Volume 10, Issue 3, January 21, 2011 Administration Says It Will Give Industry And Academia Heads Up On Cyberattacks The Obama administration will provide universities and businesses with government intelligence. By Aliya Sternstein, nextgov.com The Obama administration will provide universities and businesses with government intelligence and law enforcement information about malicious Internet activities so that they can protect their critical assets, the president's cyber czar said on Tuesday. "I think we all recognize that the government has unique access to information," Howard Schmidt, cybersecurity coordinator and special assistant to the president, told congressional staff, policymakers and interest groups at a Washington conference. "We need to continue to look for ways to share that information, but also give our universities and our businesses information to be able to protect them- selves." Recent history is rife with examples where such disclosures could prove helpful. The intelligence community is privy to information about foreign governments, such as China, that Americans fear could be trying to extricate intellectual property from technology firms or research institutions. The FBI, in the past, has learned of holes in automated banking security, which it then told 4,000 financial sector organizations about so they could shore up systems before hackers exploited the vulnerabilities. Figure of the week Schmidt also addressed a forthcoming public-private initiative to create secure online identities that has riled some privacy advocates. The National Strategy for Trusted Identities in Cyberspace aims to provide people with a means of verifying who they are interacting with when they conduct online transactions. Critics liken the concept of Internet IDs to a national identification card that the 59% government will use to track the activities of everyone online. Average of respondents who said they rarely research specialists after Schmidt said people reading between the lines to draw such conclusions should receiving referrals from their "wait to see until the real lines come out and then read the lines." primary care physician. The survey was released by Insider Pages and More at http://www.nextgov.com/nextgov/ng_20110118_5841.php conducted by Harris Interactive. Volume 10, Issue 3, January 21, 2011 Page 2 Privacy And Security - I Apocalypse in Cyberspace? It’s Overdone Organization for Economic Cooperation and Development. The report, to be released Monday, argues that doomsayers By Eric Pfanner, The New York Times have greatly exaggerated the power of belligerents to wreak havoc in cyberspace. It is extremely unlikely that their attacks PARIS — The Web site Cyberwarzone.com lists 270 books could create problems like those caused by a global pandemic about Internet crime and warfare. In one of the highest- or the recent financial crisis, let alone an actual shooting war, profile examples, ―Cyber War: The Next Threat to National the study concludes. Security and What to Do About It,‖ Richard A. Clarke, the former U.S. counterterrorism chief, and Robert K. Knake of ―You have this sort of competition between writers to say, ‗I the Council on Foreign Relations, describe a digital ―Day Af- have a scarier story than you do,‘ ‖ said Peter Sommer, a visit- ing professor at the London School of Economics, who wrote ter‖ in which large parts of the U.S. transportation, energy the report with Ian Brown, a senior research fellow at the and communications systems have been wiped out by Inter- Oxford Internet Institute, part of Oxford University. ―If you net-borne attackers, leaving the authorities struggling to look at the way it is covered, the computer scare story of the maintain control and consumers scrambling for food. week, you might get the sense that such a disaster is just around the corner.‖ Prophets of Internet-borne Götterdämmerung have gotten even more breathless since the publication of ―Cyber War‖ last In fact, the report says, ―It is unlikely that there will ever be a true cyberwar.‖ year. They describe China‘s alleged hacking campaign against Google and the campaign by ―hacktivists‖ against foes of the Mr. Sommer and Mr. Brown are not the first to protest anti-secrecy Web site WikiLeaks, as the opening acts. against adoption of a Clausewitzian framework to describe international affairs in the digital world. Is a cyberwar already under way and, if so, could it really cause destruction on the scale portrayed by Mr. Knake and Mr. Howard A. Schmidt, President Barack Obama‘s chief Clarke? cybersecurity adviser, told Wired magazine last year that ―there is no cyberwar.