On Monday, President Obama, in a speech, announced new legislative proposals aimed at ensuring digital privacy for American consumers. Mere minutes after this cybersecurity speech at the Federal Trade Commission, hackers aligning themselves with terrorist group ISIL broke into the Twitter and YouTube accounts of U.S. Central Command.
The hackers, calling themselves CyberCaliphate, posted several pro-ISIL propaganda photos and videos. They also posted what originally appeared to be classified Pentagon intelligence reports, but which many experts later debunked as unclassified material.
The group also posted spreadsheets containing the names, phone numbers, and email addresses of several high-ranking Pentagon officials.
While many were anxious to hear the president’s response to the cyberattack in Tuesday’s speech, Obama still plans to push legislative proposals he believes are crucially necessary “in this interconnected, digital world.”
Tuesday’s Address
“Today, at a time when public and private networks are facing an unprecedented threat from rogue hackers as well as organized crime and even state actors, the President is unveiling his next steps,” reads the White House press release.
The proposals seek to provide law enforcement with stronger tools to combat cybercrime, and to give courts the authority to prosecute certain computer crimes as if they were non-cyber crimes.
As mentioned during Monday’s speech, the president also hopes to push for a national standard regulating how soon companies should alert customers and employees to a data breach.
Continuing with Monday’s proposal to protect students from manipulative data collection, President Obama also announced an increase in grants to Historically Black Colleges and Universities, providing over $25 million over the next five years to support cybersecurity education.
But the key focus of Tuesday’s address related to the president’s plans to enhance collaboration between the government and the private sector. The proposal “encourages the private sector to share appropriate cyber threat information” with the Department of Homeland Security.
The legislation also urges the creation of Information Sharing and Analysis Organization (ISAOs), bodies led by the private sector which would share “cyber threat information” with federal agencies.
CISPA and Information Sharing
To many privacy advocates, enhancing cooperation between the public and private sector sounds too similar to the controversial Cyber Intelligence Sharing and Protection Act (CISPA).
Recently reintroduced to Congress by Democratic Maryland Representative Dutch Ruppersberger, the bill would make it easier for federal agencies like the NSA to gather user data from tech and telecommunications companies.
CISPA would effectively give federal agencies warrantless access to private data, and many privacy advocates say this mirrors Obama’s proposals for information-sharing legislation.
“The Sony hacks demonstrate a failure of corporate digital security, and not a need for greater government information-sharing,” said Amie Stepanovich, senior policy counsel with Access, a digital rights group. “The administration’s attempt to use Sony to justify increased transfer of information to the government is difficult to understand.”
Of particular concern is a section of the new proposals which would require the Department of Homeland Security to share information “in as near real time as possible,” a protocol sure to lead to unintended privacy violations.
“Instead of proposing unnecessary computer security information sharing bills, we should tackle the low-hanging fruit,” said Mark Jaycox, analyst with the Electronic Frontier Foundation. “This includes strengthening the current information sharing hubs and encouraging companies to use them immediately after discovering a threat.”