Details of secretive directive still unclear
Source: Steve Watson
Washington insiders say it is almost certain that Barack Obama will once again bypass Congress in the coming weeks and issue an executive order on cybersecurity, a prospect that has worried privacy groups.
The order is expected to place new demands on private companies to share information with the government, intelligence agencies and even the military. Watchdogs fear that the order will allow the federal government to wield excessive power over areas such as water plants, financial systems and the electric grid.
A permanent legislative solution has not been reached, with the latest effort falling flat in August. Obama was expected to issue the order in December. However, insiders say that the economic crisis has stalled those plans.
“It’d be reasonable to say that releasing the executive order now would irritate Congress and might create an unnecessary burden for reaching a deal on the fiscal issues,” said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies.
“Every day they get closer to Christmas it makes less sense to put it out, unless you want to hide it,” Lewis said.
“With attention on [the] fiscal cliff and the holiday season, it is hard to imagine getting all the agency approvals in place in the next week,” said Jessica Herrera-Flanigan, a partner at Monument Policy Group and former general counsel on the House Homeland Security Committee.
Without specifically commenting on the executive order, White House spokeswoman Caitlin Hayden noted “We have been reaching out extensively to both the private sector and Congress to seek their input, and are continuing our internal deliberations,”
“Given the gravity of the threats we face in cyberspace, we want to get this right, in addition to getting it done swiftly.” Hayden said in a statement.
As we recently reported, the National Security Agency has refused to release details of a secret presidential directive Obama signed off in October which experts believe could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook.
The directive is also believed to widely expand NSA’s spying authorities.
“The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism.” the Washington Post reported last month.
In response to the move, lawyers with the Electronic Privacy Information Center (EPIC) filed a Freedom of Information Act (FOIA) request (PDF) demanding that the Obama administration make public the text of the directive.
The NSA responded to the FOIA request with a statement arguing that it does not have to release the document because it is a confidential presidential communication and it is classified.
“Disclosure could reasonably be expected to cause exceptionally grave damage to the national security.” the NSA response read.
“Because the document is currently and properly classified, it is exempt from disclosure,” the statement noted.
Attorneys for EPIC say they plan to appeal and force the text of the secret directive to be publicly disclosed.
“We believe that the public hasn’t been able to involve themselves in the cybersecurity debate, and the reason they can’t involve themselves is because they don’t have the right amount of information,” EPIC attorney Amie Stepanovich said.
In an official statement to Congress earlier this year, EPIC explained that the NSA was a “black hole for public information about cybersecurity.”
EPIC is also involved in ongoing lawsuits involving the secret nature of the NSA’s relationship with search engine giant Google, and a similar secretive presidential directive issued in 2008 regarding the NSA’s cybersecurity authority.
As we have also noted, the latest secret directive appears to also legally enable the US military and the NSA to use newly created computer viruses to attack any organisation or country deemed to be a cyber threat. Obama has already shown the willingness to carry out such attacks, as new details surrounding the 2010 stuxnet attack revealed earlier this year.