After the mass shooting in San Bernardino, Calif., that authorities are treating as an act of terrorism, President Barack Obama called on technology companies to "make it harder for terrorists to use technology to escape from justice." Democratic presidential candidate Hillary Clinton had a similar challenge message for Silicon Valley: "Shut off their means of communicating."
Notable, though, in the politicians' speeches was a lack of specificity.
"My reaction was, 'OK, so, what's next?'" said Khalid Kark, a director in Deloitte's CIO research program. "These calls don't lead to anything unless you have some action behind it."
The action Kark advocates is more sharing of data about cyberattacks -- including online terrorism -- between government and the private sector. The freer flow of information doesn't just benefit intelligence agencies; it would give companies a fuller picture of the "threat vectors" -- or paths attackers can take into their networks -- plus knowledge about the government's sophisticated offensive cyber operations to better protect themselves.
The primary private-sector actors in any partnership with the government would be the big tech companies, which have "the size and scale and complexity that can match what the government has to deal with." That's where the most innovative ideas are emerging, Kark said. IBM, for example, this week opened its security analytics platform to partners and customers in an effort to foster collaboration on threat intelligence.
Smaller tech companies and other businesses need to be involved, too, Kark said. Crowdsourcing of this sort would offer the government valuable industry experience to solve not just cybersecurity problems but also broader technology problems.
And there's another reason for more sharing of information between government and technology companies, Kark said: The cybertheft of intellectual property threatens the U.S. economy. Companies are suffering because lower-cost copies of their products are showing up in different parts of the world.
"It's going to have a significant impact on the economy if we don't get people on the table and get them engaged and bring them up to speed on the knowledge and expertise that the government has on some of the threat profiles," he said.
Elements of an alliance against online terrorism
The voluntary, give-and-take balance is critical, Kark said; otherwise the private sector -- especially the tech giants the government is hoping for -- won't get anything in return for their troubles.
Case in point: The Senate this week introduced a bill that would require social media companies to turn over any evidence of online terrorist activity.
The bill has bipartisan support, but it has its detractors, too. Sen. Ron Wyden (D-Ore.) said the legislation would lead to less reporting of terrorist activity, not more.
"It would create a perverse incentive for companies to avoid looking for terrorist content on their own networks," Wyden said in a statement. "Because if they saw something and failed to report it they would be breaking the law, but if they stuck their heads in the sand and avoided looking for terrorist content they would be absolved of responsibility."
Gartner analyst Avivah Litan agreed that sharing between the government and the private sector, including the tech industry, is important but tricky in a country with free speech and a free-market economy.
"You should share as much as you can, but you shouldn't force technology companies to do anything to compromise privacy," she said.
Take the so-called backdoor to encrypted data. The government has been seeking to gain access to encrypted messages passed on social media and email platforms, but tech companies have resisted, saying not even they can break the code. And if they weakened the encryption to allow the government in, hackers intent on cybertheft, say, could also get in.
"You can't stop encryption," Litan said. "All it does is force the terrorists into other encrypted systems that don't have backdoors, and it hurts innocent people by compromising their privacy."
Instead of trying to pry open private communications, the government could learn how to mine the diversity of online-terrorism footprints left on social media and phone networks. They can ferret those out with solid data analytics and intelligence skills.
"The recruitment and the allegiance pledges -- it's all public," Litan said. She was referring to calls made by the self-proclaimed Islamic State for new members on social media sites as well as users' oaths to the terrorist group. "The intel agencies can go at it themselves. They don't need Facebook to turn it over to them."
CIO news roundup for week of Dec. 7
Here's what else grabbed headlines this week:
- Yahoo will be two. The company said Wednesday it will spin off its core business -- that's search, email and sites like Yahoo Finance -- instead of its $32 billion stake in Chinese e-commerce giant Alibaba. That means two companies: one with the Alibaba stock and the other with everything else. The IRS was against the proposed tax-free Alibaba deal, and with Wall Street worried that taking on the IRS was too risky, Yahoo's stock dipped. Wednesday's news gives Marissa Mayer, who said she'll stay on as head of Yahoo's core business, more time to brighten the prospects of the one-time Internet star. Meanwhile, executives keep leaving the company's top ranks, with ad product chief Prashant Fuloria the latest casualty.
- The mystery surrounding the man -- or woman -- who minted Bitcoin was a step closer to being solved this week. Tech websites Wired and Gizmodo say they've seen leaked evidence that Satoshi Nakamoto, the pseudonymous inventor of the digital currency, is a 44-year-old Australian named Craig Steven Wright. Hours after the stories were published Tuesday, Wright's online presence vanished, and he did, too -- he wasn't there when police raided his home outside of Sydney. Australian police said it's a tax investigation, and not the linkage to Bitcoin, that spurred the raid. The occurrences are oddly timed, though -- and Nakamoto's identity remains unconfirmed. Tune in next week for more -- same Bit time, same Bit channel.
- Mark Zuckerberg and his wife, Priscilla Chan, announced last week that they were giving away 99% of their shares in social media site Facebook to charity. They were hailed as saints -- and scorned as profiteers. The issue: The foundation receiving the estimated $45 billion, the Chan Zuckerberg Initiative, will be a for-profit company that the couple will own. Some pundits worried that wealthy would-be donors might decide against giving to traditional nonprofits; others said the move was an elaborate tax dodge. "By using an LLC instead of a traditional foundation, we receive no tax benefit," Zuckerberg wrote in a follow-up post on Facebook. "But we gain flexibility to execute our mission more effectively." As The Chronicle of Philanthropy put it, the public should engage in serious discussion about whether the Chan-Zuckerberg move will ultimately do good.
Privacy vs. terrorism threats a balancing act
Army, Navy, Marine Corps Cyberdefense Brigade?
CIOs' place in greater terror fight not imminent