The Intersection: Mar 2015

Welcome to The Intersection, a series designed to help you anticipate and prepare for public policy challenges and opportunities.

Subscribe to The Intersection:

At White House Cybersecurity Summit, Search for Clarity, Trust Continues

by Corey Ealons

As the White House Summit on Cybersecurity and Consumer Protection convened on the campus of Stanford University, the debate over terms of engagement for fighting cybercrime and protecting data networks was already well under way. During his remarks to nearly 2,000 attendees at the event, President Obama continuously reiterated the point that we are all in this together. “Everyone is online, and everyone is vulnerable,” Obama said.

The event served as a backdrop for the signing of a presidential executive order calling for more voluntary information sharing between private sector organizations and between the private sector and government organizations – “a two-way street.” In addition to the President’s speech, the event featured panels throughout the day moderated by government officials from the departments of Commerce and Homeland Security and the U.S. Treasury, among others. Panelists included a number of notable CEOs from a broad spectrum of industries as well as technical experts and privacy advocates.

The Quest for Clarity

All agreed on the need for more information sharing. However, participants disagreed on what explicit guidelines and protections need to be in place before information flows freely across industries and especially to the federal government. Industry representatives noted the need for updated regulations and liability protections so that they understand the rules of the road: what critical information is needed, when information should be shared, and how that information will be used.

As an example of outdated regulation, American Express CEO Ken Chenault pointed out that current regulations only allow American Express to send a threat alert via text to 90 percent of its customers at one time. Other participating executives noted repeatedly that more needs to be done to explicitly shield companies that participate in information sharing against litigation from individuals or other organizations if that data is compromised or used for unintended purposes.

Other companies volunteered that their customers are concerned about sensitive personal information being shared with government organizations where it could be used for investigations or become subject to a breach, such as the leak of government documents by NSA contractor Edward Snowden in 2013.

Privacy advocates participating in the event also shared similar concerns. Nuala O’Connor, president and CEO of the Center for Democracy and Technology based in Washington, DC, said that people who choose to engage and develop a digital persona do not forfeit their rights to privacy. Apple CEO Tim Cook, who served as a proxy for other Silicon Valley tech CEOs, echoed those sentiments during his remarks when he said, “If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.”

As a sign of the ongoing friction between the federal government and the tech sector, notable CEOs from Google, Facebook and Yahoo skipped the event because of recent concerns over the access to and use of personal information by the National Security Agency. Also, federal law enforcement representatives have expressed irritation that Apple and Google are now encrypting personal information on mobile devices.

What’s Next?

By the end of the summit, it was clear that a legislative remedy is needed to address the issues of collaboration and information sharing, liability protection and individual privacy. Senator Tom Carper of Delaware reintroduced cybersecurity legislation this month supported by the White House that will attempt to answer all of these concerns. Consensus failed in the last Congress, in part because President Obama said proposed legislation needed to do more to protect consumers, and businesses wanted more liability protections.

On more than one occasion, a speaker pointed out that the ability to achieve consensus on a national cybersecurity strategy coordinated by the federal government comes down to one thing: trust. Trust among industry peers. Trust across industry sectors. Trust in the federal government. However, that trust must begin with every American citizen. If citizens don’t feel that their individual civil liberties will remain intact, the entire effort will fail.

Corey Ealons

Partner

202-772-5014 \ cealons@voxglobal.com

@CoreyEalons