Can The President Use An Executive Order To Push Through Cybersecurity Rules?
from the sorta-maybe-possibly dept
With the Cybersecurity Act failing in the Senate, there's been some buzz that President Obama might push through a bunch of provisions via executive order. From a political standpoint, there are tons of reasons to do so. If nothing gets done, and some sort of attack does happen, opponents can claim that he failed to strengthen our cybersecurity. But this way, he can claim he's doing what he can, and pin the blame on Congress for not doing their part.But what would it mean if he goes down this route? The Daily Caller has a hysterical and totally misleading piece claiming that this would allow for an "internet takeover." As skeptical as I am for the need for such cybersecurity legislation (and I'm pretty skeptical), that article is just pure hyperbole. This has nothing to do with "taking over the internet," and that's just someone who's lying or clueless.
The original link above, from The Hill, points out that, when it comes to industries that are already regulated, the administration could easily order them to include certain cybersecurity standards among their existing regulations:
Many companies managing vital computer systems are already heavily regulated. Lewis said the president could order agencies to require the industries they regulate to meet cybersecurity standards.That likely would lead to some pushback concerning the limits of regulatory control, but if it actually solves the few problems we hear about (such as critical systems being connected to the internet) then perhaps it's a more reasonable way to deal with things.
"You don't need new legislative authority to do that," Lewis said.
He noted that some regulatory agencies, including the Federal Communications Commission and the Nuclear Regulatory Commission, are independent and not bound to follow executive orders. But Lewis predicted that even the independent agencies would likely enforce an executive order on cybersecurity.
The other part of the bill, which was the part that concerned us the most, concerning information sharing, would be much more difficult to go after via an executive order. Stewart Baker has an interesting analysis of the possibility there, and he comes at it from someone who is... well, more hostile towards those of us who believe that privacy rights are important. He's been railing against privacy rights activists and their attacks on the cybersecurity proposals for a while, and doing so in misleading and incomplete ways, unfortunately. He does the same here, suggesting that privacy lobbyists are a part of the problem, while completely misrepresenting their concerns, even to the point of suggesting that privacy activists don't want to allow info sharing because sharing attack info reveals "personal info of the attacker." That's silly. No one has ever argued for that, and Baker is setting up a strawman.
However, he does note ways in which the administration can at least clarify intent via executive order to get around these claimed limitations (which I'm not convinced are actual limitations, as he describes them):
It is hard to fix bad laws with an executive order, but in this case I’m not sure it can’t be done. States with two-party laws are a minority already (about a dozen states, depending on how you count), and their laws are under pressure in the courts (thanks to police officers claiming that it’s a felony for members of the public to record them without their consent). What’s more, despite claims about their chilling effect on signature filtering, two-party-consent laws don’t seem to have stopped the emergence of robust spam filtering by private companies. A clear presidential statement that allowing such laws to bar signature filtering threatens national security would almost certainly resolve any lingering doubts, especially if it’s backed by an order that the Justice Department intervene as necessary in private state suits that challenge signature filtering.However, he also notes that Obama might not want to "tussle" with privacy groups and so this section may get ignored. While I agree that there are some privacy extremists who set forth proposals that go way too far, I think many of the people who were concerned about the cybersecurity bill over privacy issues wouldn't necessarily be against very narrowly defined rules on information sharing, though it still seems unclear how much any existing law is really holding back info sharing for the purpose of cybersecurity. Passing data through third parties, of course, is a lot more controversial, depending on the controls and oversight involved. But, again, it's still unclear how big of a problem this really is.
All that’s left then is the federal ban on unsubpoenaed information sharing, and even it might yield to a little creativity. Not everyone is subject to the ban. So can the parties who are covered by the restriction (ISPs, webmail providers) simply share their data with parties who aren’t covered (security firms)? And can the security firms in turn sell their data to government? Maybe so. Again, a clear presidential statement that such a measure is essential for national security would make the courts think twice before declaring that Tinker-to-Evers-to-Chance is simply an evasion of the ban on Tinker sharing with Chance.
Either way, it wouldn't surprise me to see some sort of use of Executive Orders here, but the limits on those would hopefully limit most of the really bad stuff found in the bill proposals.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, executive order, information sharing, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
If nobody obeyed it...well, so what?
[ link to this | view in chronology ]
Two-Party Concent?
Well, know that I know that, how to capitalize on this insight. Hmmm...
(Also, seriously, saying that a SPAM filter is the equivalent of interception and recording? ... I am no lawyer, and I like my frontal lobe to much to become one.)
[ link to this | view in chronology ]
lets remove money from politics first, then the only people they are accountable to is the majority of voters.
