ACLU Responds to Executive Order on Cybersecurity; Opposes CISPA

Obama’s Order Embraces Privacy Principles While House Fails to Protect Privacy, says ACLU

February 13, 2013

FOR IMMEDIATE RELEASE
CONTACT: (212) 549-2666; media@aclu.org

WASHINGTON – President Obama tonight signed an executive order to protect U.S. critical infrastructure from cyberattacks by improving cybersecurity information sharing between the government and owners and operators of the nation’s critical infrastructure. Unlike legislation that will be introduced into the House tomorrow, the president’s executive order seeks to protect Americans’ digital privacy when information-sharing occurs, according to the ACLU.

“The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties. For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information,” ACLU Legislative Counsel Michelle Richardson said. “More encouragingly, the adoption of Fair Information Practice Principles for internal information sharing demonstrates a commitment to tried-and-true privacy practices – like consent, transparency, minimization and use limitations. If new information sharing authorities are granted—especially the overbroad ones being pondered by the House—these principles will be more important than ever. We look forward to working with the administration to make sure that the devil isn’t in the details when privacy regulations are drafted.”

In Congress, House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will reportedly reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) tomorrow, which passed the House last Congress but failed to gain traction in the Senate.

“The ACLU still opposes CISPA, which once again allows companies to share sensitive and personal American internet data with the government, including the National Security Agency and other military agencies,” Richardson said. “CISPA does not require companies to make reasonable efforts to protect their customers’ privacy and then allows the government to use that data for undefined ‘national-security’ purposes and without any minimization procedures, which have been in effect in other security statutes for decades.”

The ACLU continues to support the strong privacy protections in the Senate’s cybersecurity bill from the last Congress, which is expected to be reintroduced sometime soon.

“The Senate bill and the executive order make significant progress in the privacy arena and it is discouraging that the House persists in taking the low road,” Richardson added.