‖ Nonsense, say two academics in a study commissioned by the More at http://www.nytimes.com/2011/01/17/ Banks Allow Ads in Online Checking Online banking is the latest frontier in the controversial field Accounts known as behavioral marketing, in which detailed personal By Ylan Q. Mui, Washington Post information is used to target advertising. Consumer groups have decried the practice as an invasion of privacy, particularly First they showed up in your e-mail. Then they found their way since users often do not realize who has access to the most onto Facebook. Now ads are coming to your checking account. intimate details of their lives. As banks test new ways to make money and attract customers, "It's definitely troubling," said Justin Brookman, head of con- they are tucking ads onto the list of recent purchases on con- sumer privacy for the Center for Democracy & Technology. sumers' online bank statements. The charge for your breakfast "Most people don't notice them, understand them or opt out at McDonald's, for example, might be followed with an offer from them." for 10 percent cash back on your next meal at the Golden Arches. There's no need to print a coupon - just click the link, The ads are the brainchild of three-year-old Atlanta software and the chain will recognize your debit card the next time it is firm Cardlytics, though other companies such as Boston-based swiped. Cartera have begun offering similar services. Several banks and credit unions in the Washington area use Cardlytics' ad pro- "The one thing these debit programs have is a significant gram, although the firm declined to name them, citing contrac- amount of transaction and behavioral data," said Mark John- tual agreements. At least two other local banks will launch the son, president and chief executive of Loyalty 360, a trade ads in the spring. group for marketers. "You're going to see a big push to make that insight more sellable." More at http://www.washingtonpost.com/wp-dyn/content/ article/2011/01/16/AR2011011603387.html Volume 10, Issue 3, January 21, 2011 Page 3 Privacy And Security - II Is Your Online Presence Property or online consumer privacy, but that it first needs to figure out Person? what exactly is meant by data privacy, what precisely it wants to regulate, and how to balance protection for consumers with By Derrick Harris, Businessweek protection for emerging commerce. Determining the latter two A recent CES panel addressed the key issue in the debate over should be relatively easy—those are the questions inherent in privacy rights that must be accorded online data. Can users any lawmaking process—but answering the first question could click away basic human rights or is personal information mere be a struggle. property? The crux of the issue is whether or not an online persona is an Online data privacy has been in the spotlight for a variety of extension of a human being—as Marc Davis, a partner archi- reasons over the past year, from Facebook's privacy settings to tect in Microsoft's online services division, believes—or a mere government subpoenas for WikiLeaks data. Before Congress, collection of bits that can be bartered away for access to free regulators, and courts can give the issue legal clarity, they will e-mail or a social network. Davis sees the issue of data privacy need to answer some fundamental questions about which areas as nothing less than defining what it means to be a person in a of law even apply. digital world. A panel on data privacy earlier this week at the Consumer Beyond the issues of storing and mining data, there are ques- Electronics Show laid out the broad issues that need to be tions about who or what entities have the right to publish read- determined before any meaningful attempts at institutional ily available public data about individuals and what it means to reform can get underway. Central among them is the question have digital identities that individuals might not even have of whether online privacy is a matter of personal property or of created—and which will live on after they die. Fred Carter human rights. boiled it down to how we characterize personal data.. Rep. Marsha Blackburn (R-Tenn.) kicked off the CES More at http:/news.ccom/830127080_3-10399141-245.html? discussion, explaining that Congress is looking at regulating part+rss&subj+news&tag+2547-1_3-0-20 bit of light on how EU regulators see the directive, and that's EU's Push on Internet Cookies Fizzles Out firmly on the side of business. By John W. Miller, The Wall Street Journal There's no language at all endorsing any kind of "opt-in" In November, we wrote about the European Union's somewhat clause, which would force users to give their consent explicitly clumsy attempt to force Internet companies to obtain before cookies are placed on their computer. "Settings of a permission from users before placing cookies, small files then browser or another application" are sufficient, the document used to help deliver advertising and other targeted content, on says. their computers. "It is not necessary," the document says, "to obtain consent for The directive mandates "informed consent" by users.