LEAKED! Here's The White House's Draft Cybersecurity Executive Order
from the vague-enough-for-ya? dept
Earlier this week, we wrote about how the White House was working on an executive order to act as a “stand in” for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw… but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It’s embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It’s also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues — but, again, it’s left pretty vague.
There is, as expected, plans concerning information sharing — but again, they’re left pretty empty on specifics. It talks about an “information exchange framework.” Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don’t lead to massive privacy violations, despite the President’s earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.
Separately, it lists out 16 critical infrastructure “sectors,” but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does “communications” include things like social networking? It’s important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information “sharing” abuse efforts by the government. We all know there’s plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there’s little indication that any of that has really been taken into consideration.
All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.
Honestly, looking this over, you get the sense that it’s really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It’s no secret that the administration’s overall preference is to get a law in place, rather than this executive order. That’s been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don’t approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can’t go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.
Either way, we’ll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars…
Filed Under: cispa, critical infrastructure, cybersecurity, cyberseuciryt act, executive order, homeland security, president obama, white house
Comments on “LEAKED! Here's The White House's Draft Cybersecurity Executive Order”
This is really, really disgusting and I hope they either scrap this or fix it up.
Cybersecurity and Politicians
That’s been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don’t approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can’t go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.
With very few exceptions, I have seen no evidence what so ever that politicians have any understanding of cybersecurity, the Internet, and in a lot of cases even how to properly research and write a law.
Why
Why do we need a cybersecurity law? Who are we protecting our systems from? WE’RE THE AGGRESSORS. It’s the United States Government that is the cyber threat.
Only 16?
Separately, it lists out 16 critical infrastructure “sectors,” but those can be interpreted really broadly, which is dangerous.
And I’m sure every single one is capable of being interpreted as “Obama can crown himself king and extend his rule for fifty years while simultaneously disolving the Bill of Rights and the Constitution and turning the Legislative and Judicial branches into party houses for all of his cronies and buddies who worked so hard to put him in power… All hail your new king. The White House has now become the new frat house. I’m sure the November election is just a formality that he’s already won. No need to campaign.
16 critical infrastructure sectors; that seems pretty specific. I haven’t read this yet but off the top of my head I’m wondering why that isn’t less than 1.
Information exchange. Well, that seems to me like people communicating. Be it a seller and a customer or a company sharing catalogs of analytics or countless similar things – people are involved. Right or wrong, just or not, the fact is that information about people is involved.
Do they get privacy in their communications or not? Whole privacy.
Cybersecurity is a defensive art. You need to know how to protect yourself in ever changing conditions. You need to understand what it is you’re protecting yourself against. And here we have, what I understand it to be, people. Even. The. Ones. That. You. Are. Defending. There is a new separation that has not been recognized. You leaders, true and not, must engage. As far as the US goes it is imperative that they pay attention that they’re setting the bar based upon the core values and beliefs that are those of a free people.
Communications == People == Privacy : Cardinal position one
You should make sure that the leaked document doesn’t have any watermarks. You know that many printers, even household printers, watermark documents in ways that can’t be easily seen by the naked eye. They may have all sorts of information such as the printer that was used, time of day, with phones perhaps even GPS location of where a picture was taken, etc… HP has had a history of working with the government to watermark printouts with the excuse that it’s to trace counterfeiters (not that this is necessarily a bad excuse, but it can have free speech and anonymity/privacy implications).
Same thing with these SOPA and other negotiations that get leaked, those leaking these documents need to be careful because they may have watermarks indicating which document was leaked which could be used to trace who leaked the information.
Re:
I’m sorry to say that your paranoia is severely lacking. http://en.wikipedia.org/wiki/Canary_trap
How are you going to remove the identifying features if the words themselves are those features? And when it comes to legal phrasings, you can’t just paraphrase shit.
Re:
http://www.youtube.com/watch?v=dddAi8FF3F4 lulz
that is all….
Nigel
Oh yes, please take Mike Masnick’s zealotry seriously.
Cuz y’know, any zealot that ignores this, is a zealot worth taking seriously…
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2132153
basically, the US government want carte blanche to do what it wants, when it wants, where it wants, to whoever it wants, for whatever reason it wants. it also wants to be able to authorise whoever it wants to be able to do the same. however, it also wants to be able to stop anyone else from doing the same. the ridiculous thing about all this is that if the US weren’t so intent on trying to take over everywhere else, for it’s own benefit, there would be no nedd for any of this shit anyway. they start it and dont like it when there is retaliation, blaming the other side for defending themselves. absolutely crazy! eventually, this will end badly, not just for the US but for everyone!
