President Obama Launches Cyber Offensive

President Obama is beginning the final two years of his presidency facing the daunting task of working with a Republican controlled House and Senate. This fact has not stopped him for announcing several initiatives aimed at improving cyber security, expanding the availability of high speed Internet and defending the nation against cyber warfare. The AACR is reporting on these initiatives in a three part article.

In his State of the Union speech scheduled for Januarry 20th, President Obama will propose a national data breach notification law that would require businesses to notify consumers within 30 days of a breach. Currently there is no national data breach standard and each of the fifty states have their own laws regulating data breach notification. This patchwork of laws allows companies that suffer a data breach to pick and choose what laws to obey since many large corporations have location across the nation if not the globe. This may also allows them to delay notification and investigation or even hide data breaches. They also use this lack of a national standard to set up defenses against lawsuits and unleash public relations efforts to put the best possible light on the situation.

Sen. Bill Nelson (D-Fla.), the ranking member on the Senate Commerce Committee is planing to introduce a data breach notification bill that closely resembles the President’s proposal. Major breaches at retailers like Home Depot, Staples and Target has raised consumer awareness and anger prompting Congress and the White House to respond.

Senator Nelson’s bill would require companies suffering a data breach “of a certain magnitude” to report it to the government.  No definition was given as to what the magnitude would be. Consumers would be informed within 30 days that their information had been compromised. The measure would also direct the Federal Trade Commission to create nationwide data security standards.

 The President’s Personal Data Notification and Protection Act, if passed, would supersede nearly four dozen state statutes that regulate data breach notification. This bill is one of a several of measures President Obama proposed in a speech delivered Jan. 12 at the Federal Trade Commission. The President argued the proposal is aimed at protecting against cyber threats aimed at  American companies, consumers and infrastructure while safeguarding privacy and civil liberties.

The President also outlined new steps by the government to assist victims of identity theft. These actions include supporting the Federal Trade Commission which is creating a new one-stop resource for victims at IdentityTheft.gov .  He is also expanding efforst to share information to ensure federal investigator’s ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.

“America’s personal information, including financial information, gets stolen,” Obama said. “And the problem is growing, and it costs us billions of dollars. In one survey, nine out of 10 Americans say they feel like they’ve lost control of their personal information. In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information. When these cybercriminals start racking up charges on your card, it can destroy your credit rating. It can turn your life upside down. It may take you months to get your finances back in order. So this is a direct threat to the economic security of American families and we’ve got to stop it.” -President Barack Obama

President Obama has proposed a national breach notification bill before. In 2011, as part of a comprehensive cybersecurity legislative agenda, the President offered a similar breach notification bill that would have required businesses to notify consumers in 60 days, not 30 days as the new bill would. Since then various lawmakers have proposed a national data breach notification, but none were ever brought up for votes in either the House or the Senate.

Another proposal being tabled by the president is the  Student Digital Privacy Act. This legislation would require that data collected for educational purposes is only used for that purposes. The Presidents’s proposal is based on California’s statute.

President Obama is also cracking down on hacking. The president will try to persuade Congress to stiffen the sentence for hackers, and even expand the definition of hacking. If the law passes the punishment for pure hacking would double from five to 10 years.

“We want cybercriminals to feel the full force of American justice, because they are doing as much damage, if not more these days, as folks who are involved in more conventional crime,’ said the president.

The increased prison sentences would be part of an expansion to the Computer Fraud and Abuse Act originally passed 21 years ago. The president’s re-defining  of what ‘hacking’ means is an attempt to crack down on the wave of high-profile cyber crimes  such as the the theft of private celebrity photos, the Sony Pictures hack and the various stores hit by Point-of-Sale malware.

Breaking It Down

President Obama is doing exactly what a president is supposed to do, protect the people of the United States. His cyber initiatives are exactly what the nation needs right now after a horrendous year of data breaches and hacking. The president is acting not only in the interest of the nation but he is challenging the Republican controlled Congress to either oppose him or demonstrate they can govern. Either way he wins. Black people have seen the way Republicans have obstructed the president since the day he took office. The president sees the need to take proactive steps toward creating greater cyber security for the consumer and obstructing, delaying or refusing to act on these needs will definitely hurt the Republicans in the upcoming presidential election. Black consumers should pay attention since we are just as much victimized as other consumers when a data breach occurs but also to see if the Republicans are willing to work with the president. Will they try to stonewall his legislative initiatives? This will tell black voters what the Republicans are really up to. The question is; are they still a bunch of angry white men or are they looking to govern by compromise? The Republican problem is the Tea Party and other conservative. These renegade Republicans have been causing all kinds of trouble for Speaker John Boehner including trying to unseat him as the Speaker of the House. American consumers are waiting for the government to act and President Obama is leading the way. But will Republicans follow?

But back to data breaches. This situation has gotten out of hand and the laws have fallen dangerously behind the technology. The American economy is in danger from the repeated loss of consumer data along with the loss of intellectual data. Companies are having billions of dollars of research and development stolen by hackers. Our global competitive advantage is being destroyed and we need to act and act strongly. It is in the interest of the nation to go after hackers as well as companies that fail to secure personal data effectively. But 30 days?  This is the cyber age and that means things happen at light speed. Can you imagine what damage a hacker could do to your credit in 30 days if they have your banking information?  Let’s be real for a minute, ten days is far more reasonable and gives the consumer a chance to fight back. The company should be required to report the breach immediately to law enforcement. If they require more than ten days before reporting the breach to consumers then let them make their case to federal law enforcement and get their permission to conceal the breach a little longer.

We need new and more powerful data storage standards and strip away protections corporations have against being sued by consumers impacted by data breaches. The courts need to step in and make corporations pay for their sloppiness.