An NSA spy, a Fed and a sysadmin walk into a bar – that's Prez Obama's new cyber-security order

You and me, simultaneously swapping stories of hackers

President Barack Obama has signed an executive order that will attempt to protect America's crucial computer networks by sharing knowhow between g-men and techies.

The new order instructs federal agencies to set up a clearing house of real-time, up-to-the-minute information on what's menacing US infrastructure. Companies running those networks and systems will be able to look into the intelligence stream, get an idea of what's about to hit them, and beef up their defenses accordingly. This is assuming the system works as described.

This sharing of information is supposed to go two ways: businesses can use the clearing house to tip off the Feds about threats that everyone ought to know about, we're told.

What exactly counts as security-related information that must be shared, and what private data must not be exchanged, is not clear at this stage.

The order also calls for a full assessment of America's weak points in its computer security – and how they can be corrected.

"This has to be a shared mission. So much of our computer networks and critical infrastructure are in the private sector, which means government can't do this alone," Prez Barry said in a speech at Stanford University today, moments before signing off the order.

"But the fact is that the private sector can't do it alone either, because it's government that often has the latest information on new threats. There's only one way to protect America from these cyber threats and that is through government and industry working together, sharing appropriate information, as true partners."

Rights-warriors at the EFF are not impressed by politicians' efforts to push through security information sharing – for one thing, there already are ways for companies to swap stories.

There was no mention of the NSA at all in his entire 30-minute speech; instead, Obama said privacy needed to be protected. His order calls on the chief privacy officer of the US Department of Homeland Security to look into this troublesome thing (privacy, not the NSA) and report back in a year, so that's all right then.

Basically, the executive order looks very like the CISPA information sharing legislation that is having such a problem getting through Congress at the moment. There are limits to what can be accomplished with an executive order, however.

CISPA would limit the liability companies face from customers who aren't happy about having their data given to the government as part of this intelligence sharing. The executive order does not shield businesses in this way.

"We need Congress to send a bill to the president that gives businesses legal certainty that they have a safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and countermeasures in real time and taking actions to mitigate cyber-attacks," said the American Banking Association in a statement after Obama's speech.

An 'almost unique' President

Executive order aside, with his Marine One helicopter parked outside, Obama's Stanford speech was a mix of bland reassurances and hyperbole. He said that the US was positioned to lead the world into the 21st century (something which must have caused amusement in Beijing) and that America was "almost unique" in being able to innovate online.

He also took time for some gags (jokes, not NSL banning orders) saying he had been told that the Stanford students would "talk geeky" to him and suggesting that he should wear a pair of thick-rimmed glasses mended with tape in order to fit in. But it wasn't this that has some section of the tech community being standoffish.

Although they were invited, neither Google, Facebook, nor Yahoo! attended Friday's get-together. After having been burned so badly by the NSA snooping around their data centers, none of the firms is quite ready to play nice with executive orders. They want balanced legislation on the books, instead.

Apple's Tim Cook was present, however, and gave a 15-minute Apple advert immediately preceding the president. Most of it was a rehash of the self-promotion and Google-bashing the Goldman Sachs technology conference heard on Tuesday, but he did stray off script with a trenchant warning.

"We live in a world where all people are not treated equally, too many don't feel free to practice their religion, express their own opinions, or love who they choose," he said.

"Information can make the difference between life and death. If those of use fail to do everything in our power to protect privacy then we risk something more valuable than money – we risk our way of life. Luckily, technology gives us the tools to avoid these risks."

Technology like the power-off button on your iPhone, right Tim? ®

Similar topics

Broader topics

Other stories you might like

  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • Google recasts Anthos with hitch to AWS Outposts
    If at first you don't succeed, change names and try again

    Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.

    Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

    Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.

    Continue reading

Biting the hand that feeds IT © 1998–2022