President Obama is expected to announce new legislation on Tuesday that would shield businesses from lawsuits when they share data on cyberattack threats with the government. After the recent high-profile attack on Sony, which the administration blames on the government of North Korea, and other high-profile breaches at major retailers and financial firms, the push for new laws isn't surprising. Underscoring the hacker hype that leads up to this: Monday's "hack" of CENTCOM, in which ISIS or someone acting like them managed to deface the U.S. military command's Twitter and YouTube accounts.
Obama's Personal Data Notification and Protection Act would require American companies that have been hacked to inform affected customers within 30 days. The Student Data Privacy Act would ban technology firms from profiting from data gathered from tech tools used by students.
"Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said" to the Washington Post.
The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against cyberattacks and to give law enforcement greater authority to combat cybercrime.
The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said.
The EFF isn't buying it:
“We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.”
The president is also expected to use his annual State of the Union speech on January 20 to address internet-related issues.
Read more: "Obama to propose legislation to protect firms that share cyberthreat data" [Washington Post]
"Obama to Call for Laws Covering Data Hacking and Student Privacy" [New York Times]