U.S. Promises Not to Sue Companies for Discussing Hacks

Federal agencies are encouraging businesses to work together to thwart hackers.

A person claiming to speak for activist hacker group Anonymous is seen issuing a warning throught a video circulated online to 'go to war' with the Singapore government over recent Internet licensing rules on November 1, 2013.
National Journal
Brendan Sasso
Add to Briefcase
Brendan Sasso
April 10, 2014, 11:18 a.m.

The Obama ad­min­is­tra­tion wants com­pan­ies to work to­geth­er to battle hack­ers.

The Justice De­part­ment and the Fed­er­al Trade Com­mis­sion is­sued a form­al policy state­ment Thursday, as­sur­ing busi­nesses that they will not face fed­er­al law­suits for shar­ing in­form­a­tion with each oth­er about at­tacks on their com­puter sys­tems.

Com­pan­ies have been nervous that dis­cuss­ing in­form­a­tion about hack­ers could run afoul of an­ti­trust laws, which re­strict the abil­ity of busi­nesses to co­ordin­ate with each oth­er. The laws are in­ten­ded to pre­vent com­pan­ies from stifling com­pet­i­tion and in­flat­ing prices.

But the policy doc­u­ment is­sued Thursday states that shar­ing cy­ber­se­cur­ity in­form­a­tion such as in­cid­ent re­ports, ma­li­cious code, or alerts is “highly un­likely” to vi­ol­ate the an­ti­trust laws. Of­fi­cials said that com­pan­ies with ques­tions about any par­tic­u­lar busi­ness prac­tice can con­tact the fed­er­al agen­cies for guid­ance.

Speak­ing at a press con­fer­ence, Deputy At­tor­ney Gen­er­al James Cole said the massive data breach at Tar­get is “just an­oth­er re­mind­er of how far-reach­ing the cy­ber­threat has be­come.” He said the ad­min­is­tra­tion’s guid­ance “lets every­one know that an­ti­trust con­cerns should not get in the way of shar­ing cy­ber­se­cur­ity in­form­a­tion.”

Bill Baer, the head of the Justice De­part­ment’s An­ti­trust Di­vi­sion, said the policy state­ment is an “an­ti­trust no-brain­er,” and he ex­plained that “as long as com­pan­ies don’t dis­cuss com­pet­it­ive in­form­a­tion like pri­cing and out­put when shar­ing cy­ber­se­cur­ity in­form­a­tion, they’re OK.”

He ac­know­ledged that the state­ment won’t af­fect private an­ti­trust law­suits, but he noted that the courts of­ten de­fer to the leg­al in­ter­pret­a­tions of the an­ti­trust agen­cies.

Rand Beers, a White House ad­viser, ar­gued that it is crit­ic­al that com­pan­ies con­tinu­ally as­sess their net­works and share in­form­a­tion about the latest at­tacks. Oth­er­wise, a single vir­us can quickly spread through en­tire in­dus­tries, he warned.

The of­fi­cials said the guid­ance will help com­pan­ies re­spond to vul­ner­ab­il­it­ies, such as the re­cently dis­covered “Heart­bleed” bug, which has un­der­mined se­cur­ity on much of the Web.

The policy state­ment is the Obama ad­min­is­tra­tion’s latest ef­fort to bol­ster cy­ber­se­cur­ity, which of­fi­cials say is one of the most ser­i­ous na­tion­al se­cur­ity is­sues.

Pres­id­ent Obama urged Con­gress to pass com­pre­hens­ive cy­ber­se­cur­ity le­gis­la­tion in 2012 that would have set se­cur­ity stand­ards for crit­ic­al in­fra­struc­ture (such as banks and power com­pan­ies) and en­cour­aged cy­ber­se­cur­ity in­form­a­tion shar­ing. Re­pub­lic­ans blocked the bill, warn­ing it would im­pose un­ne­ces­sary reg­u­la­tions on busi­nesses.

Obama is­sued an ex­ec­ut­ive or­der in early 2013 that cre­ated vol­un­tary guidelines to help crit­ic­al in­fra­struc­ture op­er­at­ors pro­tect their sys­tems. But the in­form­a­tion-shar­ing por­tion of the le­gis­la­tion had re­mained largely un­ad­dressed.

Obama ad­min­is­tra­tion of­fi­cials in­sisted Thursday that Con­gress must still pass cy­ber­se­cur­ity le­gis­la­tion. FTC Chair­wo­man Edith Ramirez urged law­makers to em­power her agency to fine com­pan­ies for in­ad­equate data se­cur­ity, and to set a na­tion­al stand­ard re­quir­ing com­pan­ies to no­ti­fy con­sumers in the event of a data breach.

Cole said le­gis­la­tion is still needed to al­low the gov­ern­ment and private sec­tor to share in­form­a­tion with each oth­er. He also pushed for tough­er pen­al­ties for hack­ers and ex­pan­ded au­thor­ity to seize serv­ers and In­ter­net do­mains.

What We're Following See More »
HAD ATTRACTED A CROWD TODAY
Alt-Right Leader Spencer Removed from CPAC
13 hours ago
WHY WE CARE
SAYS LEFT WILL GO INTO “MELTDOWN”
Cruz Predicts Another SCOTUS Vacancy “This Summer”
17 hours ago
THE LATEST
THE QUESTION
How Many Signatures Has the Petition for Trump’s Tax Returns Received?
19 hours ago
THE ANSWER

More than 1 million, setting a record. More than 100,000 signatures triggers an official White House response.

Source:
TIED TO RUSSIA INVESTIGATION
Sen. Collins Open to Subpoena of Trump’s Tax Returns
19 hours ago
THE LATEST

Sen. Susan Collins, who sits on the Intelligence Committee, "said on Wednesday she's open to using a subpoena to investigate President Donald Trump's tax returns for potential connections to Russia." She said the committee is also open to subpoenaing Trump himself. "This is a counter-intelligence operation in many ways," she said of Russia's interference. "That's what our committee specializes in. We are used to probing in depth in this area."

Source:
NPR ALSO LAUNCHES ETHICS WATCH
Obama Staffers Launch Group to Monitor Trump Ethics
19 hours ago
WHY WE CARE

"Top lawyers who helped the Obama White House craft and hold to rules of conduct believe President Donald Trump and his staff will break ethics norms meant to guard against politicization of the government — and they’ve formed a new group to prepare, and fight. United to Protect Democracy, which draws its name from a line in President Barack Obama’s farewell address that urged his supporters to pick up where he was leaving off, has already raised a $1.5 million operating budget, hired five staffers and has plans to double that in the coming months." Meanwhile, NPR has launched a "Trump Ethics Monitor" to track the resolution of ten ethics-related promises that the president has made.

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login