Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Industry In Search of Leadership At White House Cyber Summit

Posted by Soulskill on from the innovating-new-ways-to-share-your-data dept.

chicksdaddy writes: President Obama travels to Stanford University on Friday to join Apple CEO Tim Cook in talking about the need for more private-public sector cooperation to fight cyber crime. But technology industry executives attending the White House Summit on Cybersecurity and Consumer Protection complain that a major obstacle to cooperation is a lack of legislative action that clarify the rules of the road for private firms when it comes to sharing information about customers with the government and each other.

The controversy over government surveillance has put the ball in the government's court, said Michael Brown, RSA's Global Public Sector Vice President. "They need to articulate what amount of access to private information is 'appropriate and legal' for law enforcement and the government," Brown said. "It's not just about 'when, where, and how.' They also need to clearly articulate 'why' – for example: this is a matter of public safety and this is the only way we can get this information."

Also on the to-do list, say executives: a re-writing of the 80s-era Computer Fraud and Abuse Act and a federal data breach notification law that creates a consistent, national standard. Currently, 48 states have passed such laws, creating a compliance mess for private firms that discover they have leaked customer data.

44 comments

  1. Sharing PII between government and businesses by CrimsonAvenger · · Score: 3, Insightful

    Saw this in the news earlier.

    So, Obama wants software companies to cooperate with the Feds more to help deal with cyber-security issues...

    So, anyone else see this as government-mandated backdoors in everything?

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:Sharing PII between government and businesses by garyisabusyguy · · Score: 1

      I remember the fiasco in the 90's when news got out about Clipper chip back doors...
      http://en.wikipedia.org/wiki/C... ...just figured that they got quieter about it since then

      This really seems to be an effort to codify the smooth transition from click-accepted marketing intrusion to unexpected government 'oversight'
      Heck, they could throw a line into the click-through license that allows it and chances are nobody would notice

      --
      Wherever You Go, There You Are
    2. Re:Sharing PII between government and businesses by Anonymous Coward · · Score: 0

      Gotta luv those red state inbred cops. Alabama, Texas it's all the same...yeehawwww! http://www.al.com/news/index.s...

    3. Re:Sharing PII between government and businesses by ShanghaiBill · · Score: 1

      I remember the fiasco in the 90's when news got out about Clipper chip back doors...

      The same thing will happen this time, for the same reasons. It would kill foreign sales for American tech companies, which are the majority of their sales. It would put millions of people out of work, and cause hundreds of billions of damage to the American economy. There would be a firestorm of protest, not just from citizens (whose protests can be ignored) but from corporations, which neither party can afford to alienate.

    4. Re:Sharing PII between government and businesses by garyisabusyguy · · Score: 1

      If I remember correctly, the Clipper chip fiasco resulted in the dissemination of tools like PGP, which the US government classified as munitions (in order to limit their export) until industry convinced them that it was hurting business at which point they were allowed to market them

      The US government is prone to keeping industry alive and, to my knowledge, has not caused the dramatic outfall that you seem to predict

      --
      Wherever You Go, There You Are
    5. Re:Sharing PII between government and businesses by hey! · · Score: 1

      I don't see this as necessarily the case. The back door issue is actually more national security driven. They want to track "bad guys", and of course will end up tracking "potential bad guys", which could be anyone.

      But there a lot of concerns here which fall within the purview of legitimate Federal law enforcement. Back when cars became common thieves used to hit banks and drive across state lines to hamper state and local law enforcement. And of course there was piracy -- the real kind with boats. River piracy was common in the US until the mid 1800s, and continued on the Great Lakes until well into the 20th C.

      Local authorities are hampered operating across state and especially international borders, which makes cyber-crime a situation that calls for Federal involvement.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    6. Re:Sharing PII between government and businesses by LifesABeach · · Score: 1

      It would kill foreign sales for American tech companies
      Those same companies have been the primary source of the global glories that we get to endure? They're like a glass of milk, forgotten on the counter; when its pourer when on a month long vacation.

    7. Re:Sharing PII between government and businesses by mlts · · Score: 1

      Once it was made known that the bad guys had real encryption, and banks were stuck with 56 bit DES (which was likely breakable by the well-heeled nations in the 1990s), ITAR eventually was killed.

      The Clipper chip did teach some lessons though:

      1: What happens if the bad guys can just do something like zero out the LEAF?

      2: What happens if the algorithm, Skipjack, got broken? Well, since the Clipper chip was the only thing encrypting, by law, everyone using it would be severely hosed for months to years as physical chips had to be replaced.

