White House announces private sector botnet initiative

Showing the power of the bully pulpit, the White House today announced a pilot program in which ISPs will share data about botnets with financial institutions.  ISPs also announced a set of principles for fighting botnets.

This is a good thing.  If your computer belongs to a botnet, you shouldn’t be engaged in online banking. And if your ISP knows you’ve been botted, it should tell your bank so you don’t become the victim of cyberthieves.

But why does it take a White House initiative to get this done?

Beats me.  It’s a purely private exchange; the government can’t join the information sharing loop because an overbroad privacy provision in current law punishes ISPs who share information about customers, even botted customers, with the government.

That ACLU gift to hackers is still on the books, and the Obama administration’s threat to veto information sharing bills like CISPA makes it more likely the provision will stay there. So despite this initiative, when a botted customer tries to file tax returns or other confidential information with the government, the IRS — unlike the banks — won’t be able to warn him that his machine is compromised.

Under current law, all the government could do was applaud the sharing, not participate in it. So that’s what it did.