Exceptionally grave damage: NSA refuses to declassify Obama’s cybersecurity directive
The Electronic Privacy Information Center (EPIC) reports on Tuesday that their recent FOIA request for information about a top-secret memo signed last month by US President Barack Obama has been rejected [PDF]. Now attorneys for EPIC say they plan to file an appeal to get to the bottom of Presidential Policy Directive 20.
Although the executive order has been on the books for a month now, only last week did details emerge about the order after the Washington Post reported that Pres. Obama’s signature to the top-secret directive could allow the White House to send in recruits from the Pentagon to protect America’s cyber-infrastructure.
Because Presidential Policy Directive 20 is classified, the exact wording of the elusive document has been a secret kept only by those with first-hand knowledge of the memo. For their November 14 article, the Post spoke with sources that saw the document to report that the directive “effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.”
In response to the Post’s report, EPIC filed a FOIA request to find out if the policy directive could mean military deployment within the United States, especially since the sources who have seen the memo say it allows the Pentagon to pursue actions against adversaries within a vaguely described terrain known only as “cyberspace.”
“What it does, really for the first time, is it explicitly talks about how we will use cyber-operations,” a senior administration official told the Post. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”
“We’d like to see what the language says and see what power is given,” EPIC attorney Amie Stepanovich told RT this week — a matter that will now have to be appealed before any details can be determined.
News of the directive comes just as lawmakers in Congress failed once again to approve a cybersecurity legislation that would provide new connections between the federal government and the private sector in order to supposedly ramp up the United States’ protection from foreign hackers. With the defeat of that bill, though, members of both the House and Senate now say they expect Pres. Obama to sign a separate executive order that will lay down the groundwork for a more thorough cybersecurity plan to be established.
Meanwhile, the commander-in-chief has already signed a secret order — Presidential Policy Directive 20 — that might remain classified unless EPIC can win in court.
“We believe that the public hasn’t been able to involve themselves in the cybersecurity debate, and the reason they can’t involve themselves is because they don’t have the right amount of information,” Stepanovich tells RT.
Responding to the FOIA request, the NSA says releasing information on the directive cannot occur because “disclosure could reasonably be expected to cause exceptionally grave damage to the national security.”
“Because the document is currently and properly classified, it is exempt from disclosure,” the NSA writes.