Officials Upset Tech Companies Reluctant To Play Along With Administration's 'Information Sharing' Charade

from the fooling-no-one dept

U.S. government officials say privately they are frustrated that Silicon Valley technology firms are not obtaining U.S. security clearances for enough of their top executives, according to interviews with officials and executives in Washington and California. Those clearances would allow the government to talk freely with executives in a timely manner about intelligence they receive, hopefully helping to thwart the spread of a hack, or other security issues.



The lack of cooperation from Silicon Valley, Washington officials complain, injects friction into a process that everyone agrees is central to the fight to protect critical U.S. cyberinfrastructure: Real-time threat information sharing between government and the private sector.

"I believe that this is more about the overclassification of information and the relatively low value that government cyberintel has for tech firms," said one Silicon Valley executive. "Clearances are a pain to get, despite what government people think. Filling out the paper work … is a nightmare, and the investigation takes a ridiculous amount of time."



[...]



"I think tech companies are doing a return-on-investment analysis and don't think the government intel is worth the cost or effort," said the Silicon Valley executive. "This is why government threat signature sharing initiatives are such a nothing-burger: The signatures are of limited value and only a few select companies with clearances can actually use them."

Because it’s not just that the security clearance application that is unwieldy. It’s that clearance comes with a gag order about certain issues, backed by the threat of prison...



Why would anyone sign up for that if the tech companies have more that the government wants than the government has that the tech companies need?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The government's on-again, off-again love affair with everything cyber is back on again. The CIA has just shifted its focus, abandoning its position as the free world's foremost franchiser of clandestine torture sites and rebranding as the agency of choice for all things cyberwar-related For years, legislators have been attempting to grant themselves permission to strong-arm tech companies into handing over all sorts of information to the government under the guise of cybersecurity. CISPA CISA , etc. The acronyms come and go, but the focus is the same: information sharing.Of course, the promise of equitable sharing remains pure bullshit. Tech companies know this and have been understandably resistant to the government's advances. There are few, if any positives, to these proposed "agreements." The government gets what it wants -- lots and lots of data -- and the companies get little more than red tape, additional restrictions and fleeing customers The government has recently been playing up the narrative that unreasonable tech companies are standing in the way of the nation's super-secure future Before dealing with the questionable promise of "real-time threat information sharing," let's deal with the supposedly minor requirement of security clearances. It's not as if this won't impose undue burdens on tech company leaders, especially when they already have a pretty good idea this stipulation will be a major hassle followed by continued opacity from a government that's 90% lip service and 10% outright lying. Tech execs are being asked to make all the effort and hope against hope there will actually be some benefits.The clearance process can easily take over a year. The application runs 127 pages and asks a mixture of questions ranging from highly-intrusive to facially-ridiculous.[This question seems to disqualify nearly every law enforcement officer in the United States.]And that's just the start of the process. The rest of the vetting process takes several months, and there's no guarantee the executives the government wants to obtain clearance will actually be cleared to discuss classified information.And even if these clearances are obtained, the benefits are unproven and suspected to be minimal. On the other hand, the downsides are enormous. As Marcy Wheeler points out, clearancesopen up discussion channels with law enforcement and intelligence agencies, but they also create additional restrictions for those carrying these privileges -- the breach of which can result in severe consequences. In light of the inequitable "sharing" envisioned by many tech companies, the hassle just isn't worth it.On top of this, there's the bottom line to consider. The information that may or may not flow back to tech companies won't do much to offset the perception that company executives are willingly buddying up with the US intelligence community. In the post-Snowden world, this could mean the loss of customers, future contracts and sensitive foreign markets.The government has yet to offer anything Silicon Valley wants in exchange for additional burdens, greater secrecy and increased demands for customer data. The government is better at taking than it is at giving, and no amount of cyberterrorism hand-wringing is going to change that reality.

Filed Under: cybersecurity, information sharing, security clearance, silicon valley, tech industry, washington dc