Obama Goes to Silicon Valley to Push Cyber and Mend Fences, But Tensions Remain
Cybersecurity legislation was supposed to be an easy get for the president. But the shadow of Snowden has tech companies and privacy groups still worried about sharing more data with the government.
President Obama on Friday will sign an executive order intended to foster greater sharing of digital data between the government and the private sector—a move the administration hopes will prod Congress to move more quickly on passing cybersecurity legislation.
The order coincides with a first-of-its-kind cyber summit at Stanford University, at which Obama will speak on Friday, and caps a weeklong effort by the White House to rejuvenate Washington's interest in shoring up the nation's cyberdefenses.
Increased information-sharing has been the centerpiece of the administration's cyberstrategy, which became a top legislative priority after the devastating hack on Sony Pictures last year that officials have blamed on North Korea.
But the renewed cybersecurity push has been overshadowed by news that a majority of Silicon Valley's blue-chip executives will not be attending the Stanford conference. Apple CEO Tim Cook is scheduled to speak, but most household-name tech luminaries are sitting the event out.
Facebook CEO Mark Zuckerberg, Yahoo's Marissa Mayer, and Google's Larry Page and Eric Schmidt were all invited but declined to make the trip, according to news first reported by Bloomberg. Instead, those companies opted to send their senior information-security brass.
The White House tried to downplay the notion that the tech companies were staging a sort of silent boycott of the summit. But even senior administration officials concede that relations with Silicon Valley remain frayed more than a year and a half after Edward Snowden's disclosures embarrassed several Internet companies and forced them to embark on global damage-control campaigns.
"In that area, obviously, there have been tensions as a result of the [surveillance] issues," Michael Daniel, special assistant to the president and the White House cybersecurity coordinator, told reporters Thursday. "But I think that's the kind of thing where the only way to get at that is ... to continue to engage, and the president has been committed to that and will remain committed to that, and that's part of the reason we're coming out here."
Daniel added that it was crucial the private sector buy into the administration's push for increased cyber information-sharing. "No one can do this mission by themselves," he said.
Specifically, Obama's executive order will seek to broaden the sharing of cyberdata from a current regime that favors info-swapping hubs categorized by industry, according to a White House fact sheet. The order will encourage the creation of hubs that can share information based on other factors, such as region or membership affiliation, that cut across industry designations.
In addition, the order will direct the Homeland Security Department to fund the set-up of a nonprofit organization responsible for creating voluntary standards for sharing information within those data hubs. It will also seek to clarify the authority DHS has to forge agreements with information-sharing organizations and allow the federal agency to approve classified information-sharing arrangements.
The order is technical and narrow, but doubles as an attempt to grease the tracks on Capitol Hill. After last year's Sony hack, Obama and lawmakers of both parties saw information-sharing legislation as a policy issue that could enjoy bipartisan backing and earn swift passage in 2015.
But the administration's legislative proposal introduced last month quickly drew skepticism from privacy and civil-liberties groups, as many said they would not back any information-sharing bill before Congress passed substantive surveillance reform.
At the heart of their concerns is the push to expand of liability protections provided to companies that share so-called cyberthreat indicators—things like IP addresses and routing information—with the government as long as they take "reasonable" steps to remove information that could be used to violate a customer's privacy.
Privacy advocates warn that giving the government more data than it already has threatens civil liberties, especially because that information can be shared with spy agencies like the National Security Agency and the CIA. Those grievances have killed information-sharing bills in the past two Congresses.
Earlier this week, Sen. Tom Carper introduced an information-sharing bill that closely resembles Obama's proposal. Aides to the Delaware Democrat said the bill is meant to serve as a starting point for negotiations and not a final product.
But even as massive breaches continue to dominate headlines, many powerful tech giants have been largely silent about information-sharing. Cybersecurity has largely taken a backseat to other policy agenda, including surveillance, email privacy, net neutrality, and patent reform.
Facebook's Zuckerberg and executives from other companies have repeatedly met with Obama since the Snowden revelations began in June 2013 to urge him to be more mindful of the economic and reputational damage wrought by government surveillance.
"The U.S. government should be the champion for the Internet, not a threat," Zuckerberg wrote on his Facebook page last March. "They need to be much more transparent about what they're doing, or otherwise people will believe the worst."
Even as legislation remains an uphill battle, the administration will use Friday's summit to tout new commitments from the private sector that adhere to a voluntary cybersecurity framework Obama rolled out last year. In addition, several companies—including Visa, MasterCard, and Apple—will commit to beefing up the security of their payment technologies.
NEXT STORY: Obama expands info sharing with executive order