This isn't a huge surprise -- and last month we even discussed the possibility, but it sounds as though the White House has decided that, with the failure of Congress to pass a comprehensive cybersecurity bill (CISPA passed in the House, but the rather different Cybersecurity Act failed in the Senate), it is going to issue some sort of executive order to deal with "cybersecurity issues."

Late last week there was an awful lot of speculation over what would be, with some people arguing that it will do too much... and others arguing that it will do too little. However, late Friday, Jason Miller from Federal News Radio claimed to have seen a draft copy, and while he did not share the full copy, he did do a pretty thorough breakdown of what was in it. It sounds pretty similar to the Lieberman/Collins Cybersecurity Act -- the one that failed to gain Senate approval. The parts that concerned us the most in the bill -- concerning information sharing without real privacy protections -- appear to be in this executive order, and in some ways may be worse. While the President cannot grant liability protections for companies who share info with the government (a major concern we had), it sounds like this executive order will put tremendous pressure on companies to share info -- noting that it will begin a sort of "name and shame" program for companies who fail to take part. That seems like a recipe for a privacy disaster.

The thing that I'm still waiting for is for someone (anyone?!) to lay out exactly where the problems are with current regulations in the area. We keep hearing that there's a real risk (though the only demonstration of that seems to be inflated, hyperbolic stories), and that without information sharing, the risk is much greater. But what has not been shown by anyone, in either Congress or the administration, is why the necessary sharing can't happen under existing laws today. They just keep saying it can't but refuse to point to the specific things that are causing those problems today. That's what makes me most nervous about all of this. When those in power can't fully articulate the problem, it seems reasonable to be quite worried about the solution. It makes it way too easy for that "solution" to be much too broad and cause all sorts of collateral damage.

51 Comments

http://libertycrier.com/government/white-house-circulating-draft-of-executive-order-on-cybersecurity/