clock menu more-arrow no yes

Obama Focuses on Cyber Security, but NSA Remains an Issue

It may be hard for the White House to convince companies to share data on cyber threats.

Vjeran Pavic

President Obama called for companies to voluntarily share more cyber attack information with federal agencies during a first-ever White House summit on cyber security issues, signing an executive action to help pave the way for such sharing.

“Cyber threats are a challenge to our national security,” Obama said Friday before a packed auditorium of students, corporate security execs, government officials and privacy advocates at Stanford University. “Much of our critical infrastructure, our financial systems, our power grid, are connected” to the Internet, which creates “new points of vulnerability we didn’t have before.”

The president’s action may be more symbolic than anything else, but it does signal an effort by the White House to shine more of a spotlight on cyber security issues in hopes of convincing Congress to finally enact various legislative proposals, including information sharing, data breach notification standards and better privacy protections for consumers.

CEOs from American Express, MasterCard, Bank of America, Box and PayPal are among the speakers at the day-long summit about how government and business can work more collaboratively to thwart hackers and protect consumers’ privacy.

“Government can’t do this alone. The private sector can’t do it alone either,” the president said. “There’s only one way to protect America from these cyber threats, which is government and industry working together, sharing appropriate information.”

Obama announced plans for the summit earlier this month after White House officials became alarmed at the challenges of gathering data about North Korea’s alleged attack on Sony, which resulted in the release of embarrassing emails and damage to the movie studio’s systems.

Discussion of the U.S. intelligence community’s mass data collection program was noticeably absent from the agenda, but the ongoing controversy about the practice may be the elephant in the room.

Relations between Silicon Valley and the White House have become strained since Edward Snowden exposed the NSA’s mass surveillance program. Campaign contributions from the tech industry have nonetheless continued to flow into Democratic coffers — and well-connected tech executives continue to score key spots in the Obama administration.

CEOs from some of the companies that have unsuccessfully pressed Washington to curb the NSA’s data collection efforts — Google, Facebook, Microsoft and Yahoo — declined invitations to the White House event. Representatives for the companies told Re/code they sent their senior security experts.

For Silicon Valley, the White House’s efforts to share cyber security data with government agencies is incredibly problematic. Tech and media companies are already under pressure from customers who are worried their data is being given to the NSA. Google and Apple efforts to push back — by introducing new data encryption in their latest mobile operating systems that would prevent government agencies from collecting customer information — have been criticized by Justice Department officials.

“A lot of the companies after the Snowden revelations made commitments to their customers that they wouldn’t give their customers’ info to the NSA,” said Robyn Green, a cyber security expert at the New America Foundation’s Open Technology Institute.

“At the end of the day, the information-sharing proposals authorize either direct or functional information sharing with the NSA,” she said. “That violates the promises that those companies made with their customers. There’s a huge economic incentive to passing bulk surveillance reform right now.”

Obama announced last year that he supports legislative efforts to curb the NSA’s mass data collection program and direct phone companies to take over collection of phone metadata from the NSA. But little has been done since then. Lawmakers were unable to agree on legislation last year although some key lawyers are hoping to push through similar legislation soon.

Practically speaking, there’s actually very little the Obama administration can itself do to require companies to either share information or better protect Americans’ privacy. That mostly requires congressional action, and lawmakers on Capitol Hill have been unable to reach consensus on how to handle any of these issues — privacy, data security, data sharing — despite multiple efforts over the past few years.

Congress hasn’t paid much attention so far to many of Obama’s recent cyber security and privacy proposals. His latest cyber security plan — legislation that would provide liability protection for companies that voluntarily share cyber attack data with government agencies — landed with a thud on Capitol Hill Wednesday. A lone senator, Democrat Tom Carper of Delaware, introduced a slightly modified version of the White House’s legislation, but it attracted no co-sponsors.

Earlier in the week, the president announced formation of a new $35 million cyber-attack command center, the Cyber Threat Intelligence Integration Center, which is supposed to gather and share information between intelligence and law enforcement agencies.

The new intelligence office was met with mixed reviews, even from advocates of stronger cyber security regulations.

“We need an agency, a person in charge. Instead, we get a coordinator again,” said Fred Cate, an Indiana University law professor and former director of the school’s Center for Applied Cybersecurity Research. “I’m not a pessimist. But we are doing a lot of deck chair rearranging while the ship sinks beneath us.”

This article originally appeared on Recode.net.

Sign up for the newsletter Sign up for The Weeds

Get our essential policy newsletter delivered Fridays.