... [wikipedia.org]
This really seems to be an effort to codify the smooth transition from click-accepted marketing intrusion to unexpected government 'oversight'
Heck, they could throw a line into the click-through license that allows it and chances are nobody would notice
Re: (Score:2)
I remember the fiasco in the 90's when news got out about Clipper chip back doors...
The same thing will happen this time, for the same reasons. It would kill foreign sales for American tech companies, which are the majority of their sales. It would put millions of people out of work, and cause hundreds of billions of damage to the American economy. There would be a firestorm of protest, not just from citizens (whose protests can be ignored) but from corporations, which neither party can afford to alienate.
Re: (Score:2)
If I remember correctly, the Clipper chip fiasco resulted in the dissemination of tools like PGP, which the US government classified as munitions (in order to limit their export) until industry convinced them that it was hurting business at which point they were allowed to market them
The US government is prone to keeping industry alive and, to my knowledge, has not caused the dramatic outfall that you seem to predict
Re: (Score:2)
Once it was made known that the bad guys had real encryption, and banks were stuck with 56 bit DES (which was likely breakable by the well-heeled nations in the 1990s), ITAR eventually was killed.
The Clipper chip did teach some lessons though:
1: What happens if the bad guys can just do something like zero out the LEAF?
2: What happens if the algorithm, Skipjack, got broken? Well, since the Clipper chip was the only thing encrypting, by law, everyone using it would be severely hosed for months to years as
Re: (Score:2)
Those same companies have been the primary source of the global glories that we get to endure? They're like a glass of milk, forgotten on the counter; when its pourer when on a month long vacation.
Re:Sharing PII between government and businesses (Score:4, Informative)
Fully agree. Where I last worked we lost tons of contracts and customers after the NSA revelations. Anyone in "Cloud" is currently having to build data centers over seas, specifically in the country requesting service. This is not cheap to coordinate or implement, so start ups and smaller companies without loads of capital are screwed currently.
Once again the "summit" lacks real technical expertise and view. CEOs are looking for how to gain from the summit as much as (or more) than trying to fix what is broken and why we have had tremendous dumping of US products and services. The simple truth is that the Government does not need unfettered back door access to every damn piece of data, but will pay our tax dollars to companies that give them access. (Another aspect that screws everyone but the big players).
Re: (Score:2)
I don't see this as necessarily the case. The back door issue is actually more national security driven. They want to track "bad guys", and of course will end up tracking "potential bad guys", which could be anyone.
But there a lot of concerns here which fall within the purview of legitimate Federal law enforcement. Back when cars became common thieves used to hit banks and drive across state lines to hamper state and local law enforcement. And of course there was piracy -- the real kind with boats. Riv
Re: (Score:2)
Saw this in the news earlier.
So, Obama wants software companies to cooperate with the Feds more to help deal with cyber-security issues...
No. Did you read TFA? Any of them? Do you know what a challenge all of us, public and private sector alike, are up against when it comes to cyber security? Probably not, unless you work in the field and have to face not only the malignant threats, but the regulatory morass that is the current patchwork of laws and compliance rules. The message today was not about "backdoors". Not even close. So, since you have nothing but partisan bitching to contribute, kindly STFU.
Re: (Score:2)
Interesting, the inclusion of the quote from Michael Brown after the third linked article infers that it has some relationship to the subject of the quote (access to private information, which many people could take as a reference to backdoors), when the linked article is not inclusive of Brown's comments
Maybe chicksdaddy just trolled us all, or (at best) simply included the wrong link
Re: (Score:2)
Yes.
Yes.
I take it you seriously believe that something like backdoors would be the subject of public meetings? As opposed to something that is quietly written into laws/regulations AFTER the public meetings are done?
Yes, I know you think Obama is another Christ figure. That's your privilege. Bu
Re: (Score:2)
I see it as something far more dangerous than that. A corporate back door into government and you. It's a partnership and Uncle Tom Obama the Choom Gang coward is reading off a corporate controlled teleprompter. So direct corporate involvement in cyber security operations against the poor and middle class to keep them down and under control.
Just use the Slashdot meta-mind (Score:2)
Post the current cybersecurity issues faced by the White House to Slashdot and get all your answers for free
You're welcome
Re: (Score:3)
Post the current cybersecurity issues faced by the White House
Okay, how about WhiteHouse.gov screws up SSL certificate on same day as Obama cybersecurity summit [theverge.com].
Re: (Score:2)
Funny, unless it is a brilliant ploy to get people to think about security... kinda like Slashdot going down for 8 hours on Google Security Day due to, ahem, their storage solution software going kaput :/
A new tech leader? (Score:5, Insightful)
Let's do the right thing here - grant him clemency and welcome him home.
Re: (Score:3)
I would kind of agree with you, but there's also a part of me that thinks he'd get shot the second he found himself in a public area in the US.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
One is a hero; the other a weinerhead.
Re: A new tech leader? (Score:1)
He created AOL???
How about improving computer security ... (Score:3)
Comment removed (Score:5, Funny)
Re: (Score:2)
Don't forget the stampede as Congress runs down to K street to find out what their opinion on the matter is
Re: (Score:2)
Re: (Score:2)
You forgot
Ruth Bader Ginsburg: Is that the 1947 Rothschild? Be a nice boy and top me off here Tony.
Umm No! (Score:5, Insightful)
"They need to articulate what amount of access to private information is 'appropriate and legal' for law enforcement and the government,"
No I think we the people need to do that. We should get out in front of government by designing systems that keep private information private. The best way to ensure rights like privacy survive is to create a public expectation of it.
Right now the public expects government can just backdoor anything it wants, and THAT IS THE PROBLEM.
Re: (Score:2)
Right now the public expects that service providers can gather all the information about their browsing because they are willing to click-accept on any license that they are presented with, and THAT IS THE PROBLEM
FTFY
Re: (Score:2)
Right now the public expects government can just backdoor anything it wants, and THAT IS THE PROBLEM.
I dont' dispute that that's the public's sheep-like expectation, but that is not what today's meeting was about, at all. At least get that part right, m'kay?
Re: (Score:2)
It looks like the submitter played it fast and loose with their summary
Neither of the two links to the cybersecurity summit mention sharing customer data, but the submitter chicksdaddy makes it look like their third link contains comments from RSA security guru Michael Brown (regarding sharing customer data between companies and government), when it fact the linked article contains no reference to Brown
Looks like we all got trolled by the submitter, mahvelous
Why do the laws need to be so different? (Score:2)
Re: (Score:2)
It seems like we (government) make it more complicated than it needs to be.
Who is this "we"? Are you a fortune 500 company?
Re: (Score:2)
Tech Industry in search of leadership? (Score:2)