President Obama’s February 12 State of the Union address included the announcement of an executive order intended to permit greater sharing of information about possible threats to the nation’s cyber security among private companies and between private companies and the government.
“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets,” Obama said in the speech. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
The executive order permits businesses to enter voluntary information-sharing agreements in which they provide the government with information about possible cyber threats to the grid. In return, the government is permitted to provide private companies with classified technical information.
This is an admirable goal, and we support the president’s efforts to keep the nation safe in this way. However, it’s not the end of the story.
Last year, legislation was introduced in Congress to provide protection from liability to companies that share information about possible cyber attacks with each other and with the government. That legislation, however, did not pass, and some form of it will be introduced again this year. Sen. Tom Carper (D-Del.), the new chairman of the Senate Homeland Security and Governmental Affairs Committee, has pledged to make a cyber security bill a high priority.
One important aspect of possible legislation of this type is whether it contains adequate safeguards to protect privacy. Last year, privacy advocates pointed out that in the name of protecting the nation against cyber threats, many versions of the bill contained provisions that allowed for “nearly unlimited monitoring of user data.”
If a final bill contains adequate privacy safeguards, we would support it, along with the executive order, as a means of keeping the nation safe.