Officials Upset Tech Companies Reluctant To Play Along With Administration's 'Information Sharing' Charade
from the fooling-no-one dept
The government's on-again, off-again love affair with everything cyber is back on again. The CIA has just shifted its focus, abandoning its position as the free world's foremost franchiser of clandestine torture sites and rebranding as the agency of choice for all things cyberwar-related.For years, legislators have been attempting to grant themselves permission to strong-arm tech companies into handing over all sorts of information to the government under the guise of cybersecurity. CISPA, CISA, etc. The acronyms come and go, but the focus is the same: information sharing.
Of course, the promise of equitable sharing remains pure bullshit. Tech companies know this and have been understandably resistant to the government's advances. There are few, if any positives, to these proposed "agreements." The government gets what it wants -- lots and lots of data -- and the companies get little more than red tape, additional restrictions and fleeing customers.
The government has recently been playing up the narrative that unreasonable tech companies are standing in the way of the nation's super-secure future.
U.S. government officials say privately they are frustrated that Silicon Valley technology firms are not obtaining U.S. security clearances for enough of their top executives, according to interviews with officials and executives in Washington and California. Those clearances would allow the government to talk freely with executives in a timely manner about intelligence they receive, hopefully helping to thwart the spread of a hack, or other security issues.Before dealing with the questionable promise of "real-time threat information sharing," let's deal with the supposedly minor requirement of security clearances. It's not as if this won't impose undue burdens on tech company leaders, especially when they already have a pretty good idea this stipulation will be a major hassle followed by continued opacity from a government that's 90% lip service and 10% outright lying. Tech execs are being asked to make all the effort and hope against hope there will actually be some benefits.
The lack of cooperation from Silicon Valley, Washington officials complain, injects friction into a process that everyone agrees is central to the fight to protect critical U.S. cyberinfrastructure: Real-time threat information sharing between government and the private sector.
"I believe that this is more about the overclassification of information and the relatively low value that government cyberintel has for tech firms," said one Silicon Valley executive. "Clearances are a pain to get, despite what government people think. Filling out the paper work … is a nightmare, and the investigation takes a ridiculous amount of time."The clearance process can easily take over a year. The application runs 127 pages and asks a mixture of questions ranging from highly-intrusive to facially-ridiculous.
[...]
"I think tech companies are doing a return-on-investment analysis and don't think the government intel is worth the cost or effort," said the Silicon Valley executive. "This is why government threat signature sharing initiatives are such a nothing-burger: The signatures are of limited value and only a few select companies with clearances can actually use them."
[This question seems to disqualify nearly every law enforcement officer in the United States.]
And that's just the start of the process. The rest of the vetting process takes several months, and there's no guarantee the executives the government wants to obtain clearance will actually be cleared to discuss classified information.
And even if these clearances are obtained, the benefits are unproven and suspected to be minimal. On the other hand, the downsides are enormous. As Marcy Wheeler points out, clearances may open up discussion channels with law enforcement and intelligence agencies, but they also create additional restrictions for those carrying these privileges -- the breach of which can result in severe consequences. In light of the inequitable "sharing" envisioned by many tech companies, the hassle just isn't worth it.
Because it’s not just that the security clearance application that is unwieldy. It’s that clearance comes with a gag order about certain issues, backed by the threat of prison...On top of this, there's the bottom line to consider. The information that may or may not flow back to tech companies won't do much to offset the perception that company executives are willingly buddying up with the US intelligence community. In the post-Snowden world, this could mean the loss of customers, future contracts and sensitive foreign markets.
Why would anyone sign up for that if the tech companies have more that the government wants than the government has that the tech companies need?
The government has yet to offer anything Silicon Valley wants in exchange for additional burdens, greater secrecy and increased demands for customer data. The government is better at taking than it is at giving, and no amount of cyberterrorism hand-wringing is going to change that reality.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, information sharing, security clearance, silicon valley, tech industry, washington dc
Reader Comments
Subscribe: RSS
View by: Time | Thread
Information Sharing?
For a phone or computer company... If a fancy new screen technology or battery or encryption technique is so new it's classified (a) what are the odds the government would own this information and (b) what are the odds the company could include classified technology in consumer products?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Security clearances are bullshit
Here's someone who held all kinds of security clearances, including whatever ultra top double-secret useless nonsense that four-star generals and CIA directors hold.
Here's someone who was vetted for those clearances via every form of investigation known to the USG.
Here's someone who handed over classified documents because he wanted to get laid.
And yet the USG still has a massive bureaucracy (some of which has been outsourced to contractors with security problems of their own) devoted to this farsical charade.
There is zero reason for anybody in the tech world to submit themselves to this stupidity. It's not like the CIA and the NSA are going to share their knowledge: this is going to be a one-way pipeline into the USG and every scrap of knowledge it acquires will be used to make the world less secure, not more, because the USG has made it quite clear that it doesn't give a damn about anybody's security except its own.
