Monday, February 16, 2015

Liability issues raised in cybercrime fight

In a world where headlines about hackers breaching major U.S. companies' computer systems show no signs of stopping, President Barack Obama wants businesses to start sharing more information about cyberthreats with the federal government.

Moynihan (L) at Friday's summit (Justin Sullivan/Getty Images)
Which raises an obvious question: Why aren't companies already turning over more information to help the government go after hackers?

The reason, the Obama administration has indicated, is fear of liability.

As Obama pushes for companies turn over more cybersecurity intelligence with the government, he is also proposing that companies be given liability protection for such sharing.

Last month, the administration proposed legislation, which Congress has yet to pass, granting companies such protection. On Friday, the same day the White House held a cybersecurity summit at Stanford University in California,  the Obama administration reiterated its proposal to provide liability protection.

Even if Congress grants such protections, it's unclear whether that will encourage the kind of information-sharing the Obama administration is looking for. According to various media outlets, Silicon Valley remains wary of having a closer relationship with federal intelligence agencies, a reluctance not helped by the leaks of National Security Agency contractor Edward Snowden.

Facebook, Google and Yahoo did not send top executives to the summit, even though they were invited, a snub experts say illustrates the strained relationship between the tech industry and the White House.

On Friday, Obama signed an executive order designed to encourage companies to share cybersecurity-threat information with the federal government and one another. It remains to be seen whether that will result in companies doing so.

Bank of America's CEO, Brian Moynihan, brought up the need for liability protection during Friday's summit. Moynihan was among top corporate leaders who participated in the event as panelists.

Moynihan said there should be more collaboration between the public and private sectors to deal with cybercrimes. But he also pointed to the liability concerns.

"We've got to figure out the liability structure," Moynihan said. "That will take law change."

Once protections are in place for companies that share information, he said, "you actually, I think, can then get that collaboration."

Meanwhile, stories about cybercrimes keep coming. On Saturday, The New York Times reported that Russian cybersecurity firm Kaspersky Lab disclosed an investigation into a cyberattack on more than 100 banks and other financial institutions in 30 nations. Kaspersky said that could make it one of the largest bank thefts ever, the Times reported.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them, the Times reported. (Update: Bank of America spokesman Dan Frahm tells me that the Charlotte-based bank is not among the affected.)


John said...

Given the wide-spread federal cyber-snooping under the current administration, it would be reasonable to wonder if the President just wants to do this so they have another avenue for spying on the American people?