ACLU worries about effects of Obama’s ‘vague’ secret cyber security directive
President Barack Obama signed a secret policy directive in mid-October that establishes guidelines for using the military to “vet any operations outside government and defense networks,” according to a report published Wednesday in The Washington Post.
While the details and exact language of the directive remain unclear, it sounds like language in a bill Congress proposed earlier this year and that privacy advocates remained strongly skeptical of. Unfortunately, it’s not clear if that’s the case.
In an exclusive interview with Raw Story, Michelle Richardson, legislative counsel for the American Civil Liberties Union (ACLU), emphasized that the president’s secret directive could mean dozens of different things that aren’t made clear by the Post‘s story.
“This article is really vague,” she said. “It’s hard to really judge how good or bad this is. Theoretically, if in the details it does tow the right lines, it could be an improvement inasmuch as it regulates an area that is right now undetermined… but it’s almost impossible to judge where they drew the line [without seeing the directive itself].”
However, she conceded that it could actually represent Obama implementing a key tenet of the Cyber Intelligence Sharing and Protection Act (CISPA), which he initially threatened to veto over its lack of privacy safeguards. CISPA, however, included some things that Democrats actually wanted to do, like setting security standards for networks outside the government, which was at the heart of the squabble over cyber security earlier this year on Capitol Hill.
Since that dust-up, Obama’s staff has been drafting an executive order that would accomplish the most controversial information sharing portions of CISPA, placing the civilian-run Department of Homeland Security in charge of cyber security instead of the military-run National Security Agency.
“But it’s hard to see if that’s what they mean,” Richardson said. “You can’t compel companies to do anything, so what do they mean? Are they laying the groundwork now in case there’s an emergency? Building a relationship now in case there is an attack on private networks? Making resources available to critical infrastructure? There’s so many ways you can go about doing this. You can’t tell from this article if it’s going to be a privacy disaster.”
She concluded: “Hopefully [the directive] will be made public, but I doubt that’s the plan.”
Update: Electronic Frontier Foundation puzzled too
In an email, a spokesperson for the Electronic Frontier Foundation appeared to second the ACLU, saying simply that the directive is as of now “outside of our expertise.” No further statement was given.
Photo: Shutterstock.com, all rights reserved.