White House doesn’t address privacy concerns in cybersecurity executive order draft

Reuters / Lucas Jackson
A copy of the cybersecurity executive order currently being written by the Obama administration has been leaked to the Web, and the contents do little to calm the fears of those who suspected their privacy concerns wouldn’t be considered.

Only days after journalists with both Federal News Radio and TechDirt.com claimed to have come into possession with a copy of a cybersecurity executive order being readied by the White House, a draft assumed to be authored for the president has been leaked, and in it the Obama administration lays down the groundwork for interim cybersecurity measures following Congress’ failure to come to agreement on legislation of their own. But while the alleged executive order does not discuss the specifics of what the White House has in mind for protecting the country’s e-grid, it also fails to provide any safe guards for making sure that any sharing of personal information does not raise privacy concerns or cause any civil rights violations.

“It is therefore essential that a mutually beneficial arrangement for public-private collaboration be further developed,” the introduction of the draft declares. Over the course of the 18 pages that follow, the Obama administration authors repeatedly remark about the necessity for streamlining the sharing of information held by private sector companies with the federal government. Nowhere, however, has the White House explained how it plans to protect the rights of Americans.

Under earlier cyber legislation considered by Congress, private-sector entities, including businesses and telecom providers, would be offered federal incentives for openly providing the government with personal details offered up by their customers — the American public. Although the leaked copy does not describe any specific-handouts, it heavy handedly avoids explaining anything that will be done to handle the privacy concerns that were caused by earlier attempts at cyber bills.

In one excerpt of the draft, the establishment of a “risk management framework” is discussed, explaining it as something that would “facilitate streamlined collaboration and information sharing mechanisms,” as well as “address interdependencies among critical infrastructure sectors.”

“Because the majority of the Nation’s crucial infrastructure is owned and operated by the private sector, efforts to strengthen and maintain secure, functioning and resilient critical infrastructure required effective and routine collaboration and information exchange between all levels of government and critical infrastructure owners and operators,” it continues.

Elsewhere in the draft, “information sharing” between private and federal entities is considered imperative and a call to arms it made to “facilitate an optimization of resources to advance our collective ability to act when a threat is present or an incident occurs.” Not only does the vague wordage included in the draft leave the possibility of information collection and sharing open-ended, but suggests that this act is only the starting point of what sort of cyber-sharing protocols are yet to be put to use.

The draft, according to the copy released by TechDirt, also calls for the establishment of a “24/7 situational awareness and crisis monitor” system managed by the US Department of Homeland Security, which will “facilitate information sharing, interaction and collaboration among and between SSAs and other Federal department agencies, critical infrastructure, owners and operators and international partners.” In another section, the White House rallies for a National Cybersecurity Center to exist with “the ability to enable and support situational awareness and a common operating picture for cyberspace across private sector, Federal, SLTT and international entities y integrating information obtained from such entities and providing cyber information to support the Secretary of Homeland Security.”

The process, writes the White House, will include “an institutionalized capability to facilitate information sharing.” Nowhere, though, do they discuss how they will facilitate the civil liberties concerns raised by the sharing of sensitive intelligence.

Although the White House has not yet weighed in on the authenticity of the alleged draft, the Obama administration does admit to be at work on readying a copy for release.

"Following congressional inaction, the President is determined to use existing executive branch authorities to protect our nation against cyber threats," National Security Adviser John Brennan confirmed in a letter sent from the White House on Friday. "Specifically, we are exploring an Executive Order to direct executive branch departments and agencies to secure our nation's critical infrastructure by working with the private sector."