U.S. Promises Not to Sue Companies for Discussing Hacks

Federal agencies are encouraging businesses to work together to thwart hackers.

A person claiming to speak for activist hacker group Anonymous is seen issuing a warning throught a video circulated online to 'go to war' with the Singapore government over recent Internet licensing rules on November 1, 2013.
National Journal
Brendan Sasso
Add to Briefcase
Brendan Sasso
April 10, 2014, 11:18 a.m.

The Obama ad­min­is­tra­tion wants com­pan­ies to work to­geth­er to battle hack­ers.

The Justice De­part­ment and the Fed­er­al Trade Com­mis­sion is­sued a form­al policy state­ment Thursday, as­sur­ing busi­nesses that they will not face fed­er­al law­suits for shar­ing in­form­a­tion with each oth­er about at­tacks on their com­puter sys­tems.

Com­pan­ies have been nervous that dis­cuss­ing in­form­a­tion about hack­ers could run afoul of an­ti­trust laws, which re­strict the abil­ity of busi­nesses to co­ordin­ate with each oth­er. The laws are in­ten­ded to pre­vent com­pan­ies from stifling com­pet­i­tion and in­flat­ing prices.

But the policy doc­u­ment is­sued Thursday states that shar­ing cy­ber­se­cur­ity in­form­a­tion such as in­cid­ent re­ports, ma­li­cious code, or alerts is “highly un­likely” to vi­ol­ate the an­ti­trust laws. Of­fi­cials said that com­pan­ies with ques­tions about any par­tic­u­lar busi­ness prac­tice can con­tact the fed­er­al agen­cies for guid­ance.

Speak­ing at a press con­fer­ence, Deputy At­tor­ney Gen­er­al James Cole said the massive data breach at Tar­get is “just an­oth­er re­mind­er of how far-reach­ing the cy­ber­threat has be­come.” He said the ad­min­is­tra­tion’s guid­ance “lets every­one know that an­ti­trust con­cerns should not get in the way of shar­ing cy­ber­se­cur­ity in­form­a­tion.”

Bill Baer, the head of the Justice De­part­ment’s An­ti­trust Di­vi­sion, said the policy state­ment is an “an­ti­trust no-brain­er,” and he ex­plained that “as long as com­pan­ies don’t dis­cuss com­pet­it­ive in­form­a­tion like pri­cing and out­put when shar­ing cy­ber­se­cur­ity in­form­a­tion, they’re OK.”

He ac­know­ledged that the state­ment won’t af­fect private an­ti­trust law­suits, but he noted that the courts of­ten de­fer to the leg­al in­ter­pret­a­tions of the an­ti­trust agen­cies.

Rand Beers, a White House ad­viser, ar­gued that it is crit­ic­al that com­pan­ies con­tinu­ally as­sess their net­works and share in­form­a­tion about the latest at­tacks. Oth­er­wise, a single vir­us can quickly spread through en­tire in­dus­tries, he warned.

The of­fi­cials said the guid­ance will help com­pan­ies re­spond to vul­ner­ab­il­it­ies, such as the re­cently dis­covered “Heart­bleed” bug, which has un­der­mined se­cur­ity on much of the Web.

The policy state­ment is the Obama ad­min­is­tra­tion’s latest ef­fort to bol­ster cy­ber­se­cur­ity, which of­fi­cials say is one of the most ser­i­ous na­tion­al se­cur­ity is­sues.

Pres­id­ent Obama urged Con­gress to pass com­pre­hens­ive cy­ber­se­cur­ity le­gis­la­tion in 2012 that would have set se­cur­ity stand­ards for crit­ic­al in­fra­struc­ture (such as banks and power com­pan­ies) and en­cour­aged cy­ber­se­cur­ity in­form­a­tion shar­ing. Re­pub­lic­ans blocked the bill, warn­ing it would im­pose un­ne­ces­sary reg­u­la­tions on busi­nesses.

Obama is­sued an ex­ec­ut­ive or­der in early 2013 that cre­ated vol­un­tary guidelines to help crit­ic­al in­fra­struc­ture op­er­at­ors pro­tect their sys­tems. But the in­form­a­tion-shar­ing por­tion of the le­gis­la­tion had re­mained largely un­ad­dressed.

Obama ad­min­is­tra­tion of­fi­cials in­sisted Thursday that Con­gress must still pass cy­ber­se­cur­ity le­gis­la­tion. FTC Chair­wo­man Edith Ramirez urged law­makers to em­power her agency to fine com­pan­ies for in­ad­equate data se­cur­ity, and to set a na­tion­al stand­ard re­quir­ing com­pan­ies to no­ti­fy con­sumers in the event of a data breach.

Cole said le­gis­la­tion is still needed to al­low the gov­ern­ment and private sec­tor to share in­form­a­tion with each oth­er. He also pushed for tough­er pen­al­ties for hack­ers and ex­pan­ded au­thor­ity to seize serv­ers and In­ter­net do­mains.

What We're Following See More »
TO SURVEY HURRICANE DAMAGE
Trump Visiting Puerto Rico Next Tuesday
39 minutes ago
THE DETAILS
TUESDAY EARLIEST DAY TO GO
Trump to Puerto Rico
41 minutes ago
THE DETAILS

"President Trump will travel to Puerto Rico next Tuesday to survey damage from Hurricane Maria, which has ravaged the island and left Americans there without power and struggling to find food and clean water. The president told reporters at the White House that damage on the ground prevents any earlier travel to the island, which he said has been 'literally destroyed.'"

Source:
SENATE COMMITTEE UNANIMOUS
Jon Huntsman Voted U.S. Ambassador to Russia
1 hours ago
THE LATEST
CITES MCDONNELL RULING
Former NY Senate Leader Skelos’ Conviction Overturned
1 hours ago
THE DETAILS

"A federal appeals panel on Tuesday overturned the 2015 corruption convictions of Dean G. Skelos, once the powerful majority leader of the New York State Senate, and his son, Adam B. Skelos, citing a decision last year of the United States Supreme Court that narrowed the legal definition of corruption. The ruling comes roughly two and a half months after another appellate panel cited the same Supreme Court decision to vacate the conviction of Sheldon Silver, the former longtime Democratic speaker of the State Assembly."

Source:
SLASHING CORPERATE RATE
WH, GOP Finalizing Tax Cut Plan
1 hours ago
THE DETAILS
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login