[ link to this | view in chronology ]
Re:
An effective and desirable internet security bill that actually addresses real, critical national security problems (electric grid, etc.) is probably desirable, but it would be very short and sweet and wouldn't impact civil rights at all:
"Systems that control critical infrastructure are not to be connected to the internet."
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
connected: able to send or receive data
That was easy! But I do get your point. Politics can make even trivial things like this very complicated.
[ link to this | view in chronology ]
Re: Re: Re: Re:
I can guarantee that you'll get different answers about what constitutes national security from Ralph Nader, the MPAA and the average person on the street.
[ link to this | view in chronology ]
Re: Re: Re: Re:
You mean like hip-hop blogs and torrent finders?
[ link to this | view in chronology ]
Re:
If we had representation in the proportion intended, we would have 9300-10200 representatives in the House. We've been locked at 435 for over 100 years. Not only has their power grown considerably from this lockdown, but a large part of the funding problems comes from having only about 4% of the representation we're due.
[ link to this | view in chronology ]
I trust neither of these parties to actually do something that is good for the country unless there is a pay off in it from some corporation. From the outside looking in, it all looks like Washington is corrupt to the core.
It looks like we need a voting election that removes pretty near all incumbents, lacking very few.
[ link to this | view in chronology ]
Follow the Leader
Remember, this is the president that killed Osama, something George Bush failed to do. He is winning the war against piracy as well. Obama is making this counry safer even with all the complaining from citizens that should recognize their place in this country and follow what are leaders decide for us. In fact, isn't that what we elected them to do?
America is a shining light in a dark world. We can fix all the problems the rest of the world creates. Just listen to us and do what we say. Easy as pie. Don't you want to be like us, free and all?
[ link to this | view in chronology ]
Re: Follow the Leader
[ link to this | view in chronology ]
Re: Re: Follow the Leader
[ link to this | view in chronology ]
Yes He Can.
[ link to this | view in chronology ]
Re:
No?
[ link to this | view in chronology ]
But he doesn't tell us the names of those laws.
He also neglects to tell us that CISPA goes much further, by saying that "Notwithstanding" any law, our medical records, passwords, and emails can be shared without telling us.
Baker makes CISPA seem like it would narrowly affect privacy.
In reality, CISPA would broadly destroy privacy.
Baker also implies that ISPs can't share malware information under current law.
In reality, they can. They do it through a non-profit, "the National Cyber Forensics and Training Alliance." Kashimir Hill wrote about it in a Forbes article, "The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA."
[ link to this | view in chronology ]
Too little, too late
I can't load a page with 2k of text that I want to read because the graphical ad servers are running slow? The Internet has already been taken over!
Ban Windows or require a competency test. Then you'll have better security on the Internet.
[ link to this | view in chronology ]
Why not?
> to Push Through Cybersecurity Rules?
Why not? He seems to think he can use them to do whatever the hell else he wants.
The president's attitude seems to be "I think X is a good idea. Congress won't cooperate and pass X, therefore it's appropriate for me to use an EO to accomplish X."
[ link to this | view in chronology ]
Re: Why not?
I wonder what else he'll do. Have Bradley Manning executed?
[ link to this | view in chronology ]
Yes Yes Yes
You can make it one big pissing match. Anything Congress does or the Courts find can be undone with an Execuvite order. Up until President Clinton, presidents were very careful to not create a situation with Executive Orders. Clinton was bad, Bush was even worse and Obama is a habitual abuser.
[ link to this | view in chronology ]
Re: Yes Yes Yes
Not actually true. An executive order can do anything that is already in the power of the executive branch.
An executive order cannot make new laws, for instance (lawmaking is a power of the legislative branch) or decide what a law means (interpreting law is the power of the judicial branch) but can affect how or if laws are enforced (enforcing laws is a power of the executive).
An executive order cannot allocate money (budgeting is the power of the legislative) but it can decide whether or not to spend the money budgeted.
And so forth.
As much as every president tries to act otherwise, the president is not a king. The US presidency is actually very weak when compared to the powers that other heads of state have.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
They can affect you, though, by changing the regulations around how laws are implemented. Violating those regulations carries the same penalties they always carry (which can vary according to the regulation), but are typically limited to fines.
[ link to this | view in chronology ]
Y2K
[ link to this | view in chronology ]
If Obama does push this thru: his political opponents will claim that he is owned by corporations and special interest groups, that he is anti-american for passing laws in a 'border-line unconstitutional way', and that he and his big government want to take away civil liberties and spy on "the American People"
[ link to this | view in chronology ]