This isn’t a huge surprise — and last month we even discussed the possibility, but it sounds as though the White House has decided that, with the failure of Congress to pass a comprehensive cybersecurity bill (CISPA passed in the House, but the rather different Cybersecurity Act failed in the Senate), it is going to issue some sort of executive order to deal with “cybersecurity issues.”
Late last week there was an awful lot of speculation over what would be, with some people arguing that it will do too much… and others arguing that it will do too little. However, late Friday, Jason Miller from Federal News Radio claimed to have seen a draft copy, and while he did not share the full copy, he did do a pretty thorough breakdown of what was in it. It sounds pretty similar to the Lieberman/Collins Cybersecurity Act — the one that failed to gain Senate approval. The parts that concerned us the most in the bill — concerning information sharing without real privacy protections — appear to be in this executive order, and in some ways may be worse. While the President cannot grant liability protections for companies who share info with the government (a major concern we had), it sounds like this executive order will put tremendous pressure on companies to share info — noting that it will begin a sort of “name and shame” program for companies who fail to take part. That seems like a recipe for a privacy disaster.
The thing that I’m still waiting for is for someone (anyone?!) to lay out exactly where the problems are with current regulations in the area.