On December 4, 2014, Assistant Attorney General (AAG) Leslie Caldwell, head of the Department of Justice Criminal Division, announced the launch of a new Cybersecurity Unit. The announcement, made during the Cybercrime 2020 Symposium in Washington, D.C., explained that as cybercrimes become more complex and extensive in nature, the Department of Justice intends to fight back. AAG Caldwell said that although international efforts have already proven fruitful in fighting perpetrators of cybercrimes across the globe, the Cybersecurity Unit would work to educate private U.S. corporations about cybercrime. One of the Unit’s goals is extensive outreach to encourage information sharing between the government and the private sector about the cyber attacks businesses face in hopes of strengthening the nation’s cyber infrastructure.
AAG Caldwell acknowledged that many private businesses may be reluctant to partake in the new Unit’s collaborative efforts in the wake of governmental civil liberty abuses stemming from the National Security Agency data mining scandal. AAG Caldwell also addressed that companies are concerned about liability for unlawful sharing associated with monitoring and exchanging consumer or proprietary data by participating in such joint efforts with the government.
A proposed federal bill seeks to resolve this problem. The Cybersecurity Information Sharing Act, S. 2588, 113th Cong. (2d Sess. 2014), limits liability for corporations that monitor and voluntarily share cyber threats with each other and the government for intelligence purposes. The bill was introduced and approved by the Senate Intelligence Committee in July 2014, but has stalled with an uncertain outlook for passage into law. AAG Caldwell acknowledged the privacy concerns related to the efforts of this new Cybersecurity Unit by stating that the Unit would “carefully consider privacy implications” throughout all of its investigations.
The private sector should consider both the advantages and risks of voluntarily sharing data.