LEAKED! Here's The White House's Draft Cybersecurity Executive Order
from the vague-enough-for-ya? dept
There is, as expected, plans concerning information sharing -- but again, they're left pretty empty on specifics. It talks about an "information exchange framework." Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don't lead to massive privacy violations, despite the President's earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.
Separately, it lists out 16 critical infrastructure "sectors," but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does "communications" include things like social networking? It's important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information "sharing" abuse efforts by the government. We all know there's plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there's little indication that any of that has really been taken into consideration.
All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.
Honestly, looking this over, you get the sense that it's really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It's no secret that the administration's overall preference is to get a law in place, rather than this executive order. That's been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don't approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can't go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.
Either way, we'll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars...