PxPixel
UPDATED: ESA denies agreeing to Obama's Cybersecurity Protection Act - MCV

UPDATED: ESA denies agreeing to Obama's Cybersecurity Protection Act

Author:
Publish date:
2-esa_a.jpg

UPDATE: The ESA has told MCV that Vice's story is incorrect and that it "hasn't agreed to full datasharing or signed on with the Cybersecurity Protection Act".

The headline has been amended to reflect this.

UPDATE 2: The official fact sheet on theWhite House Summit on Cybersecurity and Consumer Protection page contains the following statement:

"The following organizations will also be making commitments today:

The Entertainment Software Association is announcing the creation of a new information sharing and analysis organization that will be built consistent with the new information sharing Executive Order."

MCV has asked the ESA for further clarification.

UPDATE 3: As pointed out by GamePolitics, the ESA has previously pledged its support for the Obama Cybersecurity bill.

"Cyber attacks threaten our country's security and prosperity," ESA president Michael Gallagher said last month."We commend President Obama's leadership in providing law enforcement the tools necessary to detect and prosecute organized digital crime.

"Consumers need to be protected from illegal, malicious botnets and denial-of-service attacks. They deserve to enjoy an innovative and dynamic Internet free of this criminal activity. The Entertainment Software Association will work with the White House and Congressional leaders to fine tune these proposals and help enhance penalties for those who inflict consumer damage on a mass scale."

UPDATE 4:The Entertainment Software Association has provided MCV with the following statement:

ESA and the video game industry are committed to protecting our customers and their online security. While ESA applauds government efforts to raise public awareness of this important issue, ESA has not committed to any particular approach to cybersecurity threat information sharing at this time. ESA will continue to engage with Congressional leadership and the Executive Branch on policy initiatives aimed at protecting consumers, networks, and services from attacks.”

ORIGINAL STORY: The Entertainment Software Association has agreed to full and immediate sharing of its data with the US government on demand.

Last week Obama revealed his Private Sector Cybersecurity Information Sharing order. It asks that private companies, non-profit organizations, executive departments and agencies, and other entities” agree to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible”.

The move is being sold as a response to the perceived cyber-security threat faced by the nation, saying that the measures will play an invaluable role in the collective cybersecurity of the United States”.

Vice reports that the while the likes of Apple and Intel have agreed to implement a new security network that could allow for data sharing in the future, the Entertainment Software Association has agreed to immediate and full information sharing.

The ESA's members include Sony, Microsoft, Nintendo, EA, Activision, Ubisoft, Take-Two, Warner Bros, Tencent, Sega, Capcom, Disney, GungHo, Bandai Namco, Deep Silver and Epic.

The question is whether member companies will as a result of the agreement be obliged to share customer data with the government?

Big-name companies who have been less willing to subscribe to the idea include Facebook, Google and Yahoo, all of which are especially sensitive to customers getting any whiff that their data may not be completely secure.

The new powers differ from the controversial CISPA proposal that was previously blocked by the Senate over privacy concerns in a number of ways. For instance, it doesn't allow for immunity for companies who fail to correctly parse data of identifying information before it is passed to the government. It also sees data heading to the Department of Homeland Security rather than the NSA.

In the UK PM David Cameron recently suggested that companies be prohibited from encrypting user data as doing so prevents authorities from monitoring security risks.

Related