US Chamber of Commerce Hacked… Now What?

December 27, 2011 by Jon Callas     No Comments

Imagine if you were living in a neighborhood where there’d been some burglaries, a few cars had radios smashed, and people are justifiably upset over this. Imagine then that the head of the neighborhood association was dead set against going to the police or the city because that is too inconvenient, having to fill out all that paperwork, and you know, it just doesn’t look good for property values if it gets out that there’s been crime in the neighborhood.

Then imagine that the head of the association gets burgled. And you find out that not only were they burgled, but there were squatters in their basement who had been there for the last six months and were using it as the hideout for their gang, the very one robbing the neighborhood. I know what I’d think — I’d think we need a new head of the association to start with.

Well, that is where the US Chamber of Commerce is right now. They’ve been hacked, and the hackers (presumably Chinese) have been on their systems, stealing information for six months. They’re part of the problem. We need unified breach disclosure laws in the US. There is a patchwork of thirty-some states all with slightly different laws about this, and it would be nice to have a national standard. Well, guess what, Chamber of Commerce, you get to now comply with all those states and their different notification requirements. The US government has been wanting to help industry get better security, and the Chamber has led the charge of saying that no, it isn’t needed. Sure, sure, the Feds often don’t have the right idea of what we in industry need, but how’s going it on your own working out for you?

Some of my fellow security experts have criticized this as being hypocritical. I have to disagree. It would be hypocritical if they said one thing and did another. Their actions line up with their beliefs. They’re merely stupid. As in too stupid to deserve to have customers. I’m not a member of the Chamber, and that’s both a relief and a disappointment. It’s a relief because I rest easy at not having had the Chinese stealing my information that I trusted them with for six months. It’s a disappointment because since I’m not a member, I can’t resign in outrage. All I can say is that if you’re outraged that they got hacked so badly and you are a member, think about whether you want them representing you. Think about that head of the homeowner association who had a gang in their basement. And just do what you think is appropriate.

Filed Under:
Tagged With:
Jon Callas


Jon Callas has over 30 years of experience and served as Entrust’s Chief Technology Officer. Prior to joining Entrust, Callas co-founded PGP Corporation which specialized in email and data encryption software. Over the course of more than fifteen years, Callas held leadership functions including CTO and CSO. Most recently, he also served as an operating system security expert with Apple. Additionally, he has held leadership positions with corporations including Wave Systems Corporation, Digital Equipment Corporation and Counterpane Internet Security Inc. He has also authored several Internet Engineering Task Force (IETF) standards including OpenPGP, DKIM, and ZRTP.

Add to the Conversation