Reporters have already had access to drafts of this executive order. It's a watered-down version of the Lieberman cybersecurity bill, to which CISPA was a watered-down market-friendly alternative. From the thread on the original disclosure of the EO:
The Obama bill (note: Obama-supportin' Democrat here) is worse than CISPA: an everything-and-the-kitchen-sink bill that randomly creates incentive programs, new research organizations, a "cybersecurity tip line", and federally funds research into DNSSEC (DNSSEC: Rated S for Statutory).
Also worth noting: nothing in the Lieberman bill that this EO is patterned on creates enforcement mechanisms for IP and copyright enforcement, or for collecting customer information from ISPs. Of course, neither did the GOP's CISPA bill. That's because neither regulatory effort is about user information.
The problems both of these ill-conceived bills are addressing are simple.
Problem 1: There is no coherent strategy in the (vast, sprawling, chaotic) federal government, which is the largest IT operator in probably the world. Every agency does something slightly different. This means (a) nobody is doing exactly the right thing (usually, they aren't doing anything close to the right thing) and (b) it is prohibitively difficult to introduce new technology to help fix things, because everyone you'd get to buy it has a different set of hoops to jump through.
Problem 2: If you were a foreign adversary who wanted to cripple the US with electronic attacks, you probably wouldn't bother hitting government IT systems. Instead, you'd go for something like the power grid, or a trading exchange. Those systems are privately operated, and so nothing the government does to try to track, monitor, or deflect online attacks can benefit them.
This post may be a little confusing. Do you mean to suggest that Obama has reached beyond executive authority, circumventing the legislature to establish a new SOPA? or is that unintentional?
Because when you say this EO is a watered-down version of a bill, and CISPA was a watered-down version of that, and say that what Obama likes is 'worse' than CISPA - what many people are going to hear is that this EO is the super-mega-SOPA that will take away all their freedoms, and this time sneakily enacted by Obama alone - not that you just think these measures are ill-conceived because they do little to improve security.
I don't know what any of this has to do with SOPA. Or rather: I'm pretty sure none of this has anything to do with SOPA. Even in the early CISPA drafts that mentioned "intellectual property", the animating concern was the theft of source trees and market data, not Creed CDs (intellectual property was stricken from the final version of CISPA passed by the house).
Technology is a big topic. You should just assume that most bills (and EO's) pertaining to technology are not extensions of SOPA, which was a copyright enforcement measure.
To be fair: the President is charged with executing the laws as written. Inasmuch as this EO covers top-down directives for how existing government agencies are to execute on their legislatively-defined missions, he's not going beyond the authority of his office whatsoever.
It's explicitly within his purview to create, or order the creation of, a coherent strategy to meet existing goals, to oversee its implementation, to appoint staff as necessary, to create protocols for inter-governmental operations, etc.
What he can't do, is explicitly order private industries to conform to new protocols or participate in new endeavors, establish penalties for not doing so, etc. -- except inasmuch as private industry is working for the government.
Which is to say: he couldn't order a power plant to overhaul their security to comply with some new government protocol. But he can order the creation of a new government security protocol, even if that requires defense contractors to update accordingly.
the President is charged with executing the laws as written
The President has told us on many occasions: "And where Congress is not willing to act, we're going to go ahead and do it ourselves." That's a direct quote.
The rest of your logic is flawed because you assume that the President is following the rules in the Constitution. Seems to me that he's playing more of a game of "Catch me if you can". Nixon would be jealous.
The President will do what he wants to do, and it's not like the national media will ask many questions about his usurpation of authority.
First, on an admittedly meta note, it's not particularly interesting to explore non-falsifiable arguments on message boards. If your logic holds, Obama can do anything. Why even bother having numbered executive orders? Why not just keep everything absolutely secret and off any record? If Obama is ignoring the Constitution, the only reason for us to presume he's playing small-ball with those violations is to perpetuate the flame war on Hacker News.
Secondly, Obama's "secret" executive order has been reviewed by reporters and compared to previous legislative proposals. The administration is much more constrained in what it can do than was Congress. In particular: the EO pertains to the management of fedgov systems, not private industry, and where the EO touches on private industry, it pertains to the interfaces between fedgov IT and governance and private industries --- ie, how information from the government can be shared with private industry.
If you think this executive order is a Nixonian cat-and-mouse play, I'd respectfully suggest you read more about it before commenting.
I think you are getting into a murky area here. Does the Constitution dictate how the military can deal with cyberattacks, from nations or non-state-actors?
Seems to me that as commander-in-chief, the President has authority to direct the military how to respond to things like this.
Note that in the article, it says that this directive applies to how the military reacts "when combating cyber-attacks directed at major U.S. networks" - assuming that the "US networks" here is referring to government networks.
So if Congress is unwilling to do something on this front, do you expect the military and it's commander-in-chief to do nothing in the meantime?
Public statements like that do not supersede the Constitution; when presidents say things like that, the unspoken context is that their actions are constrained by the rule of law. You need to understand that; otherwise you will drive yourself crazy with all the things that politicians say.
In this particular example, the president can issue orders that control how government agencies operate, so long as they do not contradict a law passed by Congress. He can do this because he is the executive charged with leading government agencies.
What he cannot do--what only Congress can do--is issue an executive order that controls how private companies operate. He does not have direct legal authority over what private companies do; only Congress can set those laws.
The way presidents nuance this is to order that government agencies are only allowed to do business with private companies who do things in certain ways. This way he can influence any companies that want to do business with the federal government (which is a lot of companies). He's not ordering them--he's offering an incentive.
This is similar to how Congress sets the national drinking age. They can't tell states what the drinking age should be, so instead they tell the states that they can only get federal transportation funds if they maintain a drinking age of 21 or older. Since the states all want those funds, they comply.
For problem 2, I imagine that most financial institutions have pretty damn good security probably almost equaling government security agencies, considering 1. The amount of money they have, 2. Already under constant attack by cyber-criminals.
I also imagine that the security at utility (power, water) or transportation (airline, bus, etc) companies is pretty pathetic. That's where they should be focusing.
Most financials do have relatively good security; unfortunately, that's "good" relative to the baseline of "incredibly terrible". It's hard to think of any large organization connected to the Internet that has a security program you could objectively call "credible".
Yes. I broadly and specifically oppose measures designed to reduce our privacy, or to grant the government warrantless access to our emails or communications. But at the same time, the insecurity of critical systems in the US is a real problem, and it is reasonable to assert that it demands some kind of intervention, and thus to measure proposals like this by how much of a dent they put in the problem.
As it happens, the privacy impact of this EO and of CISPA are minimal. The privacy impact of the Lieberman-Collins act is marginally greater, but the market impact of it is much worse, and I anticipate that it would do a much poorer job of addressing the problem.
How're they defining "cyberattacks directed at major U.S. networks"? Are we talking a sophisticated attempt to take down trading on the NYSE? Industrial espionage from China? Anonymous running LOIC?
This is the problem with sealed executive orders: the only people who know what's up are those issuing or receiving said orders. There's absolutely no oversight or checks and balances against government overreach.
That's because the EO (apparently) concerns itself with the operations of systems within the federal government. Government intervention into privately operated systems requires congressional action.
The federal government is collectively the largest IT operator in the world, so there's a huge amount of work to be done and policy to be created just in setting governance standards for their own systems, which is what the administration is doing here.
There's absolutely no oversight or checks and balances against government overreach.
Of course there is, that's what Congressional oversight committees are for. When they deal with classified stuff, they do so in closed session. There's a closed intel committee hearing tomorrow about that attack in Libya, for example. Sure, it's not open to the voters, but there are practical limits to transparency.
Reporters have already had access to drafts of this executive order. It's a watered-down version of the Lieberman cybersecurity bill, to which CISPA was a watered-down market-friendly alternative. From the thread on the original disclosure of the EO:
The Obama bill (note: Obama-supportin' Democrat here) is worse than CISPA: an everything-and-the-kitchen-sink bill that randomly creates incentive programs, new research organizations, a "cybersecurity tip line", and federally funds research into DNSSEC (DNSSEC: Rated S for Statutory).
Also worth noting: nothing in the Lieberman bill that this EO is patterned on creates enforcement mechanisms for IP and copyright enforcement, or for collecting customer information from ISPs. Of course, neither did the GOP's CISPA bill. That's because neither regulatory effort is about user information.
The problems both of these ill-conceived bills are addressing are simple.
Problem 1: There is no coherent strategy in the (vast, sprawling, chaotic) federal government, which is the largest IT operator in probably the world. Every agency does something slightly different. This means (a) nobody is doing exactly the right thing (usually, they aren't doing anything close to the right thing) and (b) it is prohibitively difficult to introduce new technology to help fix things, because everyone you'd get to buy it has a different set of hoops to jump through.
Problem 2: If you were a foreign adversary who wanted to cripple the US with electronic attacks, you probably wouldn't bother hitting government IT systems. Instead, you'd go for something like the power grid, or a trading exchange. Those systems are privately operated, and so nothing the government does to try to track, monitor, or deflect online attacks can benefit them.