LEAKED! Here's The White House's Draft Cybersecurity Executive Order
from the vague-enough-for-ya? dept
Earlier this week, we wrote about how the White House was working on an executive order to act as a "stand in" for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw... but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It's embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It's also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues -- but, again, it's left pretty vague.There is, as expected, plans concerning information sharing -- but again, they're left pretty empty on specifics. It talks about an "information exchange framework." Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don't lead to massive privacy violations, despite the President's earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.
Separately, it lists out 16 critical infrastructure "sectors," but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does "communications" include things like social networking? It's important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information "sharing" abuse efforts by the government. We all know there's plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there's little indication that any of that has really been taken into consideration.
All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.
Honestly, looking this over, you get the sense that it's really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It's no secret that the administration's overall preference is to get a law in place, rather than this executive order. That's been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don't approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can't go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.
Either way, we'll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cispa, critical infrastructure, cybersecurity, cyberseuciryt act, executive order, homeland security, president obama, white house
Reader Comments
The First Word
“Typo pointer.
Mike, you let a typo loose in the entry title. There is no R in daft.Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Cybersecurity and Politicians
With very few exceptions, I have seen no evidence what so ever that politicians have any understanding of cybersecurity, the Internet, and in a lot of cases even how to properly research and write a law.
[ link to this | view in thread ]
Why
[ link to this | view in thread ]
Only 16?
And I'm sure every single one is capable of being interpreted as "Obama can crown himself king and extend his rule for fifty years while simultaneously disolving the Bill of Rights and the Constitution and turning the Legislative and Judicial branches into party houses for all of his cronies and buddies who worked so hard to put him in power... All hail your new king. The White House has now become the new frat house. I'm sure the November election is just a formality that he's already won. No need to campaign.
[ link to this | view in thread ]
Information exchange. Well, that seems to me like people communicating. Be it a seller and a customer or a company sharing catalogs of analytics or countless similar things - people are involved. Right or wrong, just or not, the fact is that information about people is involved.
Do they get privacy in their communications or not? Whole privacy.
Cybersecurity is a defensive art. You need to know how to protect yourself in ever changing conditions. You need to understand what it is you're protecting yourself against. And here we have, what I understand it to be, people. Even. The. Ones. That. You. Are. Defending. There is a new separation that has not been recognized. You leaders, true and not, must engage. As far as the US goes it is imperative that they pay attention that they're setting the bar based upon the core values and beliefs that are those of a free people.
Communications == People == Privacy : Cardinal position one
[ link to this | view in thread ]
Same thing with these SOPA and other negotiations that get leaked, those leaking these documents need to be careful because they may have watermarks indicating which document was leaked which could be used to trace who leaked the information.
[ link to this | view in thread ]
Re:
How are you going to remove the identifying features if the words themselves are those features? And when it comes to legal phrasings, you can't just paraphrase shit.
[ link to this | view in thread ]
Re: Re:
that is all....
Nigel
[ link to this | view in thread ]
Cuz y'know, any zealot that ignores this, is a zealot worth taking seriously...
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2132153
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Cybersecurity and Politicians
Not knowing how to do your job is ignorance. Not wanting to know how to do your job is stupidity.
[ link to this | view in thread ]
These old senators DONT know SHIT about the internet
[ link to this | view in thread ]
[ link to this | view in thread ]
Vague is bad...
Gives me the feeling it's a "fill in the blanks" or a "blank check" type of approach to forcing some sort of legislation through.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Fail :)
[ link to this | view in thread ]
A bill is put forth using the normal legislative method, but this bill, unsavory as it is to the American people, rightly fails to pass.
Now that the bill has been put to a vote and subsequently rejected, the president decides to ram the contents of the bill through anyway through an executive order.
Hmm. There's a word for political systems like that, but I don't think "democracy" is that word.
[ link to this | view in thread ]
Re:
Cuz y'know, any zealot that ignores this, is a zealot worth taking seriously...
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2132153
Sorry, but if a study's conclusions don't comport with his predetermined reality, then that study is ipso facto conclusively debunked. Perhaps you need some Kool-Aid and a lobotomy.
[ link to this | view in thread ]
Re: Why
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Well AJ ... if the show fits.
[ link to this | view in thread ]
Re: Re: Why
Some people in China might be hacking to get secrets or blueprints and the like.
The US has been actively trying to use cyberspace to cause physical harm and damage to system in countries they dislike.
And never forget the whole ZOMG my computer bluescreened CHINA DID IT factor. Sorta like the whole homeland security flip out over a valve at a water processing plant that was "hacked" ... until it came out no it wasn't. But the media ran with the story of hackers destroying the water system.
Homeland Security who when informed by a company their systems were hacked, Well just keep letting them poke around and only stop them if they do something very dangerous.
[ link to this | view in thread ]
Critical Thinking.
[ link to this | view in thread ]
Re: Only 16?
[ link to this | view in thread ]
Before it too late
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Why
[ link to this | view in thread ]
Re: Cybersecurity and Politicians
We are headed into police state martial law probably in the very near future, and I suspect among the first things ICE and other government agencies (Homeland Security?) will do when it comes is to shut down all the alternative news sites that are exposing all the things the mainline media is hiding from us.
Watch for it.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Figured
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
Just because your BS is always called out doesn't make you right or Mike wrong, or vice versa for that matter. But without proof, you're just pissing in the wind.
[ link to this | view in thread ]
Re: Cybersecurity and Politicians
[ link to this | view in thread ]
Question for anyone that wants to answer
[ link to this | view in thread ]
Re: Re: Cybersecurity and Politicians
[ link to this | view in thread ]
Re: These old senators DONT know SHIT about the internet
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Cybersecurity and Politicians
[ link to this | view in thread ]
Re: Re: Why
The US is actively waging war against the open internet. So are many other governments. They have also all moved quite a large portion of their usual espionage into cyberspace (or tricks like the Stuxnet worm against Iran, which was the USA in partnership with Isreal), but that's just the kind of games governments have always played, and always will - they've just found a new tool.
The real 'cyber terror' is the war of censorship by the governments of the world against the common citizens. Same old class war, now in cyberspace.
[ link to this | view in thread ]
Re: Re: Re: Re:
I love it. You're too stupid to actually make a point, so you just say something that makes no sense and is a lie.
Please link to where I used "fuck off and die" as an argument.
You cannot.
[ link to this | view in thread ]
Re: Re: Re: Re:
Huh? I didn't say, nor have I ever said, that Mike is wrong because my BS gets called out. Mike is wrong because Mike works backward, is intellectually dishonest, jumps to conclusions, and ignores all evidence that doesn't jive with his anti-IP hate mongering. Lots of people challenge me on my posts, but unlike most, I explain myself and cite caselaw. If you haven't noticed that Mike plays fast and loose with reality, then you just aren't paying attention. He's an extremist zealot who couldn't be honest about IP if his life depended on it.
[ link to this | view in thread ]
Re: Re: These old senators DONT know SHIT about the internet
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Cybersecurity and Politicians
We get what is Voted in over and over.Wake me up when the Revolution is over please.
[ link to this | view in thread ]
Design basis threat (DBT) is a classified document that discovers the characteristics of the potential threats (actual threat, not a possibility)
Backward induction is the process of reasoning backwards in time, from the end of a problem or situation, to determine a sequence of optimal actions. It proceeds by first considering the last time a decision might be made and choosing what to do in any situation at that time. Using this information, one can then determine what to do at the second-to-last time of decision. This process continues backwards until one has determined the best action for every possible situation (i.e. for every possible information set) at every point in time.
Intimidation (also called cowing) is intentional behavior that "would cause a person of ordinary sensibilities" fear of injury or harm. It's not necessary to prove that the behavior was so violent as to cause terror or that the victim was actually frightened.
Are we actually seeing now were/who is a treat…
Criminal threatening (or threatening behavior) is the crime of intentionally or knowingly putting another person in fear of imminent bodily injury. "Threat of harm generally involves a perception of injury...physical or mental damage...act or instance of injury, or a material and detriment or loss to a person." "A terroristic threat is a crime generally involving a threat to commit violence communicated with the intent to terrorize another."
Threatening behaviors may be conceptualized as a maladaptive outgrowth of normal competitive urge for interrelational dominance generally seen in animals. Alternatively, intimidation may result from the type of society in which individuals are socialized, as human beings are generally reluctant to engage in confrontation or threaten violence.
Like all behavioral traits it exists in greater or lesser manifestation in each individual person over time, but may be a more significant "compensatory behavior" for some as opposed to others. Behavioral theorists often see threatening behaviours as a consequence of being threatened by others, including parents, authority figures, playmates and siblings. “Use of force is justified when a person reasonably believes that it is necessary for the defense of oneself or another against the immediate use of unlawful force.”
Lets create a bigger RISK\threat footprint because im scared ?????
[ link to this | view in thread ]
Typo pointer.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Cybersecurity and Politicians
[ link to this | view in thread ]
Response to: Anonymous Coward on Sep 15th, 2012 @ 7:50am
It is not contentious that we need new laws in regards to (cyber)security. What IS a major point of contention is the specifics of those new laws. This is the battlefield.
In an attempt to 1) provide a stopgap until new laws are created and 2) force the people ACTUALLY RESPONSIBLE FOR MAKING NEW LAWS TO GET OFF THEIR COLLECTIVE ASS AND MAKE SOME GODDAMN LAWS through accepted democratic processes, the president is making an executive order which is supposed to be unpleasant for all involved.
The crappiness is a feature, not a bug, designed to act as an incentive for the creation of actual laws.
[ link to this | view in thread ]
Re: Only 16?
[ link to this | view in thread ]
Re: Re: Re: Cybersecurity and Politicians
[ link to this | view in thread ]
Re: Re: Only 16?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
And here I thought such terminology was reserved for those who fly planes into buildings, blow up planned parenthood and IRS buildings, murder doctors - you know ... that sort of thing. Guess ya learn something new every day.
[ link to this | view in thread ]
Re: Only 16?
[ link to this | view in thread ]
Re: Re: Re: Only 16?
[ link to this | view in thread ]
Re: Why
[ link to this | view in thread ]
tell me my tin foil hat is to tight now!!!!!
2: Microsoft's prototype NYC "emergency camera monitoring system".
3: Facebook's new facial recognition software. being able to ID anyone in a matter of seconds. linking the image with all of their personal info, as well as family and friends info, accessible at the click of the eagles motherfucking beak.
4: if this bill is passed it will give them the keys to side step every safeguard set in place to protect your rights as a free citizens. completing a "legal" chain to every bit of information in the country, without the need for probable cause or a warrant. when these systems get up and running across the nation it will give them the ability to track anyone across the nation, with the ability to project evasion routes and known associates. (even favorite dining habits.)
are you pissed off yet?
[ link to this | view in thread ]
Re: tell me my tin foil hat is to tight now!!!!!
Heil Obama!
Heil ???
[ link to this | view in thread ]
[ link to this | view in thread ]
critical infrastructure protection
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: critical infrastructure protection
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]