Apple signs on to Obama's cybersecurity framework as Tim Cook calls privacy 'life and death' issue
Apple is among more than a half-dozen major U.S. corporations that have agreed to integrate the White House's Cybersecurity Framework into their operations, but the iPhone maker will not share security information with the federal government.
Apple will "[incorporate] the Framework as part of the broader security protocols across its corporate networks," the White House said in a statement released alongside Friday's cybersecurity summit in Palo Alto, Calif. Joining Apple with varying levels of involvement are Intel, Bank of America, U.S. Bank, Pacific Gas & Electric, AIG, QVC, Walgreens, and Kaiser Permanente.
The Cybersecurity Framework was created as part of President Obama's Executive Order on Critical Infrastructure Cybersecurity and released in February of last year. The framework, which is administered by the National Institute of Standards and Technology, collates industry best practices for information security and helps businesses provide structure for new or existing infosec initiatives.
Use of the framework is voluntary, and the framework includes a set of recommended implementation tiers that can be used to adapt it for different business needs. Organizations which store little personal data or provide non-critical services might only implement high-level strategies, for instance, while those servicing critical infrastructure components would choose a more rigorous application.
While the extent to which the framework will influence Apple's security practices is unclear, it appears that the company will not take the extra step of sharing security-related data with the Department of Homeland Security's new National Cybersecurity and Communications Integration Center. Such information sharing is a tentpole of Obama's cybersecurity strategy.
While a few notable security vendors have signed up, none of Silicon Valley's major consumer-focused companies are participating, and Apple CEO Tim Cook was the only well-known corporate executive at the summit. The Valley maintains a deep distrust for the federal government in the aftermath of the Edward Snowden spying revelations, a point which Cook drove home during his speech.
"If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money," Cook said. "We risk our way of life."
"We must get this right," he added. "History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion, or express their opinion, or love who they choose."
Personal privacy is especially important "in a world in which that information can make the difference between life and death," Cook said.
Apple will "[incorporate] the Framework as part of the broader security protocols across its corporate networks," the White House said in a statement released alongside Friday's cybersecurity summit in Palo Alto, Calif. Joining Apple with varying levels of involvement are Intel, Bank of America, U.S. Bank, Pacific Gas & Electric, AIG, QVC, Walgreens, and Kaiser Permanente.
The Cybersecurity Framework was created as part of President Obama's Executive Order on Critical Infrastructure Cybersecurity and released in February of last year. The framework, which is administered by the National Institute of Standards and Technology, collates industry best practices for information security and helps businesses provide structure for new or existing infosec initiatives.
Use of the framework is voluntary, and the framework includes a set of recommended implementation tiers that can be used to adapt it for different business needs. Organizations which store little personal data or provide non-critical services might only implement high-level strategies, for instance, while those servicing critical infrastructure components would choose a more rigorous application.
While the extent to which the framework will influence Apple's security practices is unclear, it appears that the company will not take the extra step of sharing security-related data with the Department of Homeland Security's new National Cybersecurity and Communications Integration Center. Such information sharing is a tentpole of Obama's cybersecurity strategy.
While a few notable security vendors have signed up, none of Silicon Valley's major consumer-focused companies are participating, and Apple CEO Tim Cook was the only well-known corporate executive at the summit. The Valley maintains a deep distrust for the federal government in the aftermath of the Edward Snowden spying revelations, a point which Cook drove home during his speech.
"If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money," Cook said. "We risk our way of life."
"We must get this right," he added. "History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion, or express their opinion, or love who they choose."
Personal privacy is especially important "in a world in which that information can make the difference between life and death," Cook said.
Comments
No, Mr. Cook.
As an individual, give me a personal option to let spy companies freely monitor my online activities. Why can't I do that? I have a right to share personal information with any government if I wish. That said, I'm not aware of my information sharing options with governments. Can I already do this without impediment?
Personal privacy is especially important "in a world in which that information can make the difference between life and death," Cook said.
“We’re not in the business of collecting your data.”
- Eddie Cue, 9/9/2014 (iPhone 6 / ?Watch / ? Pay event)
[Nervous fidgeting, crickets chirping]
- Google, Facebook, Yahoo (who were all no-shows at the cybersecurity summit)
I really really HOPE this "framework" is merely recommendations.
If it also includes government supplied software (or hardware/software) solutions, then of course Apple doesn't ACTIVELY share with the government. The Backdoor will already exist.
With all the extras (things that normally require a vote by the people) slipped into Ombamacare (itself an invention foisted into the public who never had a chsnce to vote for or against), "czars" who weren't voted in by the people and who operate above the law, and Obama himself redefining what terrorism is to put Americans that traditionally so good in a bad light while simultaneously bring the most terrorist friendly president we could have ever imagined.
And Cook is putting his stuff into the products I buy?
What?
Are you making a point or do you actually believe this?
As an individual, give me a personal option to let spy companies freely monitor my online activities. Why can't I do that? I have a right to share personal information with any government if I wish. That said, I'm not aware of my information sharing options with governments. Can I already do this without impediment?
That is a ridiculous proposition. Seriously.
I don't tbelieve a corporate CEO should have the right to decide how much privacy I need. Give me the RIGHT TO CHOOSE. I'm not easily brainwashed or a shill for everything Apple and everything Tim Cook.
What the hell are you talking about? You're free to give all the data you want to whomever you want. All Apple wants to do is make sure others aren't TAKING your information without you knowing about it.
Not really. If they are aware of my activities then there is less suspicion I am working against them in secret. Less Privacy = More Personal Security.
Please send me all your information, including credit card information, passwords, etc... that way I'll know you're not up to any good.
Oh crap.
I really really HOPE this "framework" is merely recommendations.
Seriously, do you people even read these articles, or do you just skim the headline and then comment in righteous outrage?
Quote:
Use of the framework is voluntary, and the framework includes a set of recommended implementation tiers that can be used to adapt it for different business needs. Organizations which store little personal data or provide non-critical services might only implement high-level strategies, for instance, while those servicing critical infrastructure components would choose a more rigorous application.
I guess you forgot about the part where cook said he would (voluntarily) implement it.
Interesting that this framework INCLUDES recommendations. So sounds like it's a software/hardware thing. No Bueno.
Maybe you should read entire posts instead of skimming...
You know, like you accuse others of doing to the article.
No, Mr. Cook.
Why not?
Oh wait, nevermind, clearly your thought process stopped at the word "Obama". I'm pretty damn sure Cook researched, and thought about this slightly longer than the 0.5 seconds that you did. But thanks for your incredibly insightful post- as always.
If you are registered with Apple as a legitimate spy, be my guest and take the information directly from my device and cloud storage.
Why not?
Oh wait, nevermind, clearly thought thought process stopped at the word "Obama". I'm pretty damn sure Cook researched, and thought about this slightly longer than the 0.5 seconds that you did. But thanks for your incredibly insightful post- as always.
Honestly. What's with the knee-jerk reactions? I thought Apple users were more sensible? Guess not.
"The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders."
This isn't about the government having access, it's about all organizations, including government agencies of adopting standard protocols to ensure security from cyberattacks. (Like what happened at Sony.) The gov is worried that this is going to start getting commonplace.