Here come the "information sharing and analysis organizations", or ISAOs.
* * *
In the aftermath of the Snowden whistleblowing scandal which has now all but been forgotten, there was a brief period when it seemed the growth of the US spying apparatus would be halted if not put into reverse. Those days are long forgotten and later today Obama is expected to to sign an executive order "that aims to make it easier for the government to share classified cyberthreat information with companies."
The spin, as proposed by the WSJ, is that "this will be effort designed to spur collaboration and deter hackers, the White House said." In reality what Obama's latest executive order will do, is expand the universe of entities that has access to the trove of private confidential data contained in the vast government spying apparatus, which as has been made all too clear now focuses as much on US citizens as it does on legitimate foreign threats, and further eviscerate the concept of individual privacy in the US.
The order sets the stage for new private-sector led "information sharing and analysis organizations" (ISAOs) - hubs where companies share cyber threat data with each other and with the Department of Homeland Security.
It is one step in a long effort to make companies as well as privacy and consumer advocates more comfortable with proposed legislation that would offer participating companies liability protection, the White House said.
"We believe that by clearly defining what makes for a good ISAO, that will make tying liability protection to sectoral organizations easier and more accessible to the public and to privacy and civil liberties advocates," said Michael Daniel, Obama's cyber coordinator, in a conference call with reporters.
Obama will sign the order shortly during a conference on cybersecurity at Stanford University in the heart of Silicon Valley.
As the WSJ adds, "much could depend on whether intelligence agencies such as the National Security Agency and the Central Intelligence Agency participate in any arrangement that allows classified information to be shared with companies." Sadly, if history is any guide, the NSA, whose "safekeeping" of private US citizen data has a woeful track record, will be quite instrumental in spearheading an effort which many have dubbed the Patriot Act for the digital age.
Ironically, this latest move comes as as big Silicon Valley companies "prove hesitant to fully support more mandated cybersecurity information sharing without reforms to government surveillance practices exposed by former National Security Agency contractor Edward Snowden."
Cybersecurity industry veterans said Obama's anticipated order would be only a modest step in one of the president's major priorities - the defense of companies from attacks like those on Sony and Anthem Inc.
Obama has proposed legislation to require more information-sharing and limit any legal liability for companies that share too much. Only Congress can provide the liability protection through legislation.
The bottom line is that all Obama is really doing is not only promoting data sharing between the government and key private corporations - and one wonders just how reciprocal such sharing will be - but effectively indeminifes them from obtaining and processing such data. "Businesses are unlikely to share a lot of timely and "actionable" cyber intelligence without liability relief, said Mike Brown, a vice president with the RSA security division of EMC Corp."
"Until that gets resolved, probably through legislation, I'm not sure how effective continued information-sharing will be," said Brown, a retired Naval officer and former cyber official with the Department of Homeland Security.
Senator Tom Carper, the top Democrat on the Senate Homeland Security committee, introduced a bill this week that incorporates much of Obama's plan. But Republicans control Congress, and they have yet to sign on to the idea.
"This is an urgent matter and we are working with anyone that we can up on the Hill to make that happen," said Daniel, who had not yet reviewed Carper's bill.
Getting a bill through Congress will require at least the support of big Silicon Valley companies such as Google Inc and Facebook Inc.
Curiously one company which has no qualms about collaborating with the US government also happens to be the largest company in the world currently by market cap:
Obama also will meet privately with some executives on Friday. They are expected to press again for surveillance reform and support for strong encryption, which some in the administration have faulted recently on the grounds that it enables criminals and terrorists to hide their activity.
Google, Facebook and Yahoo are not sending their chief executives to the Stanford conference because of the rift, according to an executive at a major technology company. Apple Inc Chief Executive Tim Cook will give an address.
One wonder if perhaps recent leaked discoveries such as that "NSA Mocks Apple's "Zombie" Customers; Asks "Your Target Is Using A BlackBerry? Now What?" has anything do with with AAPL's willingness to engage in full-blown symbiosis with the US government. One also wonder what if anything would happen to AAPL's record sales if it were to just say no to Obama.
Many questions, but one thing is clear: America's relapse into the second coming of the Patriot Act is coming fast and furious, which as some also say is par for the course for the president who, just like Bush, has now been given a blank check to send US troops not only to Iraq but any place where "ISIS operates", if only at the discretion of the Pentagon.
So to summarize:
- the good news: no more North Korean "hacks" of Sony straight to YouTube comedy flops.
- the bad news: the trade off will be even less personal privacy for those who feel the urge to be constantly on their smartphones and otherwise connected to the grid.
Still confused? The NSA laid it out best: