Can The President Use An Executive Order To Push Through Cybersecurity Rules?

from the sorta-maybe-possibly dept

Tue, Aug 7th 2012 11:31am — Mike Masnick

With the Cybersecurity Act failing in the Senate, there's been some buzz that President Obama might push through a bunch of provisions via executive order. From a political standpoint, there are tons of reasons to do so. If nothing gets done, and some sort of attack does happen, opponents can claim that he failed to strengthen our cybersecurity. But this way, he can claim he's doing what he can, and pin the blame on Congress for not doing their part.

But what would it mean if he goes down this route? The Daily Caller has a hysterical and totally misleading piece claiming that this would allow for an "internet takeover." As skeptical as I am for the need for such cybersecurity legislation (and I'm pretty skeptical), that article is just pure hyperbole. This has nothing to do with "taking over the internet," and that's just someone who's lying or clueless.

The original link above, from The Hill, points out that, when it comes to industries that are already regulated, the administration could easily order them to include certain cybersecurity standards among their existing regulations:

Many companies managing vital computer systems are already heavily regulated. Lewis said the president could order agencies to require the industries they regulate to meet cybersecurity standards.

"You don't need new legislative authority to do that," Lewis said.

He noted that some regulatory agencies, including the Federal Communications Commission and the Nuclear Regulatory Commission, are independent and not bound to follow executive orders. But Lewis predicted that even the independent agencies would likely enforce an executive order on cybersecurity.

That likely would lead to some pushback concerning the limits of regulatory control, but if it actually solves the few problems we hear about (such as critical systems being connected to the internet) then perhaps it's a more reasonable way to deal with things.

The other part of the bill, which was the part that concerned us the most, concerning information sharing, would be much more difficult to go after via an executive order. Stewart Baker has an interesting analysis of the possibility there, and he comes at it from someone who is... well, more hostile towards those of us who believe that privacy rights are important. He's been railing against privacy rights activists and their attacks on the cybersecurity proposals for a while, and doing so in misleading and incomplete ways, unfortunately. He does the same here, suggesting that privacy lobbyists are a part of the problem, while completely misrepresenting their concerns, even to the point of suggesting that privacy activists don't want to allow info sharing because sharing attack info reveals "personal info of the attacker." That's silly. No one has ever argued for that, and Baker is setting up a strawman.

However, he does note ways in which the administration can at least clarify intent via executive order to get around these claimed limitations (which I'm not convinced are actual limitations, as he describes them):

It is hard to fix bad laws with an executive order, but in this case I’m not sure it can’t be done. States with two-party laws are a minority already (about a dozen states, depending on how you count), and their laws are under pressure in the courts (thanks to police officers claiming that it’s a felony for members of the public to record them without their consent). What’s more, despite claims about their chilling effect on signature filtering, two-party-consent laws don’t seem to have stopped the emergence of robust spam filtering by private companies. A clear presidential statement that allowing such laws to bar signature filtering threatens national security would almost certainly resolve any lingering doubts, especially if it’s backed by an order that the Justice Department intervene as necessary in private state suits that challenge signature filtering.

All that’s left then is the federal ban on unsubpoenaed information sharing, and even it might yield to a little creativity. Not everyone is subject to the ban. So can the parties who are covered by the restriction (ISPs, webmail providers) simply share their data with parties who aren’t covered (security firms)? And can the security firms in turn sell their data to government? Maybe so. Again, a clear presidential statement that such a measure is essential for national security would make the courts think twice before declaring that Tinker-to-Evers-to-Chance is simply an evasion of the ban on Tinker sharing with Chance.

However, he also notes that Obama might not want to "tussle" with privacy groups and so this section may get ignored. While I agree that there are some privacy extremists who set forth proposals that go way too far, I think many of the people who were concerned about the cybersecurity bill over privacy issues wouldn't necessarily be against very narrowly defined rules on information sharing, though it still seems unclear how much any existing law is really holding back info sharing for the purpose of cybersecurity. Passing data through third parties, of course, is a lot more controversial, depending on the controls and oversight involved. But, again, it's still unclear how big of a problem this really is.

Either way, it wouldn't surprise me to see some sort of use of Executive Orders here, but the limits on those would hopefully limit most of the really bad stuff found in the bill proposals.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, executive order, information sharing, privacy

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 7 Aug 2012 @ 11:45am

from what i have read recently, almost every person of power, whether the head one (the President) or not, seems to think they can do whatever they want, whenever they want and there is no action that can be taken against them. the general consensus of opinion being 'fuck everyone who opposes what i want to do, especially the citizens, 'cause i'm gonna do it anyway'!
[ link to this | view in chronology ]
- weneedhelp (profile), 7 Aug 2012 @ 12:29pm
  
  Re:
  They are the deciders.
  [ link to this | view in chronology ]
  - Bergman (profile), 7 Aug 2012 @ 4:52pm
    
    Re: Re:
    I've decided to ignore them.
    [ link to this | view in chronology ]
- Mason Wheeler (profile), 7 Aug 2012 @ 4:47pm
  
  Re:
  Exactly. Remember, this is the same president who thought he could use executive authority to illegally sign us onto ACTA and get away with it.
  [ link to this | view in chronology ]
  - Bergman (profile), 7 Aug 2012 @ 4:54pm
    
    Re: Re:
    Well he theoretically could sign it, but it would be a non-binding agreement without congressional ratification.
    
    If nobody obeyed it...well, so what?
    [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 12:01pm

Two-Party Concent?
Okay... I am clearly no lawyer. I foolishly thought that even states with one-party consent to recording conversations needed, you know, at least one participate of the conversation to consent to another listener/recording, not that it meant anyone could just decide to record or listen in without either party knowing.

Well, know that I know that, how to capitalize on this insight. Hmmm...

(Also, seriously, saying that a SPAM filter is the equivalent of interception and recording? ... I am no lawyer, and I like my frontal lobe to much to become one.)
[ link to this | view in chronology ]
letherial (profile), 7 Aug 2012 @ 12:24pm

I am also skeptical of a internet security bill, but not because we dont need one, imagine what could happen if a attack happened on all the major banks. My concern is Washington and the way they take orders from the recording industry on a constant basis. This means that security will become censorship and well fuck that....

lets remove money from politics first, then the only people they are accountable to is the majority of voters.
[ link to this | view in chronology ]
- John Fenderson (profile), 7 Aug 2012 @ 12:58pm
  
  Re:
  not because we dont need one, imagine what could happen if a attack happened on all the major banks.
  
  An effective and desirable internet security bill that actually addresses real, critical national security problems (electric grid, etc.) is probably desirable, but it would be very short and sweet and wouldn't impact civil rights at all:
  
  "Systems that control critical infrastructure are not to be connected to the internet."
  [ link to this | view in chronology ]
  - Mason Wheeler (profile), 7 Aug 2012 @ 1:08pm
    
    Re: Re:
    OK. Define "systems that control critical infrastructure." And define "connected." There are always ways to complicate "simple" things like this.
    [ link to this | view in chronology ]
    - John Fenderson (profile), 7 Aug 2012 @ 2:07pm
      
      Re: Re: Re:
      systems that control critical infrastructure: any system in which the results of it being hacked are so extreme as to constitute a national security issue.
      
      connected: able to send or receive data
      
      That was easy! But I do get your point. Politics can make even trivial things like this very complicated.
      [ link to this | view in chronology ]
      - Bergman (profile), 7 Aug 2012 @ 4:56pm
        
        Re: Re: Re: Re:
        Defined by whom?
        
        I can guarantee that you'll get different answers about what constitutes national security from Ralph Nader, the MPAA and the average person on the street.
        [ link to this | view in chronology ]
      - Anonymous Coward, 7 Aug 2012 @ 5:30pm
        
        Re: Re: Re: Re:
        systems that control critical infrastructure: any system in which the results of it being hacked are so extreme as to constitute a national security issue.
        
        You mean like hip-hop blogs and torrent finders?
        [ link to this | view in chronology ]
- Anonymous Coward, 7 Aug 2012 @ 1:14pm
  
  Re:
  lets remove money from politics first, then the only people they are accountable to is the majority of voters.
  
  If we had representation in the proportion intended, we would have 9300-10200 representatives in the House. We've been locked at 435 for over 100 years. Not only has their power grown considerably from this lockdown, but a large part of the funding problems comes from having only about 4% of the representation we're due.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 12:27pm

So where is the idea that blaming the president for doing nothing while doing everything that can be done to kill any proposals that might lead to actually accomplishing something coming from? I guess that's the same party that has fought for 4 years to keep anything from passing. Seems last I heard they were claiming the president's policies hadn't worked for the economy while ignoring their little part in that failed policy claim.

I trust neither of these parties to actually do something that is good for the country unless there is a pay off in it from some corporation. From the outside looking in, it all looks like Washington is corrupt to the core.

It looks like we need a voting election that removes pretty near all incumbents, lacking very few.
[ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 12:50pm

Follow the Leader
He is the president and has access to a lot of information that the general public is not aware of. I am sure he is making decisions based on what is best for his constituents. Whether it is fighting this country's cyber wars, or real wars, he is looking out for America. So if you think he is just "pushing something through" you don't have all the facts to understand the situation.

Remember, this is the president that killed Osama, something George Bush failed to do. He is winning the war against piracy as well. Obama is making this counry safer even with all the complaining from citizens that should recognize their place in this country and follow what are leaders decide for us. In fact, isn't that what we elected them to do?

America is a shining light in a dark world. We can fix all the problems the rest of the world creates. Just listen to us and do what we say. Easy as pie. Don't you want to be like us, free and all?
[ link to this | view in chronology ]
- John Fenderson (profile), 7 Aug 2012 @ 1:00pm
  
  Re: Follow the Leader
  Is this missing a /sarc tag?
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Aug 2012 @ 1:30pm
    
    Re: Re: Follow the Leader
    Yes, sorry for that and the mrs. spellings.
    [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 12:53pm

*ahem*

Yes He Can.
[ link to this | view in chronology ]
- Ninja (profile), 8 Aug 2012 @ 3:43am
  
  Re:
  In Soviet Russia....
  
  No?
  [ link to this | view in chronology ]
Eric Jaffa (profile), 7 Aug 2012 @ 1:08pm

Stewart Baker writes that CISPA "would have undone a couple of overbroad privacy laws from the 60s and the 80s."

But he doesn't tell us the names of those laws.

He also neglects to tell us that CISPA goes much further, by saying that "Notwithstanding" any law, our medical records, passwords, and emails can be shared without telling us.

Baker makes CISPA seem like it would narrowly affect privacy.

In reality, CISPA would broadly destroy privacy.

Baker also implies that ISPs can't share malware information under current law.

In reality, they can. They do it through a non-profit, "the National Cyber Forensics and Training Alliance." Kashimir Hill wrote about it in a Forbes article, "The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA."
[ link to this | view in chronology ]
artp (profile), 7 Aug 2012 @ 1:21pm

Too little, too late
90% of the emails on the Internet are spam, and he's worried about the Internet BEING taken over? It's already happened!

I can't load a page with 2k of text that I want to read because the graphical ad servers are running slow? The Internet has already been taken over!

Ban Windows or require a competency test. Then you'll have better security on the Internet.
[ link to this | view in chronology ]
btr1701 (profile), 7 Aug 2012 @ 1:34pm

Why not?
> Can the President Use an Executive Order
> to Push Through Cybersecurity Rules?

Why not? He seems to think he can use them to do whatever the hell else he wants.

The president's attitude seems to be "I think X is a good idea. Congress won't cooperate and pass X, therefore it's appropriate for me to use an EO to accomplish X."
[ link to this | view in chronology ]
- Anonymous Coward, 7 Aug 2012 @ 1:43pm
  
  Re: Why not?
  Maybe he thinks he's not going to be reelected, so he's just going to do whatever he wants while he can.
  I wonder what else he'll do. Have Bradley Manning executed?
  [ link to this | view in chronology ]
Elder-Geek, 7 Aug 2012 @ 2:03pm

Yes Yes Yes
The president can do anything he wants with an executive order. There were fears that Nixon would pardon himself if Congress impeached him as a sitting President.

You can make it one big pissing match. Anything Congress does or the Courts find can be undone with an Execuvite order. Up until President Clinton, presidents were very careful to not create a situation with Executive Orders. Clinton was bad, Bush was even worse and Obama is a habitual abuser.
[ link to this | view in chronology ]
- John Fenderson (profile), 7 Aug 2012 @ 2:21pm
  
  Re: Yes Yes Yes
  The president can do anything he wants with an executive order
  
  Not actually true. An executive order can do anything that is already in the power of the executive branch.
  
  An executive order cannot make new laws, for instance (lawmaking is a power of the legislative branch) or decide what a law means (interpreting law is the power of the judicial branch) but can affect how or if laws are enforced (enforcing laws is a power of the executive).
  
  An executive order cannot allocate money (budgeting is the power of the legislative) but it can decide whether or not to spend the money budgeted.
  
  And so forth.
  
  As much as every president tries to act otherwise, the president is not a king. The US presidency is actually very weak when compared to the powers that other heads of state have.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 4:01pm

All hail king obama!
[ link to this | view in chronology ]
- Anonymous Coward, 7 Aug 2012 @ 8:46pm
  
  Re:
  the BIG BLACK DICtator
  [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 4:16pm

Of course. The "President of the free world" as you United-Statesians like to pretentiously refer to him, has the right do do as he pleases. He's like Emperor of the known world and beyond.
[ link to this | view in chronology ]
Bergman (profile), 7 Aug 2012 @ 4:56pm

So, I'm curious...what's the legal penalty for disobeying an executive order?
[ link to this | view in chronology ]
- Anonymous Coward, 7 Aug 2012 @ 6:23pm
  
  Re:
  They do a process where they send in the drones...terrorist
  [ link to this | view in chronology ]
- John Fenderson (profile), 8 Aug 2012 @ 9:02am
  
  Re:
  Executive orders aren't laws. They are directives to the executive branch. If you don't work in the executive branch, they don't apply to you.
  
  They can affect you, though, by changing the regulations around how laws are implemented. Violating those regulations carries the same penalties they always carry (which can vary according to the regulation), but are typically limited to fines.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Aug 2012 @ 8:39pm

Y2K
Hey, remember what happened on Y2K? Remember when all the computers in the world crashed, planes fell out of the sky, there were massive blackouts, the banking system collapsed, and it was the end of civilization as we know it? Remember that? No? Neither do I.
[ link to this | view in chronology ]
Brent (profile), 8 Aug 2012 @ 1:33pm

If Obama doesn't push this thru: his political opponents will collude to entice terrorists to cyber attack the weakpoints made evident in this legislation. that will finally 'prove' we need more cybersecurity legislation and that Obama was a terrible President.

If Obama does push this thru: his political opponents will claim that he is owned by corporations and special interest groups, that he is anti-american for passing laws in a 'border-line unconstitutional way', and that he and his big government want to take away civil liberties and spy on "the American People"
[ link to this | view in chronology ]