Last Friday, Stanford University was the host of a summit, calling representatives from both the public and the private sector to discuss cyber security issues which are causing mistrust due to involuntary data sharing programs. Both domestic and foreign intelligence agencies are responsible of running such programs.
The White House Summit on Cyber Security and Consumer Protection missed a few of the important leaders in the industry, suggesting either mistrust or scheduling conflicts. Either way, those who did not attend were Facebook Google CEO Larry Page, Yahoo CEO Marissa Mayer, CEO Mark Zuckerberg, and Google executive chairman Eric Schmidt.
Zuckerberg’s spokesperson declined to give a reason for the CEO’s absence from the summit. However, Chief Security Officer Joe Sullivan took part and also played an important role at the event.
On behalf of Larry Page, a Yahoo spokesperson replied in an email that Google’s Chief Security Officer, Alex Stamos, made more sense to attend, given the topic discussed at the summit. In the same manner, Google did not clarify the reason why Page could not attend.
However, it would not be too far-fetched to categorize their nonattendance as a veiled insult, proof being the past statements said executives have made in regard to painting the government as a security threat. Just last year, Zuckerberg has issued an open letter, frowning upon the US government’s indiscriminate information-collection.
In reference to the situation of Edward Snowden, who revealed the sheer audacity of data gathering executed by the US and its collaborators, Zuckerberg wrote that the US government’s behavior stirs confusion and frustration among the American population. He stated that engineers shouldn’t work so hard to improve cybersecurity for the users, and then realize that the number one threat is the government, and not hackers and cybercriminals.
Zuckerberg urged the US authorities to start a more transparent policy, because otherwise, the American population will start believing the worst, instead of trying to cooperate for the sake of security. At the same time as Zuckerberg’s letter, Page and Mayer expressed their similar sentiment about the government’s transparency.
US intelligence operations are not the only concern for private companies. For example, in 2010, Google and several other companies where cyberattacked in what is now known as Operation Aurora, an operation which was eventually traced back to hackers linked to China’s military.
On the other hand, private industry and government authorities should not be seen as opposing sides in this matter. There is a pressing problem caused by the fact that not all companies working in the technology industry adhere to the same policy when it comes to data sharing and privacy. At the summit, Apple CEO Tim Cook suggested in his speech that that Apple’s upfront business model, based on selling the finest products, proved to be better for security and privacy, as opposed to Facebook and Google’s business models, which are advertising-based.
However, the pursuit of both private and public companies for more efficient sharing of threat data is more important that disagreeing on business models. This issue has been on the table for decades, ever since important data has moved into the digital world. The reason why both sectors have gathered on this matter is simply because they need each other if they want cybersecurity to be a safer and more effective tool.
Consequently, ThreatExchange was released by Facebook last week, an application programming interface (API) available for sharing threat data. For the same purpose, Google and Yahoo have supported the Cyber Intelligence Sharing and Protection Act, via TechNet, the trade group. This act is slowly passing through the mandatory legislative process. Despite their mistrust issues, they have found some common ground on this matter.
In his address at Stanford’s summit, President Obama stressed the importance of this common ground for the new set of legislative proposals which are bound to increase cybersecurity. Among others, Obama presented the idea of codifying mechanisms used for sharing important information between the private and the public sector. His speech emphasized the significance of collaboration for a common purpose, because technology can either enable good-doing, or undermine partnerships and do great harm.
Obama administration has launched Cyber Threat Intelligence Integration Center last week, and the president inked a new executive order promoting better cybersecurity data sharing. In spite of his inspirational speech, companies doubt that sharing threat information is really the way to go in regard to increasing security. For example, Kevin Bankston, policy director of New America’s Open Technology Institute, believes that the White House should work on passing a surveillance reform in collaboration with Congress, instead of trying to collect even more information for NSA under the pretext of cybersecurity.
Bankston agrees that the Administration is under pressure to take action on cyber security, in the light of the Sony cyberattack, but they should remember that lack of information sharing was not the capital issue in that incident, but the company’s weak security policies.
Image Source: Wired