      3: What prevented the bad guys from just using their own encryption wrapped inside Skipjack? Yes, laws can be passed mandating Clipper/Skipjack only... but in some cases, enforcing those could be quite difficult. Plus, there are ways to encrypt with "just" signing and hashing algorithms.

    8. Re:Sharing PII between government and businesses by Jawnn · · Score: 1

      Saw this in the news earlier.

      So, Obama wants software companies to cooperate with the Feds more to help deal with cyber-security issues...

      No. Did you read TFA? Any of them? Do you know what a challenge all of us, public and private sector alike, are up against when it comes to cyber security? Probably not, unless you work in the field and have to face not only the malignant threats, but the regulatory morass that is the current patchwork of laws and compliance rules. The message today was not about "backdoors". Not even close. So, since you have nothing but partisan bitching to contribute, kindly STFU.

    9. Re:Sharing PII between government and businesses by s.petry · · Score: 3, Informative

      Fully agree. Where I last worked we lost tons of contracts and customers after the NSA revelations. Anyone in "Cloud" is currently having to build data centers over seas, specifically in the country requesting service. This is not cheap to coordinate or implement, so start ups and smaller companies without loads of capital are screwed currently.

      Once again the "summit" lacks real technical expertise and view. CEOs are looking for how to gain from the summit as much as (or more) than trying to fix what is broken and why we have had tremendous dumping of US products and services. The simple truth is that the Government does not need unfettered back door access to every damn piece of data, but will pay our tax dollars to companies that give them access. (Another aspect that screws everyone but the big players).

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    10. Re:Sharing PII between government and businesses by Anonymous Coward · · Score: 0

      It would kill foreign sales for American tech companies, which are the majority of their sales.

      That's NSA, No Sales for America.

    11. Re:Sharing PII between government and businesses by garyisabusyguy · · Score: 1

      Interesting, the inclusion of the quote from Michael Brown after the third linked article infers that it has some relationship to the subject of the quote (access to private information, which many people could take as a reference to backdoors), when the linked article is not inclusive of Brown's comments

      Maybe chicksdaddy just trolled us all, or (at best) simply included the wrong link

      --
      Wherever You Go, There You Are
    12. Re:Sharing PII between government and businesses by CrimsonAvenger · · Score: 1

      Did you read TFA? Any of them?

      Yes.

      Do you know what a challenge all of us, public and private sector alike, are up against when it comes to cyber security?

      Yes.

      The message today was not about "backdoors". Not even close.

      I take it you seriously believe that something like backdoors would be the subject of public meetings? As opposed to something that is quietly written into laws/regulations AFTER the public meetings are done?

      Yes, I know you think Obama is another Christ figure. That's your privilege. But get over the notion that when he gets involved the government stops being the enemy.

      Note, by the by, that I only mentioned him because the first article I read on the subject said that he was going to CA to talk to tech company CEO's about "cyber-security threats". If the articles had instead been more generic about who was approaching whom, I'd have left his name out of it....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    13. Re:Sharing PII between government and businesses by rtb61 · · Score: 1

      I see it as something far more dangerous than that. A corporate back door into government and you. It's a partnership and Uncle Tom Obama the Choom Gang coward is reading off a corporate controlled teleprompter. So direct corporate involvement in cyber security operations against the poor and middle class to keep them down and under control.

      --
      Chaos - everything, everywhere, everywhen
  2. Just use the Slashdot meta-mind by garyisabusyguy · · Score: 1

    Post the current cybersecurity issues faced by the White House to Slashdot and get all your answers for free

    You're welcome

    --
    Wherever You Go, There You Are
    1. Re:Just use the Slashdot meta-mind by ShaunC · · Score: 2

      Post the current cybersecurity issues faced by the White House

      Okay, how about WhiteHouse.gov screws up SSL certificate on same day as Obama cybersecurity summit.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    2. Re:Just use the Slashdot meta-mind by garyisabusyguy · · Score: 1

      Funny, unless it is a brilliant ploy to get people to think about security... kinda like Slashdot going down for 8 hours on Google Security Day due to, ahem, their storage solution software going kaput :/

      --
      Wherever You Go, There You Are
  3. A new tech leader? by MagickalMyst · · Score: 5, Insightful

    I nominate Edward Snowden.

    Let's do the right thing here - grant him clemency and welcome him home.

    --
    Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
    1. Re:A new tech leader? by LaurenCates · · Score: 2

      I would kind of agree with you, but there's also a part of me that thinks he'd get shot the second he found himself in a public area in the US.

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    2. Re:A new tech leader? by MagickalMyst · · Score: 1

      Sadly, you are probably right. It's quite the mess in America these days.

