Executive Order on Improving Critical Infrastructure Cybersecurity
February 14, 2013 - 8:59pm
That is the name of the White House's press release about an executive order that President Obama signed yesterday.
Remember, an executive order is the president's secret weapon to advance legislation without Congress. For example, President Roosevelt used this approach in the shameful decision to intern the Japanese in the aftermath of the Pearl Harbor attack. In other words, these orders have the potential to carry a great deal of weight. Depending on where you stand on the political spectrum, or what the decision states, that power may be a good or a bad thing. Obviously history regards President Roosevelt's order as a terrible stain on civil rights. This one regarding cybersecurity may have been the only approach left to President Obama in the wake of Congress's inability to act on cybersecurity legislation due to the lobbying pressure of business interests that could not see the forest of national security through the trees of their bottom line. Many do not think that it goes far enough, but at least it is a start.
Rodney Petersen, Senior Government Relations Officer for EDUCAUSE, sent around some information about it to a Privacy Working Group. With his permission I am copying comments here for everyone to get a taste of what this order is all about … and to put us all on notice that it will have an impact on higher education eventually, so take notice! At this point my overall comment is to notice the distinction between this order and the USA-Patriot Act of 2001 under Bush. In short, this one purposefully includes a balance between national security and civil rights where the latter most obviously did not.
Below is Mr. Petersen's synopsis:
Among the 3 pillars for the Executive Order to include are: 1) critical infrastructure protection; and 2) information sharing; and 3) PRIVACY AND CIVIL LIBERTIES PROTECTIONS.
The Executive Order is now the THIRD TIME that The White House under the Obama Administration has emphasized the importance of Fair Information Practice Principles (http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2008-01.pdf) in its policies. It also includes a National Strategy for Trusted Identities in Cyberspace (www.nist.gov/nstic) and the Consumer Privacy Bill of Rights (http://www.whitehouse.gov/sites/default/files/privacy-final.pdf ).
Below is the relevant excerpt from the EO:
Sec. 5. Privacy and Civil Liberties Protections.
(a) Agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities. Such protections shall be based upon the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as they apply to each agency's activities.
(b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the functions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be released within 1 year of the date of this order. Senior agency privacy and civil liberties officials for other agencies engaged in activities under this order shall conduct assessments of their agency activities and provide those assessments to DHS for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revised as necessary. The report may contain a classified annex if necessary. Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency activities.
(c) In producing the report required under subsection (b) of this section, the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of DHS shall consult with the Privacy and Civil Liberties Oversight Board and coordinate with the Office of Management and Budget (OMB).
(d) Information submitted voluntarily in accordance with 6 U.S.C. 133 by private entities under this order shall be protected from disclosure to the fullest extent permitted by law.