ACLU worries about effects of Obama’s ‘vague’ secret cyber security directive

By Stephen C. Webster
Wednesday, November 14, 2012 15:08 EDT
google plus icon
A depiction of a cyber criminal. Photo: Shutterstock, all rights reserved.
  • Print Friendly and PDF
  • Email this page

President Barack Obama signed a secret policy directive in mid-October that establishes guidelines for using the military to “vet any operations outside government and defense networks,” according to a report published Wednesday in The Washington Post.

While the details and exact language of the directive remain unclear, it sounds like language in a bill Congress proposed earlier this year and that privacy advocates remained strongly skeptical of. Unfortunately, it’s not clear if that’s the case.

In an exclusive interview with Raw Story, Michelle Richardson, legislative counsel for the American Civil Liberties Union (ACLU), emphasized that the president’s secret directive could mean dozens of different things that aren’t made clear by the Post‘s story.

“This article is really vague,” she said. “It’s hard to really judge how good or bad this is. Theoretically, if in the details it does tow the right lines, it could be an improvement inasmuch as it regulates an area that is right now undetermined… but it’s almost impossible to judge where they drew the line [without seeing the directive itself].”

However, she conceded that it could actually represent Obama implementing a key tenet of the Cyber Intelligence Sharing and Protection Act (CISPA), which he initially threatened to veto over its lack of privacy safeguards. CISPA, however, included some things that Democrats actually wanted to do, like setting security standards for networks outside the government, which was at the heart of the squabble over cyber security earlier this year on Capitol Hill.

Since that dust-up, Obama’s staff has been drafting an executive order that would accomplish the most controversial information sharing portions of CISPA, placing the civilian-run Department of Homeland Security in charge of cyber security instead of the military-run National Security Agency.

“But it’s hard to see if that’s what they mean,” Richardson said. “You can’t compel companies to do anything, so what do they mean? Are they laying the groundwork now in case there’s an emergency? Building a relationship now in case there is an attack on private networks? Making resources available to critical infrastructure? There’s so many ways you can go about doing this. You can’t tell from this article if it’s going to be a privacy disaster.”

She concluded: “Hopefully [the directive] will be made public, but I doubt that’s the plan.”

Update: Electronic Frontier Foundation puzzled too

In an email, a spokesperson for the Electronic Frontier Foundation appeared to second the ACLU, saying simply that the directive is as of now “outside of our expertise.” No further statement was given.


Photo: Shutterstock.com, all rights reserved.

Stephen C. Webster
Stephen C. Webster
Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.
By commenting, you agree to our terms of service
and to abide by our commenting policy.