Obama Admin Pursuing Executive Order to Enact CISPA-Like Cybersecurity LanguageSeptember 10, 2012 - by Donny Shaw
With cybersecurity legislation stalled in Congress, the Obama Administration is moving forward with an executive order to bypass Congress and give force of law to some of the stalled bill’s provisions. According to Jason Miller at Federal News Radio, one of the few reporters who has seen a copy of the executive order, the Administration’s proposal closely mirrors the Lieberman-Collins “Cybersecurity Act of 2012, including sections designed to encourage information sharing between web companies and the government, closely related to the provisions of the House-passed CISPA bill.
According to reports, the executive order would establish a voluntary cyberthreat exchange for companies to share information with the government and it would put the Department of Homeland Security in charge of conducting privacy assessments of the information that the government collects. Unlike the stalled cybersecurity bills in Congress that would have provided broad legal immunity for companies that violate privacy laws in the process of sharing their users’ information with the government, the executive order does not directly grant such immunity because the Administration is not confident that the legal authority currently exists for them to do so. Instead, the executive order calls for a report to examine possibilities for instituting immunity from privacy laws as a way to encourage companies to share more data. This inclusion of this report is significant because it suggests that the Administration may believe there is a potential work-around for the privacy laws that they previously insisted would take an act of Congress to be bypassed, as noted by former Homeland Security agent Stewart Baker.
On process, this is a basically complete abdication of the principals of transparency, accountability, and public-participation in government. The cybersecurity legislation did not stall in Congress simply because of dysfunction or disregard. Rather, it was the target of a massive grassroots effort that drove tens of thousands of calls to Congress and dozens of in-person meetings urging lawmakers to either add privacy safeguards to the bill, or vote it down. That action, which coincided with an industry-led attack on regulations in the bill, is what caused its demise. The executive order is a way for the Obama Administration to enact a bill that the public has clearly demonstrated they do not want. What’s worse, the it is being drafted in secret by unaccountable government bureaucrats, and, unless leaked, it will not be available for public review before it goes into effect. The Administration is essentially taking all the worst qualities of how the legislative branch operates these days, turning them up to an extreme level, and using them to enact legislation that’s so unpopular even our corrupt and out-of-touch Congress can’t pass it.
UPDATE: Mike Masnick at TechDirt says the info sharing provision in the EO “may be worse” in some ways than what was in the Lieberman-Collins bill:
While the President cannot grant liability protections for companies who share info with the government (a major concern we had), it sounds like this executive order will put tremendous pressure on companies to share info — noting that it will begin a sort of “name and shame” program for companies who fail to take part. That seems like a recipe for a privacy disaster.