      --
      Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
    3. Re:A new tech leader? by LifesABeach · · Score: 1

      Edward Snowden for Cyber Csar? He's everything that Mark Zuckerberg glorifies.

    4. Re:A new tech leader? by MagickalMyst · · Score: 1

      Please don't use Snowden and Suck-a-turd in the same sentence.

      One is a hero; the other a weinerhead.

      --
      Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
    5. Re:A new tech leader? by Anonymous Coward · · Score: 0

      I've never thought Zuckerberg as a hero, but you might be right... he created something that replaced E-mail, USENET, Web forums, and many other things, all in one place.

    6. Re: A new tech leader? by Anonymous Coward · · Score: 1

      He created AOL???

  4. How about improving computer security ... by scruffy · · Score: 2

    ... instead of hoarding zero-days and working to make our hardware and software more insecure.

  5. im sure the discussion was riveting. by nimbius · · Score: 5, Funny

    tech industry: we need guidelines on what we can and cant do
    WH: ok, so how about letting users opt out of data collection and tracking entirely
    tech industry:JESUS FUCKING CHRIST YOURE KILLING US WITH REGULATIONS STALIN. here lets just take it to the courts on a case by case basis.
    Antonin Scalia: what the hell is an E-Mail. is that what the kids do now? email? is that why they listen to hip hops?
    Clarence thomas: zzZZZzzzzZZZZ
    John Roberts: this talking sack of unmarked large bills keeps sending me on vacations when I try to form an opinion.
    Stephen Breyer: the cafeteria is out of those little breakfast eggroll things again. who wants lox?

    --
    Good people go to bed earlier.
    1. Re:im sure the discussion was riveting. by garyisabusyguy · · Score: 1

      Don't forget the stampede as Congress runs down to K street to find out what their opinion on the matter is

      --
      Wherever You Go, There You Are
    2. Re:im sure the discussion was riveting. by LifesABeach · · Score: 1

      The problem is, you'er more right than wrong.

    3. Re:im sure the discussion was riveting. by chill · · Score: 1

      You forgot
      Ruth Bader Ginsburg: Is that the 1947 Rothschild? Be a nice boy and top me off here Tony.

      --
      Learning HOW to think is more important than learning WHAT to think.
    4. Re:im sure the discussion was riveting. by Anonymous Coward · · Score: 0

      Almost right except the part of WH.

      Its more like
      WH: ok, so how about letting users opt out of data collection and tracking entirely BUT you can't know who the actual user is but your systems have to magically be able to find all his records so he can be opt'd out and if your system refers to said user in anyway we will fine you out of business.

      Thats more in line of what the WH and legislation does, provided you can even get a logical response from the wH.

  6. Umm No! by DarkOx · · Score: 4, Insightful

    "They need to articulate what amount of access to private information is 'appropriate and legal' for law enforcement and the government,"

    No I think we the people need to do that. We should get out in front of government by designing systems that keep private information private. The best way to ensure rights like privacy survive is to create a public expectation of it.

    Right now the public expects government can just backdoor anything it wants, and THAT IS THE PROBLEM.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:Umm No! by garyisabusyguy · · Score: 1

      Right now the public expects that service providers can gather all the information about their browsing because they are willing to click-accept on any license that they are presented with, and THAT IS THE PROBLEM

      FTFY

      --
      Wherever You Go, There You Are
    2. Re:Umm No! by Jawnn · · Score: 1

      Right now the public expects government can just backdoor anything it wants, and THAT IS THE PROBLEM.

      I dont' dispute that that's the public's sheep-like expectation, but that is not what today's meeting was about, at all. At least get that part right, m'kay?

    3. Re:Umm No! by garyisabusyguy · · Score: 1

      It looks like the submitter played it fast and loose with their summary

      Neither of the two links to the cybersecurity summit mention sharing customer data, but the submitter chicksdaddy makes it look like their third link contains comments from RSA security guru Michael Brown (regarding sharing customer data between companies and government), when it fact the linked article contains no reference to Brown

      Looks like we all got trolled by the submitter, mahvelous

      --
      Wherever You Go, There You Are
  7. Why do the laws need to be so different? by jmcwork · · Score: 2

    Is it different if I yell 'Fire' in a crowded movie or if I tweet it? Fifty years ago if the government wanted to monitor communications or get customer records from a company what did they do? If someone hacks my computer and locks up my files for ransom, why is that different from breaking into my home and stealing my file folders? I know there are scale factors: customer records for hundreds vs tens of thousands (or more), breaking into one house at a time vs hacking a million systems with one email, etc. but why does all of this have to be re-invented? It seems like we (government) make it more complicated than it needs to be. Just wondering. (Please do not tell that it is all just different just because it is on a computer. I have been in the business for 30 years, build my own computers, read 2600, etc. so I have some exposure to the field.)

