Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Privacy: The Difference Between a Congressional Fail and a Presidential Win

President Barack Obama played his cards right with the recent roll-out of the Executive Order for Improving Critical Infrastructure Cybersecurity.

President Barack Obama played his cards right with the recent roll-out of the Executive Order for Improving Critical Infrastructure Cybersecurity. He floated the Order back in November so folks wouldn’t be surprised and he waited for a cybersecurity bill to stumble and then he rolled his Order out with pomp and ceremony in his State of the Union address. The President has succeeded where the Congress has thus far failed, and the biggest reason for that success is privacy. It turns out that not only do folks care about privacy; it can be the difference between winning and losing.

The Cyber Intelligence Sharing and Protection Act (CISPA) was introduced in 2011. It got through the House but died in the Senate. Some say it died because the Senate was working on its own bill. Others say it died because the President wanted to roll out his Executive Order. I say it died because it didn’t incorporate privacy.

Privacy and CybersecurityIf you look at the Executive Order and CISPA, there are similarities. They both talk about information sharing in terms of the Government and private sector sharing information on cyber threats, and both focus on the critical infrastructure protection.

But CISPA and the Executive Order also have big differences. CISPA goes beyond the protection of critical infrastructure and national security threats. It also covers information sharing for the purpose of preserving a person’s physical safety and preventing any cyber security crimes. There are a lot of ways folks can be hurt and there are a heck of a lot of cybercrimes. That means the scope of CISPA is much broader than the Executive Order. Folks aren’t looking for another Patriot Act, and CISPA was starting to feel like a return to the land of warrantless searches of electronic content for broader purposes.

Another big difference between the Executive Order and CISPA is the focus on privacy. In his State of the Union address, the President said, “I signed a new executive order that will strengthen our cyber defenses by increasing information-sharing and developing standards to protect our national security, our jobs, and our privacy.” National security and jobs are two of the biggest things that keep Presidents up at night. The fact that he included privacy along with national security and jobs is major.

The Bill and the Executive Order also read very differently from a privacy perspective. I’m not claiming this is a scientific way to test for privacy sensitivity, but the Executive Order mentions privacy fourteen times in five pages. CISPA mentions privacy three times in twenty-seven pages. On a more substantive level, the Executive Order ties Federal Agencies’ use of information to the Fair Information Practice Principles. It says that the Chief Privacy Officer of the Department of Homeland Security will perform privacy risk assessments and consult with the Privacy and Civil Liberties Oversight Board and coordinate with the Office of Management and Budget (OMB); and it states that the Cybersecurity Framework will be designed to protect individual privacy and civil liberties. CISPA doesn’t contain these privacy niceties.

Companies have come a long way in realizing that if you build privacy into the design of products and services and embed privacy throughout the life cycle of technologies—from the early design stage to their deployment, use and ultimate disposal—that you’ll make customers happy. And happy customers will spend more money with you and support your products. The concept is called “Privacy by Design.”

With Barack Obama’s Executive Order on cybersecurity, we see what “Privacy by Design” can do for political success.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cyberwarfare

The U.S. is tracking a suspected Chinese spy balloon spotted over U.S. airspace, officials said on Feb. 2, 2023.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...