Cybersecurity

White House continues push for access to overseas data

Rob Joyce NSA/WH 

White House cyber chief Rob Joyce wants to push ahead with legal agreements that allow for faster law enforcement data sharing between countries. 

The White House continues to push for a new legal framework to allow the U.S. government to access data stored abroad.

In a wide-ranging speech at the Institute for Critical Infrastructure Technology, White House Cyber Coordinator Rob Joyce laid out the administration's cybersecurity focus for the coming year, touching on how watershed events like the WannaCry and NotPetya attacks and the Equifax hack affected U.S. cybersecurity policy and shifting ultimate accountability for breaches upwards to the department head or secretary level.

Joyce also focused on the administration's worries about the problem of data sought in U.S. criminal or cybersecurity investigations being stored in other countries, often out of reach of U.S investigators, despite being stored by U.S. firms.

"While we're all concerned about cybercrime in the security of our networks, we're also really concerned about other countries around the world creating this convoluted patchwork of laws and regulation that impact our ability to move data," said Joyce.

He cited the framework of 2016 bilateral information sharing deal with the United Kingdom as a model that could be adopted in arrangements with other countries. The 2016 framework allows for more rapid data sharing between U.S. and U.K. law enforcement than was possible under mutual legal assistance arrangements.

Some open Internet advocates believe such data-sharing agreements may lead to a broader erosion of internet freedom and privacy rights.

"To avoid a race to the bottom in terms of human rights, it is critically important that strong protections be built into any legislation clearing the way for such agreements," said Gregory Nojeim, senior counsel and director of the Freedom, Security and Technology Project at the Center for Democracy and Technology.

Joyce said that such agreements could be expanded to other nations beyond the U.K. but only on the condition that they "hold our similar values and aren't looking to balkanize the Internet for repression of their people."

Joyce was notably cooler toward another potential avenue of cyber defense: the concept of "hacking back," when governments or companies defend themselves from an attack by bringing offensive cyber tools to bear. Proposed legislation like the Active Cyber Defense Certainty Act, introduced in 2017 by Rep. Tom Graves (R-Ga.), would permit organizations to conduct certain forms of active cyber defense, or retaliatory attacks, against groups hacking into their systems.

He characterized offensive cyber as "an inherently governmental act" and that "as a general defense for companies and countries overall, it's got to be a sparing solution in the tools that the government use, and I believe infrequently -- or not used at all -- in the commercial world."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.