Can we handle the truth about cybersecurity?

It’s a critical issue, and it won’t be an easy one to get right. 

The bill comes as the Biden administration is taking a tougher line on Big Tech — a broadening of the Trump administration’s antagonistic, if unfocused, attacks on the industry. Before this year, those gripes tended to be based more on thin accusations of censorship. 

Last week, for instance, the administration secured promises from the world’s biggest companies to pony up billions of dollars to harden the country’s cyber-defenses. It was a mixed bag, at best. 

But there’s a central problem to cybersecurity, which is that it’s done — and discussed — in secret. It collides with the complexities of securities law and the whims of business executives who have no incentive to disclose breaches. There’s also the fear that disclosures will act as blood in the water, attracting more bad actors to attack a company, just to cause havoc. It sometimes has the feel of Jack Nicholson famously yelling in A Few Good Men that “You can’t handle the truth.”

But that doesn’t really seem to hold water. We rely on data to improve our systems because we believe in the perfectibility of our systems. That cybersecurity should be excluded boggles the mind. 

As I’ve written about before, just because disclosure is a small improvement doesn’t mean it’s not worthwhile. If a system is already breached, would another group of hackers really risk exposure by breaching the same company when it could probably just buy the data for cheap on the black market?

The fact is, disclosures are already happening, it’s just a question of how much information about them is revealed. Each breach is just a data point, but the depth of those details — and how they’re disclosed — is key. Each state has its own disclosure rules, and standardizing them while ensuring transparency can have the cumulative effect of strengthening our total cyber landscape by enabling companies to be better prepared, and check parts of their systems they might not have left open.

Right now, the system doesn’t work. There were an estimated 65,000 ransomware attacks worldwide last year — most of them undisclosed, according to security company Recorded Future.  It’s worth exposing these attacks to the disinfecting power of sunlight. 

Washington has previously taken only a glancing interest, mostly using the Federal Trade Commission to levy penalties against companies like Zoom and Equifax every so often. But things may be changing, if slowly. The Securities and Exchange Commission entered the discussion on Monday by fining Cetera Financial Group for misleading disclosures about a recent breach. The financial regulator also settled with education publisher Pearson in 2018 over an inaccurate breach disclosure. Though the company paid $1 million in penalties, it didn’t admit wrongdoing. 

There are consequences to disclosing that a company’s systems have been hacked or customer data has been stolen. Share prices fall, customers may avoid a tainted company like the plague. (That is, unless you’re Equifax and the public has no ability to opt out). That can lead business executives feeling like they’re being punished even though they did nothing wrong — or worse, that the market is blaming the victim. 

Is that so wrong? And more to the point: Why should anyone care? Personal data, especially, is valuable because it relates to people — people whose Social Security numbers, whose credit card information, whose medical records could be exposed. For a company to admit that it’s been a less-than-perfect steward of that information seems the least it could do.

Kevin T. Dugan
@KevinTDugan

NEWSWORTHY

Payment pressure. South Korea's legislature passed a bill that would force Apple and Google to allow competing payment systems in their own app stores, weakening the tech giants' current plum positions. The bill, likely to be signed by President Moon Jae-in, entitles the country to collect up to 3% of South Korea-based revenue from any company that breaks the law.

Zoom slows. The ubiquitous video-conferecing company saw its shares drop more than 16% after reporting that growth was starting to level off. The company said that the easing restrictions around the pandemic meant that more business meetings were being held in person. Still, the company posted $1 billion in quarterly revenue for the first time, a 54% increase from a year ago. 

Politics junky. Facebook plans to reduce the amount of political content in people's newsfeeds across the globe, including in countries like Ireland and Costa Rica. The social media company has already experimented by tamping down on the posts in the feeds of users in the US and Canada. Users will also be able to signal when they don't like a post. 

Next year in the office. Google announced that it's delaying its return to the office until January 10. It's the search giant's third such delay, and comes as the Delta variant of the virus that causes COVID has pushed back return-to-office plans for the white collar workers at Apple, Amazon, Facebook, and a myriad of other tech companies. 

Talk talk. Hedge fund Jana Partners is pushing Internet phone company Vonage to explore a sale and other strategic alternatives. The hedge fund, which has previously worked with Apple to address tech addiction in children, owns 4% of the company's shares. Vonage stock jumped more than 5% on the news. 

 

FOOD FOR THOUGHT

Gamers mad. Chinese gamers are unhappy that the government is restricting their time behind a joystick to three hours a week. Not surprising! But there's something interesting going on here, and it's more than just teenagers griping. The Chinese government has previously bashed games, comparing them to "opium," an obviously culturally-loaded touchpoint that brings to mind the horrors of the colonial era. (That Tencent seems to be the firm most likely to face consequences here muddies those waters a bit). But gamers don't really seem to be buying it — and are pointing out the hypocrisy that's coming from their rulers in selectively applying age rules. 

From the article:

The curbs are part of Beijing's efforts to promote the primacy of socialism and strengthen controls over society it now views as having become too lax after years of laissez-faire growth for the tech sector and other industries.

Young gamers were, however, angry.

"This group of grandfathers and uncles who make these rules and regulations, have you ever played games? Do you understand that the best age for e-sports players is in their teens?" said one comment on China's Twitter-like Weibo.

"Sexual consent at 14, at 16 you can go out to work but you have to be 18 to play games. This is really a joke."

IN CASE YOU MISSED IT

There’s a huge risk to the U.S. economy right now—and almost no one is paying attention by Shawn Tully

Apple plans to add satellite features allowing iPhone users to send emergency texts to first responders by Mark Gurman and Bloomberg

Cannabis stocks drop as federal legalization efforts loses momentum by Kristine Owram and Bloomberg

China’s hardware startups get more VC attention as Beijing expands regulation on software by Coco Liu and Bloomberg

This tech founder is now Singapore’s richest person by Yoojung Lee and Bloomberg

You may need to wear a different mask on your next flight by Chris Morris

$50,000 over asking price? Some recent homebuyers are ponying up by Megan Leonhardt

Some of these stories require a subscription to access. Thank you for supporting our journalism.

BEFORE YOU GO

Moderating content. Accenture, the consulting firm, is revealed in this New York Times story to be the largest firm that helps Facebook clean up content posted on the platform — everything from nude pictures to disturbing videos of violence, rape, and animal abuse. The company has flirted with walking away from the $500 million a year contract because the psychological costs of the job are so high, even causing one content moderator to leave a suicide note on his desk before being found safe. The piece takes a hard look at Accenture's business, and whether it allows Facebook to offload some of its responsibility for this content, but the questions here don't yield easy answers.