The White House yesterday revealed details on President Obama's executive order intended to ramp up the fight against cybersecurity threats to U.S. interests including businesses, the government and critical infrastructure. Surprisingly, the executive order lacks all of the issues associated with the House cybersecurity bill (commonly referred to as CISPA). For one it offers a one-way information sharing provision, meaning that the U.S. government's various intelligence agencies can share information with corporations and businesses that handle critical information. It does not allow those same entities to share private user data with the government, nor does it give them amnesty from legal action for doing so.
Privacy advocates seem to prefer the President's executive order a lot more than CISPA, but the president has said that Congress still needs to work on some more in-depth legislation that can deal with the problem of cyber attacks while respecting the privacy of Americans.
"We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems," President Obama said. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
The order also calls for the Department of Homeland Security to strongly consider the privacy implications of its cybersecurity efforts and calls the agency's Chief Privacy Officer to publicly release a report on privacy and digital civil liberty effects of such actions within a year.
The ACLU applauded the executive order's approach:
"The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties," reads a statement on the executive order from the American Civil Liberties Union, which has opposed CISPA. "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."
"The definition of cybersecurity threat hasn’t been pinned down, and we’ve been concerned that the combination of that vague definition and legal immunity would allow an end run around privacy regulations," Lee Tien of the Electronic Frontier Foundation tells Forbes. "This [executive order] is only about outflows of information from the government."
"The political debate tends to skew away from the admittedly hard problem of making systems more secure," adds Tien. "That costs nothing from a privacy and civil liberties perspective and it doesn’t get much attention."
CISPA is expected to be reintroduced in the House today, but with the President's executive order in place, it will be interesting to see if it inspires lawmakers to see the holes in the legislation in its current form.
You can read the President's executive order here.