Facebook, Twitter, eBay, and PayPal can breathe a sigh of relief: President Obama has apparently conceded to congressional critics on cybersecurity legislation and excluded regulation of social networks from a draft of his pending national security executive order. After failing to push cybersecurity legislation through Congress last August, Obama promised to leverage executive authority to update national security standards, but his unilateral posturing threatened to revive many of the regulatory and civil liberty concerns that killed the original Cybersecurity Act. “Networks that facilitate commerce, provide search services or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security,” wrote Democratic critic, Senator Ron Wyden. Now, in a new draft obtained by the Associated Press, non-critical infrastructure (such as social networks) have been excluded.
Cybersecurity legislation had slowly been stripped of regulations, starting with mandatory security procedures in the original August bill. Such precautions were in response to reports that major infrastructure industries lacked basic defense against hacking (including one embarrassing/terrifying example of missile defense employees downloading malware from porn sites).
“It doesn’t take much to imagine the consequences of a successful cyber attack,” wrote the President, in a rare OpEd for the Wall Street Journal. “Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we’ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.”
But, critics noted that neither Facebook nor PayPal were critical to national infrastructure. Additionally, civil liberty group, the Electronic Frontier Foundation, worried it would give unchecked power to the National Security Administration (fun fact: it dwarfs the CIA).
This new order would encourage information sharing between businesses and the government and increase security clearance for employees at select infrastructure companies. The White House acknowledges that executive orders have limited capacity, such as the inability to “offer a company protection from liabilities that might result from a cyberattack on its systems,” reports the AP.
The signing date of the pending executive order is still unknown.