White House Issues Order Tackling Data Breaches, Flags Cyber Priorities
President Barack Obama signed an executive order Friday to address controversy and concerns swirling around a series of high-profile data breaches over the past several months. He plans to hold a cybersecurity summit later this year, with an eye on mobile payments and devices, he also said, and he called on Congress to pass data breach and cybersecurity legislation.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
“Even though I’m acting today without Congress, Congress needs to do its part as well,” Obama said Friday in a speech at Consumer Financial Protection Bureau headquarters. “Data breaches are handled by dozens of separate state laws. It’s time to have one clear national standard that brings certainty to businesses and keeps consumers safe.”
The order was dubbed “Improving the Security of Consumer Financial Transactions” (http://1.usa.gov/1yKBqWX ) and is part of an initiative called BuySecure. “Starting next year, we’re going to begin making sure that credit cards and credit card readers issued by the United States government come equipped with two new layers of protection,” Obama said, referring to the introduction of a microchip and PIN. Home Depot, Target, Walgreens and Walmart pledged to adopt Chip and PIN technology by the beginning of next year, he said. “I’m happy to say that the private sector is already deeply engaged in this effort.” Obama lamented “the kind of hacking we saw too many times this past year” and endorsed Chip and PIN as an effective way to address it, citing its implementation in the U.K. He said that federal law enforcement must share more information with the private sector and that the FTC will update the features on its identity theft website.
The Cybersecurity and Consumer Protection Summit slated for later in 2014 will gather “key stakeholders in the consumer financial space to share best practices, promote adherence to stronger security standards, and discuss next generation technologies,” said a White House fact sheet (http://1.usa.gov/1vnWAaL). In his speech, Obama said the summit will include “industry leaders and consumer advocates” and focus “on protecting consumers using the next generation of mobile payment systems and devices.”
The FBI and Justice Department will revamp their work in sharing information with the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System on any accounts that have been compromised, the fact sheet said. It emphasized the need to create more public- and private-sector awareness about secure authentication: “In the next eighteen months, government agencies will ensure personal data digitally released by the government to citizens goes through multiple tests for authentication so that every citizen’s personal information is protected by the most secure methods possible, consistent with a plan the National Security Council Staff, Office of Science and Technology Policy, and Office of Management and Budget will present to the President.” The White House calls on Congress “to pass meaningful cybersecurity legislation that will help the Government better protect Federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties -- respecting the longstanding responsibilities of civilian and military agencies,” the fact sheet said.
“Identity theft has been American consumers’ number one complaint for more than a decade, and it affects people in every community across the nation,” said FTC Chairwoman Edith Ramirez. She said she welcomed the chance for the FTC “to participate in this new initiative advancing efforts to address this insidious problem on behalf of consumers.”
House Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking member Dutch Ruppersberger, D-Md., agree with Obama “that increasing cyber security of both private sector and government systems is a top priority for the United States,” they said in a joint statement. “Recent cyber-attacks against U.S. entities put at risk the personal information of millions of Americans, but these recent attacks are only the tip of the iceberg. Since 2011, the House of Representatives has sent two cyber bills to the Senate, but the Senate has thus far failed to take action.” The Senate should “move quickly on this issue,” they said.
AT&T lauded the White House action. “AT&T values and respects the privacy of our customers and, to that end, employs a holistic security program that includes technologies such as enhanced encryption and access control to manage risk for all of our services, including retail,” said Senior Executive Vice President-External and Legislative Affairs Jim Cicconi.
“Millions were victims of this kind of fraud,” Obama remarked, calling identity theft the fastest growing crime in the U.S. and emphasizing that new technologies come with risk. He said that “more than 100 million Americans had information that was compromised in some of our largest companies.”