LEAKED! Here's The White House's Draft Cybersecurity Executive Order

from the vague-enough-for-ya? dept

Earlier this week, we wrote about how the White House was working on an executive order to act as a “stand in” for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw… but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It’s embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It’s also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues — but, again, it’s left pretty vague.

There is, as expected, plans concerning information sharing — but again, they’re left pretty empty on specifics. It talks about an “information exchange framework.” Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don’t lead to massive privacy violations, despite the President’s earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.

Separately, it lists out 16 critical infrastructure “sectors,” but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does “communications” include things like social networking? It’s important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information “sharing” abuse efforts by the government. We all know there’s plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there’s little indication that any of that has really been taken into consideration.

All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.

Honestly, looking this over, you get the sense that it’s really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It’s no secret that the administration’s overall preference is to get a law in place, rather than this executive order. That’s been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don’t approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can’t go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.

Either way, we’ll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars…

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “LEAKED! Here's The White House's Draft Cybersecurity Executive Order”

Subscribe: RSS Leave a comment
SolkeshNaranek says:

Cybersecurity and Politicians

That’s been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don’t approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can’t go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.

With very few exceptions, I have seen no evidence what so ever that politicians have any understanding of cybersecurity, the Internet, and in a lot of cases even how to properly research and write a law.

Mr. Smarta** (profile) says:

Only 16?

Separately, it lists out 16 critical infrastructure “sectors,” but those can be interpreted really broadly, which is dangerous.
And I’m sure every single one is capable of being interpreted as “Obama can crown himself king and extend his rule for fifty years while simultaneously disolving the Bill of Rights and the Constitution and turning the Legislative and Judicial branches into party houses for all of his cronies and buddies who worked so hard to put him in power… All hail your new king. The White House has now become the new frat house. I’m sure the November election is just a formality that he’s already won. No need to campaign.

Rapnel (profile) says:

16 critical infrastructure sectors; that seems pretty specific. I haven’t read this yet but off the top of my head I’m wondering why that isn’t less than 1.

Information exchange. Well, that seems to me like people communicating. Be it a seller and a customer or a company sharing catalogs of analytics or countless similar things – people are involved. Right or wrong, just or not, the fact is that information about people is involved.

Do they get privacy in their communications or not? Whole privacy.

Cybersecurity is a defensive art. You need to know how to protect yourself in ever changing conditions. You need to understand what it is you’re protecting yourself against. And here we have, what I understand it to be, people. Even. The. Ones. That. You. Are. Defending. There is a new separation that has not been recognized. You leaders, true and not, must engage. As far as the US goes it is imperative that they pay attention that they’re setting the bar based upon the core values and beliefs that are those of a free people.

Communications == People == Privacy : Cardinal position one

Anonymous Coward says:

You should make sure that the leaked document doesn’t have any watermarks. You know that many printers, even household printers, watermark documents in ways that can’t be easily seen by the naked eye. They may have all sorts of information such as the printer that was used, time of day, with phones perhaps even GPS location of where a picture was taken, etc… HP has had a history of working with the government to watermark printouts with the excuse that it’s to trace counterfeiters (not that this is necessarily a bad excuse, but it can have free speech and anonymity/privacy implications).

Same thing with these SOPA and other negotiations that get leaked, those leaking these documents need to be careful because they may have watermarks indicating which document was leaked which could be used to trace who leaked the information.

Anonymous Coward says:

basically, the US government want carte blanche to do what it wants, when it wants, where it wants, to whoever it wants, for whatever reason it wants. it also wants to be able to authorise whoever it wants to be able to do the same. however, it also wants to be able to stop anyone else from doing the same. the ridiculous thing about all this is that if the US weren’t so intent on trying to take over everywhere else, for it’s own benefit, there would be no nedd for any of this shit anyway. they start it and dont like it when there is retaliation, blaming the other side for defending themselves. absolutely crazy! eventually, this will end badly, not just for the US but for everyone!

EduardAwesome (user link) says:

These old senators DONT know SHIT about the internet

These guys cannot cop with our nation’s need for knowledgeable representatives about computer cyber-security our the internet’s and nation’s needs for laws and regulations. I’m okay with a bill that is specific about what it does even if it counters piracy. But not this. If its vague its vague for a reason. Either they are trying to back-stab the American public, sensor us, or they are just incredibly incompetent to write up a decent enough bill…..

Anonymous Coward says:

So, let me get this straight:

A bill is put forth using the normal legislative method, but this bill, unsavory as it is to the American people, rightly fails to pass.