Cybersecurity and Politicians
They don’t know, and they don’t want to bother learning.
Not knowing how to do your job is ignorance. Not wanting to know how to do your job is stupidity.
These old senators DONT know SHIT about the internet
These guys cannot cop with our nation’s need for knowledgeable representatives about computer cyber-security our the internet’s and nation’s needs for laws and regulations. I’m okay with a bill that is specific about what it does even if it counters piracy. But not this. If its vague its vague for a reason. Either they are trying to back-stab the American public, sensor us, or they are just incredibly incompetent to write up a decent enough bill…..
Whatever happened to defending freedom?
Vague is bad...
The fact this document is so vague is a bad thing… since most people in this country aren’t reading it at all, and probably don’t even know about it.
Gives me the feeling it’s a “fill in the blanks” or a “blank check” type of approach to forcing some sort of legislation through.
Re:
Perhaps one should understand the meaning of words prior to using them.
If this infrastructure is so damned important then do not connect it to the internet.
It looks remarkably like a false document. Not at all complete, no stamps, no clearances, no nothing.
Fail 🙂
So, let me get this straight:
A bill is put forth using the normal legislative method, but this bill, unsavory as it is to the American people, rightly fails to pass.
Now that the bill has been put to a vote and subsequently rejected, the president decides to ram the contents of the bill through anyway through an executive order.
Hmm. There’s a word for political systems like that, but I don’t think “democracy” is that word.
Re:
Oh yes, please take Mike Masnick’s zealotry seriously.
Cuz y’know, any zealot that ignores this, is a zealot worth taking seriously…
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2132153
Sorry, but if a study’s conclusions don’t comport with his predetermined reality, then that study is ipso facto conclusively debunked. Perhaps you need some Kool-Aid and a lobotomy.
Why
You are dumb. Its china that is constantly attacking us.
Re:
Er, what does that have to do with cybersecurity?
Re:
“if a study’s conclusions don’t comport with his predetermined reality, then that study is ipso facto conclusively debunked”
Well AJ … if the show fits.
Why
[citation needed]
Some people in China might be hacking to get secrets or blueprints and the like.
The US has been actively trying to use cyberspace to cause physical harm and damage to system in countries they dislike.
And never forget the whole ZOMG my computer bluescreened CHINA DID IT factor. Sorta like the whole homeland security flip out over a valve at a water processing plant that was “hacked” … until it came out no it wasn’t. But the media ran with the story of hackers destroying the water system.
Homeland Security who when informed by a company their systems were hacked, Well just keep letting them poke around and only stop them if they do something very dangerous.
A missing critical system that needs immediate action…
Critical Thinking.
Only 16?
What do you mean, “become”? It’s always been a frat house. We are just more aware of it thanks to the internet.
Before it too late
Aluminum is NOT BENIGN in the environment. That statement was made by top official and is ludicrous.
Re:
It was never about defending freedom. It’s just one of those rallying cries like “think of the children!”
Re:
Stop making sense.
Why
Are you joking? The US are definitely not the aggressors in cyber warfare. Iran, china, Russia, Israel, and Palestein all have surpassed, matched, or are close to our level of cyber attacks
Cybersecurity and Politicians
I think, if truth be known, is that what the government really wants is the authority to shut down any website it doesn’t like. I suspect they’re much more interested in that than they are in preventing “piracy”, though they may use “piracy” as an excuse for shutting them down.
We are headed into police state martial law probably in the very near future, and I suspect among the first things ICE and other government agencies (Homeland Security?) will do when it comes is to shut down all the alternative news sites that are exposing all the things the mainline media is hiding from us.
Watch for it.
Re:
Its politics, they will probably get paid err umm additional campaign funding to make it worse.
Figured
Seems like the Government is keeping up with the times just like Apple did with the iPhone 5.
Re:
Nothing. His point was about Mike’s zealotry. Studies that make piracy look positive are trotted out as gospel truth, while studies that make piracy look bad are either ignored or claimed to be completely debunked. The point is that it’s impossible to take Mike seriously because he’s so incredibly biased. So when Mike posts a FUD-piece like this (“LEAKED!” OMG!), it’s hard to get too worked up.
Re:
[citation needed]
Just because your BS is always called out doesn’t make you right or Mike wrong, or vice versa for that matter. But without proof, you’re just pissing in the wind.
Cybersecurity and Politicians
Maybe they should ask Al Gore. After all, he invented the internet.
Question for anyone that wants to answer
I am having trouble viewing the document, all i am getting is the little symbol in the middle that appears to be rotating. am i missing a piece of software or something?? cause i would really love to read this. any help would be appreciated.
