Legal liability slows cybersharing, experts say

"The privacy-versus-information debate took center stage at one of Friday’s panels. The discussion among panelists that included Symantec’s Chief Executive Officer Michael Brown, FirstBank’s Chief Executive John Ikard and Jennifer Granick, the director of civil liberties at Stanford’s Center for Internet and Society was relentless. The issues remained unresolved.

Information sharing has been at the heart of much proposed federal legislation. But Congress has yet to come to a consensus on an information-sharing bill. There’s no sign that’s going to change soon.

Granick said there are three key unresolved issues: The government should not be allowed to tap into private networks; there should be no exemptions to privacy laws for the government; and the federal government needs to recognize that increasing penalties for violations of the Computer Fraud and Abuse Act won’t motivate companies to be upfront about revealing breaches. Granick also pointed out that companies are worried that they might be held libel for revealing a breach that may be construed as a mistake.

“North Korea isn’t going to stop hacking Sony just because all CFAA (Computer Fraud and Abuse Act) crimes are now 10-year felonies instead of misdemeanors,” she said. “But the people who are going to be chilled by that are researchers who are developing threat information and want to share it with the public."