Now that the bill has been put to a vote and subsequently rejected, the president decides to ram the contents of the bill through anyway through an executive order.

Hmm. There’s a word for political systems like that, but I don’t think “democracy” is that word.

average_joe (profile) says:


Oh yes, please take Mike Masnick’s zealotry seriously.

Cuz y’know, any zealot that ignores this, is a zealot worth taking seriously…


Sorry, but if a study’s conclusions don’t comport with his predetermined reality, then that study is ipso facto conclusively debunked. Perhaps you need some Kool-Aid and a lobotomy.

That Anonymous Coward (profile) says:


[citation needed]

Some people in China might be hacking to get secrets or blueprints and the like.
The US has been actively trying to use cyberspace to cause physical harm and damage to system in countries they dislike.

And never forget the whole ZOMG my computer bluescreened CHINA DID IT factor. Sorta like the whole homeland security flip out over a valve at a water processing plant that was “hacked” … until it came out no it wasn’t. But the media ran with the story of hackers destroying the water system.

Homeland Security who when informed by a company their systems were hacked, Well just keep letting them poke around and only stop them if they do something very dangerous.

wvhillbilly (profile) says:

Cybersecurity and Politicians

I think, if truth be known, is that what the government really wants is the authority to shut down any website it doesn’t like. I suspect they’re much more interested in that than they are in preventing “piracy”, though they may use “piracy” as an excuse for shutting them down.

We are headed into police state martial law probably in the very near future, and I suspect among the first things ICE and other government agencies (Homeland Security?) will do when it comes is to shut down all the alternative news sites that are exposing all the things the mainline media is hiding from us.

Watch for it.

average_joe (profile) says:


Nothing. His point was about Mike’s zealotry. Studies that make piracy look positive are trotted out as gospel truth, while studies that make piracy look bad are either ignored or claimed to be completely debunked. The point is that it’s impossible to take Mike seriously because he’s so incredibly biased. So when Mike posts a FUD-piece like this (“LEAKED!” OMG!), it’s hard to get too worked up.

Jay S. says:

These old senators DONT know SHIT about the internet

They know plenty about the Internet. That’s precisely why they’re trying to ram this bill through. The Internet represents a massive threat to the elites because it decentralizes communications and media, as well as poses potential future threats like the widespread adoption of digital crypto-currencies such as Bitcoin. What the government is doing now is entirely rational when you understand how dangerous the Internet is to them – it is the new Gutenberg Press.

F! says:


It all depends on how one defines ‘cyber war’.

The US is actively waging war against the open internet. So are many other governments. They have also all moved quite a large portion of their usual espionage into cyberspace (or tricks like the Stuxnet worm against Iran, which was the USA in partnership with Isreal), but that’s just the kind of games governments have always played, and always will – they’ve just found a new tool.

The real ‘cyber terror’ is the war of censorship by the governments of the world against the common citizens. Same old class war, now in cyberspace.

average_joe (profile) says:


Just because your BS is always called out doesn’t make you right or Mike wrong, or vice versa for that matter. But without proof, you’re just pissing in the wind.

Huh? I didn’t say, nor have I ever said, that Mike is wrong because my BS gets called out. Mike is wrong because Mike works backward, is intellectually dishonest, jumps to conclusions, and ignores all evidence that doesn’t jive with his anti-IP hate mongering. Lots of people challenge me on my posts, but unlike most, I explain myself and cite caselaw. If you haven’t noticed that Mike plays fast and loose with reality, then you just aren’t paying attention. He’s an extremist zealot who couldn’t be honest about IP if his life depended on it.

backstab59 (profile) says:

A threat is an act of coercion wherein an act is proposed to elicit a negative response. It is a communicated intent to inflict harm or loss on another person. It can be a crime in many jurisdictions. Threat (intimidation) is widely seen in animals, particularly in a ritualized form, chiefly in order to avoid the unnecessary physical violence that can lead to physical damage or death of both conflicting parties.
Design basis threat (DBT) is a classified document that discovers the characteristics of the potential threats (actual threat, not a possibility)
Backward induction is the process of reasoning backwards in time, from the end of a problem or situation, to determine a sequence of optimal actions. It proceeds by first considering the last time a decision might be made and choosing what to do in any situation at that time. Using this information, one can then determine what to do at the second-to-last time of decision. This process continues backwards until one has determined the best action for every possible situation (i.e. for every possible information set) at every point in time.
Intimidation (also called cowing) is intentional behavior that “would cause a person of ordinary sensibilities” fear of injury or harm. It’s not necessary to prove that the behavior was so violent as to cause terror or that the victim was actually frightened.
Are we actually seeing now were/who is a treat?
Criminal threatening (or threatening behavior) is the crime of intentionally or knowingly putting another person in fear of imminent bodily injury. “Threat of harm generally involves a perception of injury…physical or mental damage…act or instance of injury, or a material and detriment or loss to a person.” “A terroristic threat is a crime generally involving a threat to commit violence communicated with the intent to terrorize another.”
Threatening behaviors may be conceptualized as a maladaptive outgrowth of normal competitive urge for interrelational dominance generally seen in animals. Alternatively, intimidation may result from the type of society in which individuals are socialized, as human beings are generally reluctant to engage in confrontation or threaten violence.
Like all behavioral traits it exists in greater or lesser manifestation in each individual person over time, but may be a more significant “compensatory behavior” for some as opposed to others. Behavioral theorists often see threatening behaviours as a consequence of being threatened by others, including parents, authority figures, playmates and siblings. ?Use of force is justified when a person reasonably believes that it is necessary for the defense of oneself or another against the immediate use of unlawful force.?
Lets create a bigger RISKthreat footprint because im scared ?????

Yokai says:

Response to: Anonymous Coward on Sep 15th, 2012 @ 7:50am

Issue isn’t that a bad bill was rejected, issue is that no bill, good or bad, has been made into law.

It is not contentious that we need new laws in regards to (cyber)security. What IS a major point of contention is the specifics of those new laws. This is the battlefield.

In an attempt to 1) provide a stopgap until new laws are created and 2) force the people ACTUALLY RESPONSIBLE FOR MAKING NEW LAWS TO GET OFF THEIR COLLECTIVE ASS AND MAKE SOME GODDAMN LAWS through accepted democratic processes, the president is making an executive order which is supposed to be unpleasant for all involved.

The crappiness is a feature, not a bug, designed to act as an incentive for the creation of actual laws.

Bonnie (profile) says:

Only 16?

SAY WHAT?? Obummer has “already won”??? I beg to DIFFER! Guess what, Mr. Smarta….there is NO WAY Obumma will be reelected!! No matter how many lies and distortions come spewing out of the propagandist, lap dog puppet establishment media; no matter what the extent of corruption and voter fraud goes on, Obummer is OUT!! The election has not even taken place, and you’re throwing your hands up in defeat??? Really?

anonymous coward says:

tell me my tin foil hat is to tight now!!!!!

1: the NSA is building the largest surveillance center in the history of the world to monitor every bit of data across the globe.

2: Microsoft’s prototype NYC “emergency camera monitoring system”.

3: Facebook’s new facial recognition software. being able to ID anyone in a matter of seconds. linking the image with all of their personal info, as well as family and friends info, accessible at the click of the eagles motherfucking beak.

4: if this bill is passed it will give them the keys to side step every safeguard set in place to protect your rights as a free citizens. completing a “legal” chain to every bit of information in the country, without the need for probable cause or a warrant. when these systems get up and running across the nation it will give them the ability to track anyone across the nation, with the ability to project evasion routes and known associates. (even favorite dining habits.)

are you pissed off yet?

Bob Alexander says:

critical infrastructure protection

I agree that this may be a false document with no stamps, no clearances, no indicators of its origins, and no specific author(s). Let us not pass it along as fact and even if it is a draft, let’s understand that drafts have absolutely no effect as legislation or executive orders. Without more specific origins and intentions this is a tempest in a teapot.

No1netfan (profile) says:

I’ve watched everything i could about Rick Simpson’s find on how to cure cancer with hemp oil.I have helped over ten thousand people read about this treatment that has no side affects with it’s use.I learned about this on the internet.To date there have been over a million people use this tuff for over two hundred illness’s and are winning the battle against illness.They will probably shut this down,because what government is going to want their citizens curing their own illness’s.No money to be made in stocks on this treatment.To bad,to late.Every Medical Marijuana states population is learning more about this treatment and are doing so at an alarming rate.If you can believe all the stuff the American Cancer Society has to say about treatments than you didn’t read between the lines close enough.All this info in on the internet and the ACS will tell the public anything they can to keep the people who are getting cancer to keep using their chemo and radiation treatments even when the doctors themselves knows the stuff doesn’t work except on 1-3% of the patients.The rest die.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...