Cybersecurity and Politicians
Sir you really should take credit for that comment as it made me almost fall out of my chair laughing.
These old senators DONT know SHIT about the internet
They know plenty about the Internet. That’s precisely why they’re trying to ram this bill through. The Internet represents a massive threat to the elites because it decentralizes communications and media, as well as poses potential future threats like the widespread adoption of digital crypto-currencies such as Bitcoin. What the government is doing now is entirely rational when you understand how dangerous the Internet is to them – it is the new Gutenberg Press.
Re:
And you’re the epitome of impartiality, Mr. I-think-Fuck-off-and-die-counts-as-an-argument.
Re:
We don’t live in a democracy. We live in a representative republic.
Cybersecurity and Politicians
I’m sure you’re aware he never said that. As a meme it’s cute, but c’mon, it’s over a decade old…
Why
It all depends on how one defines ‘cyber war’.
The US is actively waging war against the open internet. So are many other governments. They have also all moved quite a large portion of their usual espionage into cyberspace (or tricks like the Stuxnet worm against Iran, which was the USA in partnership with Isreal), but that’s just the kind of games governments have always played, and always will – they’ve just found a new tool.
The real ‘cyber terror’ is the war of censorship by the governments of the world against the common citizens. Same old class war, now in cyberspace.
Re:
And you’re the epitome of impartiality, Mr. I-think-Fuck-off-and-die-counts-as-an-argument.
I love it. You’re too stupid to actually make a point, so you just say something that makes no sense and is a lie.
Please link to where I used “fuck off and die” as an argument.
You cannot.
Re:
Just because your BS is always called out doesn’t make you right or Mike wrong, or vice versa for that matter. But without proof, you’re just pissing in the wind.
Huh? I didn’t say, nor have I ever said, that Mike is wrong because my BS gets called out. Mike is wrong because Mike works backward, is intellectually dishonest, jumps to conclusions, and ignores all evidence that doesn’t jive with his anti-IP hate mongering. Lots of people challenge me on my posts, but unlike most, I explain myself and cite caselaw. If you haven’t noticed that Mike plays fast and loose with reality, then you just aren’t paying attention. He’s an extremist zealot who couldn’t be honest about IP if his life depended on it.
These old senators DONT know SHIT about the internet
Parent is accurate. Pay attention.
Re:
Defending freedom is the people’s job. The government gets distracted with defending itself.
Re:
A woefully inadequate representation at that.
Same problem here. Would love to be able to read it so I can see what’s got everybody so upset.
Cybersecurity and Politicians
Neither have I and another scary thing is how they are really leading us into 1984 BS using dumb fearmongering tactics, ETC.
We get what is Voted in over and over.Wake me up when the Revolution is over please.
A threat is an act of coercion wherein an act is proposed to elicit a negative response. It is a communicated intent to inflict harm or loss on another person. It can be a crime in many jurisdictions. Threat (intimidation) is widely seen in animals, particularly in a ritualized form, chiefly in order to avoid the unnecessary physical violence that can lead to physical damage or death of both conflicting parties.
Design basis threat (DBT) is a classified document that discovers the characteristics of the potential threats (actual threat, not a possibility)
Backward induction is the process of reasoning backwards in time, from the end of a problem or situation, to determine a sequence of optimal actions. It proceeds by first considering the last time a decision might be made and choosing what to do in any situation at that time. Using this information, one can then determine what to do at the second-to-last time of decision. This process continues backwards until one has determined the best action for every possible situation (i.e. for every possible information set) at every point in time.
Intimidation (also called cowing) is intentional behavior that “would cause a person of ordinary sensibilities” fear of injury or harm. It’s not necessary to prove that the behavior was so violent as to cause terror or that the victim was actually frightened.
Are we actually seeing now were/who is a treat?
Criminal threatening (or threatening behavior) is the crime of intentionally or knowingly putting another person in fear of imminent bodily injury. “Threat of harm generally involves a perception of injury…physical or mental damage…act or instance of injury, or a material and detriment or loss to a person.” “A terroristic threat is a crime generally involving a threat to commit violence communicated with the intent to terrorize another.”
Threatening behaviors may be conceptualized as a maladaptive outgrowth of normal competitive urge for interrelational dominance generally seen in animals. Alternatively, intimidation may result from the type of society in which individuals are socialized, as human beings are generally reluctant to engage in confrontation or threaten violence.
Like all behavioral traits it exists in greater or lesser manifestation in each individual person over time, but may be a more significant “compensatory behavior” for some as opposed to others. Behavioral theorists often see threatening behaviours as a consequence of being threatened by others, including parents, authority figures, playmates and siblings. ?Use of force is justified when a person reasonably believes that it is necessary for the defense of oneself or another against the immediate use of unlawful force.?
Lets create a bigger RISKthreat footprint because im scared ?????
Typo pointer.
Mike, you let a typo loose in the entry title. There is no R in daft.
Hey Mike – can you publish a PDF of this thing? The SWF version doesn’t work. Thanks!
Cybersecurity and Politicians
The Revolution starts tomorrow night on NBC.
Response to: Anonymous Coward on Sep 15th, 2012 @ 7:50am
Issue isn’t that a bad bill was rejected, issue is that no bill, good or bad, has been made into law.
It is not contentious that we need new laws in regards to (cyber)security. What IS a major point of contention is the specifics of those new laws. This is the battlefield.
In an attempt to 1) provide a stopgap until new laws are created and 2) force the people ACTUALLY RESPONSIBLE FOR MAKING NEW LAWS TO GET OFF THEIR COLLECTIVE ASS AND MAKE SOME GODDAMN LAWS through accepted democratic processes, the president is making an executive order which is supposed to be unpleasant for all involved.
The crappiness is a feature, not a bug, designed to act as an incentive for the creation of actual laws.
Only 16?
SAY WHAT?? Obummer has “already won”??? I beg to DIFFER! Guess what, Mr. Smarta….there is NO WAY Obumma will be reelected!! No matter how many lies and distortions come spewing out of the propagandist, lap dog puppet establishment media; no matter what the extent of corruption and voter fraud goes on, Obummer is OUT!! The election has not even taken place, and you’re throwing your hands up in defeat??? Really?
Cybersecurity and Politicians
Why is the fact that “he never said that” something that matters? As I understand the libs, the bottom line is: “If you say anything loudly enough and long enough, it will eventually become the truth”!
Only 16?
Wow … get a grip
Re:
extremist zealot .. really?
And here I thought such terminology was reserved for those who fly planes into buildings, blow up planned parenthood and IRS buildings, murder doctors – you know … that sort of thing. Guess ya learn something new every day.
Only 16?
Mr. Smarta, do you REALLY believe that Obumma would even survive such an attempt?? Trust me….NOT IN A PIG’S EYE!!!
Only 16?
hehehehe!
Why
You`re a cunt
tell me my tin foil hat is to tight now!!!!!
1: the NSA is building the largest surveillance center in the history of the world to monitor every bit of data across the globe.
2: Microsoft’s prototype NYC “emergency camera monitoring system”.
3: Facebook’s new facial recognition software. being able to ID anyone in a matter of seconds. linking the image with all of their personal info, as well as family and friends info, accessible at the click of the eagles motherfucking beak.
4: if this bill is passed it will give them the keys to side step every safeguard set in place to protect your rights as a free citizens. completing a “legal” chain to every bit of information in the country, without the need for probable cause or a warrant. when these systems get up and running across the nation it will give them the ability to track anyone across the nation, with the ability to project evasion routes and known associates. (even favorite dining habits.)
are you pissed off yet?
tell me my tin foil hat is to tight now!!!!!
Heil Bush!
Heil Obama!
Heil ???
How about they just use the fucking laws on the books they have already? Oh that’s right they just want to INTENTIONALLY spy on you this time…
critical infrastructure protection
I agree that this may be a false document with no stamps, no clearances, no indicators of its origins, and no specific author(s). Let us not pass it along as fact and even if it is a draft, let’s understand that drafts have absolutely no effect as legislation or executive orders. Without more specific origins and intentions this is a tempest in a teapot.
Re: critical infrastructure protection
It’s an actual document circulating, but it is an early draft.
The document to which you’re referring is the draft revision/update of the 2003 Homeland Security Presidential Directive-7 or HSPD-7. Presidential directives are not Executive Orders and hold different weight.
I’ve watched everything i could about Rick Simpson’s find on how to cure cancer with hemp oil.I have helped over ten thousand people read about this treatment that has no side affects with it’s use.I learned about this on the internet.To date there have been over a million people use this tuff for over two hundred illness’s and are winning the battle against illness.They will probably shut this down,because what government is going to want their citizens curing their own illness’s.No money to be made in stocks on this treatment.To bad,to late.Every Medical Marijuana states population is learning more about this treatment and are doing so at an alarming rate.If you can believe all the stuff the American Cancer Society has to say about treatments than you didn’t read between the lines close enough.All this info in on the internet and the ACS will tell the public anything they can to keep the people who are getting cancer to keep using their chemo and radiation treatments even when the doctors themselves knows the stuff doesn’t work except on 1-3% of the patients.The rest die.
Never heard of this before