[ link to this | view in thread ]
Wrong word
[ link to this | view in thread ]
A way to shut someone up
This is a huge reason to not get one. With how things are over-classified, a clearance holder will have less ability to speak about what's common knowledge than the public. In many cases a clearance holder is more in the dark than the public. I can download embassy cables from wiki-leaks to my home computer, but I don't think a someone with security clearance is free to do so.
It's a major flaw in our system. I've sometimes thought that it'd be awesome to have an Ed Felten or Bruce Schneier in charge of the NSA. But then I remember that they'd no longer be able to talk to us and I quickly change my mind.
[ link to this | view in thread ]
Re: A way to shut someone up
Recall the insane situation where NSA employees are not allowed to view the information that Edward Snowden leaked. If any NSA computer touches such information, it has to be destroyed. Yet Joe Public is free to read it all he wants.
This is because the security clearance permission of the NSA employees constrains what they are able to consume.
[ link to this | view in thread ]
getting a clearance
The other problem is the cost of doing it. You are talking a few thousand to do the initial and then you have to renew the clearance every 5 yrs for Top Secret and every 10 yrs for Secret. Each time you renew you have to pay a few more thousand dollars.
Depending on what is found in your background you may have to talk with FBI agents or have people that know you talk to agents. For some people the investigation can be done in 4-6 months for others a year or more.
And yes after you have the clearance you are now required to safeguard any information you have and this makes you more tight lipped. Also if you access any classified documents outside of a classified environment on approved computer systems you could lose your clearance and/or go to jail depending on what is involved. (unless of course you are high on the government food chain... Petraeus anyone?)
[ link to this | view in thread ]
What's the lesson here?
[ link to this | view in thread ]
Re: Wrong word
Given the government's spying, torture, and high court / low court habits, I think the word you're looking for is "collaboration."
[ link to this | view in thread ]
NSA/CIA/FBI/... What's mine is mine, and
[ link to this | view in thread ]
Re: getting a clearance
The forms are basically a day by day breakdown of you life for a number of years. For an executive, especially, this is a royal pain to get together.
More like FBI agents WILL talk to everyone you know and often everyone they know as well. This usually comes as a bit of a shock and can be quite scary for those interviewed, at first. Last time mine was up for renewal, I had to explain to my girlfriend's grandmother why several government agents would be coming by to speak with her. That was a little weird, I assure you.
That's all aside from the issues surrounding over-classification.
[ link to this | view in thread ]
Re: NSA/CIA/FBI/... What's mine is mine, and
and everything that Mary said, the Feds were sure to know."
- Sam Simpson
[ link to this | view in thread ]
Re: Re: getting a clearance
Guess my life is too much of an open book, or I haven't done anything interesting enough to warrant suspicion, how boring. :(
[ link to this | view in thread ]
Re: Re: Wrong word
(And yes it is accurate to say that tech companies are refusing to be figuratively raped here.)
[ link to this | view in thread ]
Security Clearances
[ link to this | view in thread ]
What can the government honestly offer these companies in the way of security protection. Outdated antivirus and intrusion detection signatures? Big whoop.
[ link to this | view in thread ]
It's a qualifying question
This is a qualifying question, not a disqualifying question. If you check "yes", it proves your're a LEO, so you're automatically qualified.
[ link to this | view in thread ]
America's Freedom Is Dying
[ link to this | view in thread ]
Re: America's Freedom Is Dying
That is in the same way a metaphor to me for what is happening to America. And I can stop this either. It breaks my heart.
[ link to this | view in thread ]
Sharing?
Oh, and on question 29.5 of the application: Does being a citizen of a country has won a civil war count?
[ link to this | view in thread ]
Sleight of Hand
The Feds are already getting all the data they want from the tech industries - they're stealing it thru various hardware intrusions and software exploits and through their own fifth column employee spies on site.
That's why they're not offering anything in return for the access to the tech companies' data - they're already stealing it all, just like they do to US financial institutions.
They just do this half-assed "lets make a deal" public display thing to keep the victims from realizing they're already being screwed over for every byte of data that passes through their systems daily, and to make the general public think they are being Good Guys for asking.
Its just smoke and mirrors. As usual.
---
[ link to this | view in thread ]
Re: It's a qualifying question
And methinks, absolutely correct.
---
[ link to this | view in thread ]
Everyone?
I don't think everyone agrees about this. I certainly disagree. The parts that actually are critical to protect infrastructure are the exact parts that nobody has any interest in doing: stop connecting critical stuff to the internet.
[ link to this | view in thread ]
Re: Re: getting a clearance
I think it would literally be impossible for me to come up with such a breakdown.
[ link to this | view in thread ]