    1. Re:Why do the laws need to be so different? by drinkypoo · · Score: 1

      It seems like we (government) make it more complicated than it needs to be.

      Who is this "we"? Are you a fortune 500 company?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Most of the NSA scandal would go away... by MikeRT · · Score: 1

    If the national security hawks would pass a bill that categorically prohibits the sharing of criminal evidence between national security agencies and law enforcement except where the criminal accusation is based upon violent terrorism, solicitation to terrorism, provision of material aid, treason, efforts to overthrow the United States Government, sabotage the functioning of the United States Government for the direct benefit of a terrorist organization or conspiracy to commit any of the aforementioned. If they really wanted to make the case, they'd make it black letter of the law, strict liability (ie no intent or motive required to be fully guilty) that any assistance involving intelligence methods in ordinary criminal investigations results in immediate revocation of security clearance and life-long removal from civil service qualification.

    1. Re:Most of the NSA scandal would go away... by Anonymous Coward · · Score: 0

      If the national security hawks would pass a bill that categorically prohibits the sharing of criminal evidence between national security agencies and law enforcement

      Really? So you people who are so bothered about the NSA looking for terrorists are just afraid of them telling the cops where you keep your drugs?
      And to think you've been making it all sound so high-minded and important.

    2. Re:Most of the NSA scandal would go away... by Anonymous Coward · · Score: 0

      Wish there was a "NaÏve" mod option.

    3. Re:Most of the NSA scandal would go away... by Anonymous Coward · · Score: 0

      If the national security hawks would pass a bill that categorically prohibits the sharing of criminal evidence between national security agencies and law enforcement except where the criminal accusation is based upon efforts to overthrow the United States Government, sabotage the functioning of the United States Government ...

      Apparently you are not well-versed in the rebellion against the King of England by the Thirteen Colonies (part of present-day United States of Amerika). There are times when overthrowing the Government is a necessity. Your kind deserve imprisonment and execution. The rest of us prefer a Government that serves the People and knows it is the servant of the People.

  9. One size doesn't fit all. by Anonymous Coward · · Score: 0

    There are two categories of cyber crime, and the solutions to solving each are mutually exclusive.

    The first category of cyber crime is that which exploits insecure networks and computers. Hackers accessing classified data, security breaches in banking records, MITM attacks, etc.

    The second category of cyber crime is "real world" crime facilitated by and hidden within secure networks. For instance, the buying and selling of contraband online, such as with Silk Road.

    With more secure networks, the first category solves itself. The bad guys can't do bad things if they can't break through the firewalls. However, with more secure networks, engaging in the second kind of crime becomes easier.

    Note that by "secure networks" I'm including a social aspect to complement the technical aspect. What I mean by that is you don't have people involved in the communication deliberately giving out information to third parties.

    So there's a dilemma with any government plan to combat cybersecurity. You can't reduce one category of cyber crime without increasing the other. In other words, there is no "one size fits all" solution to cyber crime.

    The government has made their decision clear. They want weak networks so they can catch the bad guys committing "Silk Road" style cyber crime, and are willing to sacrifice everyone's security in the process, thereby increasing the occurrence of the other category of cyber crime.

    Is that the right choice? In my opinion, no. Read the text of the fourth amendment, and the implication is clear. The security of the people and their papers (and if I may interpolate, this should cover their computers and networks as well) is more important than the government's duty to catch the bad guys.

    Perhaps a more proper approach to cyber crime would be to put research into computer security, promoting technology and standards that are less easily exploited. True end-to-end encryption of all data on the internet, such that even the ISP's don't know who their customers are communicating with. As well as technology and practices to make data breaches less likely. And I know I'm dreaming here, but I would consider a company selling my personal information a data breach. Let's formalize that into law. The less people who have information on me, the less likely it is that someone will make use of that information in unethical ways. (Blackmail, identity theft, etc)

  10. We need more H1B's to fix the issue by Anonymous Coward · · Score: 0

    We need more H1B's to fix the issue

    1. Re:We need more H1B's to fix the issue by Anonymous Coward · · Score: 0

      We need more H1B's to fix the issue

      Before the end of his term President Barack H. Obama will oversee legislation to enable the "Unilaterally Securing Another Business Emigration Labor Internment-camp Enhanced Visa for Employment Regime (USABELIEVER) Act." Eligibility requirements: Not Male Caucasian.

  11. Tech Industry in search of leadership? by lippydude · · Score: 1

    The first thing they need to do is not run the Department of Homeland Security on Microsoft Windows.