WASHINGTON -- President Barack Obama is citing the cyberattack against Sony to drum up support for cybersecurity legislation that would expand information-sharing between private companies and the U.S. government. But privacy advocates say they have concerns about details of the proposal released so far.
"The events over the past year ... culminating with the destructive and coercive attack on Sony Pictures Entertainment, really highlight the growing threat that we face in cyberspace," a senior administration official said Tuesday in a conference call with reporters. The president also cited the Sony hack, believed to have been perpetrated by North Korea, when discussing his cybersecurity plan with members of Congress.
Obama's proposal will encourage the private sector to share cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center. According to the administration official, DHS will be required to share the information it receives in "near real-time" with "other federal agencies."
The official said that the information would be limited to a narrow set of technical information, including date and time stamps, IP addresses and routing information.
"It's primarily not going to be content," the official said.
Under the proposal, companies that share this kind of cyber information with the government will be granted partial immunity from lawsuits from consumers in the event of security breaches.
So far, the details released about the president's proposal haven't won over privacy advocates, especially since Congress has yet to pass comprehensive legislation that would reform the surveillance practices detailed by former NSA contractor Edward Snowden.
"The status quo of overweening national security and law enforcement secrecy means that expanded information-sharing poses a serious risk of transferring more personal information to intelligence and law enforcement agencies," said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation.
"We believe that companies should maintain their current obligations to protect customer data," said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center. "The government offering immunity for access to the data is not a good deal for users."
Sen. Ron Wyden (D-Ore.), an advocate for NSA reform, told HuffPost in a statement that he was looking forward to reviewing the details of the proposal, but noted that "safeguarding Americans’ privacy is an essential prerequisite for any cybersecurity legislation."
"Strong encryption and secure systems will always be the best first-line of defense against cyberattacks," he said.
In contrast, Sen. Dianne Feinstein (D-Calif.) said in a statement that information-sharing legislation is "an important step in improving cybersecurity."
Amie Stepanovich, senior policy counsel at Access, an international human rights organization that advocates for digital rights, had not yet seen the full proposal but said it seemed more narrowly tailored than other congressional proposals -- such as CISPA, an information-sharing bill criticized for lacking privacy safeguards. But she pointed out that it was "premature" to pass information-sharing legislation before NSA reform.
"A lot of this is tied to the Sony hack, but the problem with tying this to the Sony is that information-sharing legislation really wouldn't have stopped the Sony hack from occurring," she said. "It's kind of a non-sequitur."