President Obama’s proposals on fixing the nation’s lagging cybersecurity infrastructure were met with widespread support from industry experts and even some Republicans Tuesday, though civil liberties advocates warned it could lead to a dangerous invasion of privacy.
During his State of the Union speech Tuesday night, the president proposed to unify the reporting of cyberattacks into a central repository, as well as streamlining the ways in which private businesses and the government work together to prevent breaches.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Mr. Obama said.
“If we don’t act, we’ll leave our nation and our economy vulnerable,” Mr. Obama said. “If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Indeed, the desire to shore up the nation’s cyber defenses is likely to be one of the few points from the State of the Union speech that the president and GOP agree on.
“Enabling effective information sharing between and among private companies and the federal government with real liability protections can improve our nation’s cybersecurity,” said Sen. Ron Johnson, a Wisconsin Republican and chairman of the Senate Homeland Security and Governmental Affairs Committee. “The president’s proposal is an important first step in developing that legislation.”
But privacy advocates warned the move would likely lead to companies turning over even more information to the government.
“It creates this perfect storm for the potential of your personal information to be shared,” said Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation.
He said the president’s proposals don’t include protections for consumers, and that there’s no requirement that companies try to protect their customers personal information.
“If we’re going to grant legal immunity for these companies, then we need to make sure that the privacy protections are the strongest they can be,” he said.
Industry representatives said the move was long overdue.
“The President’s legislative proposal will reduce the number and severity of cyberattacks by allowing the industry access to actionable information about cyber criminals’ plans,” said Jason Oxman, CEO of the Electronic Transactions Association that represents more than 500 technology, service and payment companies including giants like Apple and Bank of America.
“ETA supports removing barriers that prevent government and industry from sharing information about cyberthreats,” Mr. Oxman said.
Mr. Obama’s proposals would help streamline the reporting of known breaches and cyberattacks into a single place that both the government and private businesses could access. Security experts have complained that the current system is too disorganized, with hacks and breaches not always reported and rarely shared to other concerned parties.
The president’s plans would also allow private businesses and the government to work more closely together on cybersecurity issues. But the vagueness of what the cooperation could entail concerned privacy advocates.
“Information sharing is not a silver bullet,” Mr. Jaycox said. “We haven’t heard anything specific. I have not heard the administration specifically point to what is at fault with the current information sharing regime.”
Likewise, Gabe Rottman, legislative counsel at the American Civil Liberties Union, wrote in a statement that the proposal “fails to include clear privacy guidelines to keep sensitive personal information from flowing to the NSA and other intelligence agencies.”
“The administration deserves some credit for being more privacy protective than members of Congress,” Mr. Rottman said. “But we remain skeptical that these measures are necessary or wise, and we continue to strongly urge the administration to deal with NSA reform before further weakening American privacy laws in the name of cybersecurity.”
Federal law enforcement agencies have often pushed for better cybersecurity laws and procedures. In October, FBI Director James Comey told a cybersecurity conference that “technology has become the tool of choice for some very dangerous people.”
A spokeswoman for the FBI declined to comment Tuesday on what Mr. Comey thought of the president’s proposals.
Speaking to a group at the U.S. Chamber of Commerce last year, John Carlin, the Justice Department assistant attorney general for national security, urged greater cooperation between the government and private businesses.
“We are on notice, we are all targets,” Mr. Carlin told the assembled business leaders. “You are on the front lines of these battles, but we are with you.”
But like the privacy advocates, fear of government intrusion kept many businesses at arm’s length from previous cybersecurity proposals. The U.S. Chamber of Commerce spearheaded an effort in 2012 to stop a cyber information sharing bill they deemed too intrusive.
Many businesses, however, have started to focus more attention on cybersecurity concerns recently, and some have reached out to the government for help, following a series of high-profile hacks at Target, Home Depot, JPMorgan Chase Bank and Sony Pictures.