President Obama on Friday gave an interview to Re/code Co-CEO Kara Swisher about the state of cybersecurity in the U.S. and the need for the tech sector to combat hacking threats from across the globe. Unsurprisingly, the president pushed for an even cozier relationship between private companies and the government.
But one of Obama’s most pointed responses to Swisher echoed his speech at the White House Summit on Cybersecurity and Consumer Protection on Friday: that encryption is only as strong as its weakest link. “You can have nine companies that have great protocols, authentication systems, you name it. You have one that’s not doing a good job, and that penetrates the entire system,” Obama said.
Hence Obama’s recent push for private companies to share information with the government when they face cyberattacks, both to mitigate the damage of the breach and, ideally, to prevent similar hacks in the future. To incentivize cooperation, Obama is proposing a bill to Congress that “provides companies with some selective liability protections so that when they share information, they’re not vulnerable to future lawsuits”–say, from class-action lawsuits that could arise when a company admits it had not adequately protected customer data from hackers.
Obama’s words might have sounded familiar to someone following tech news last week. On Wednesday, Facebook announced ThreatExchange, a new site based on Facebook’s internal threat reporter, ThreatData, that invites private companies to share data on cyberthreats. Pinterest, Tumblr, Twitter, and Yahoo have already joined the digital security cabal, with Bitly and Dropbox soon to follow.
The idea behind Facebook’s new site sounds just like Obama’s push for companies to share data, but there’s a major difference: ThreatExchange cuts out the government entirely and lets private companies share only as much data they are comfortable disclosing. If ThreatExchange becomes a dominant tool for security professionals, it could frustrate Obama’s plans for a tight relationship between the tech sector and government.
Getting tech companies to work together is crucial to security. Without collaboration, companies end up spending time and resources to work out security issues that other companies have already solved. The question is whether ThreatExchange can be the bridge that connects rival companies, though its member list is already a string of some of the biggest social sites of the Western Internet, with tech titan Google notably missing. The CEOs of Google and Facebook declined to attend last week’s White House cybersecurity summit, which was considered a snub to Obama.
As a solid conceptual alternative that offers companies the ability to control how much data they disclose, ThreatExchange is a serious challenger to Obama’s government partnership push. Obama’s plan could gain traction by compromising on how much information companies would have to share, but given Obama’s push to increase law enforcement’s access to company data, that’s a doubtful course. It will take concrete proof that private companies can’t survive in the coming cyber-trenches alone to get Facebook, Yahoo, and Google lining up.