White House order on emergency communications riles privacy group
- 10 July, 2012 10:13
An Executive Order issued by the White House last Friday seeks to bolster the government's ability to keep its emergency communications capabilities intact during national emergencies.
But one privacy advocacy group expressed concern that the order gives government unprecedented new authority to take over wired and wireless private communication networks in the pretext of national security.
The order issued by President Obama directs agencies such as the Department of Homeland Security (DHS), Department of Defense, Department of State and the Office of the Director of National Intelligence to come up with policy recommendations and plans for ensuring continuity of government communications capabilities in a crisis.
The order authorizes the creation of a new National Security and Emergency Preparedness Communications Committee (NS/EP), which will consist of representatives from each of these agencies.
As part of its mission the executive committee will develop a long-term strategic plan and propose funding initiatives to support the incorporation of the necessary redundancy, mobility, interoperability and restorability of government communications capabilities "under all circumstances."
The executive order tasks the Office of Science and Technology Policy (OSTP) to identity all the key technology and policy issues that the NS/EP committee will need to focus on to fulfill its mission. The OSTP will be responsible for submitting an annual report to the President and the NS/EP committee on a range of issues including prioritization of radio spectrum and wired communications that support the NS/EP mission, the executive order noted.
"The Federal Government must have the ability to communicate at all times and under all circumstances to carry out its most critical and time sensitive missions," the Executive Order noted.
"Survivable, resilient, enduring, and effective communications, both domestic and international, are essential to enable the executive branch to communicate within itself," and with others, the order noted. "Such communications must be possible under all circumstances to ensure national security, effectively manage emergencies, and improve national resilience," the order signed by the President noted.
The problem with the Executive Order is that it also grants the DHS new authority to seize private communication facilities when necessary and to effectively shut down or limit civilian communications in a national crisis, said the Electronic Privacy Information Center (EPIC).
Amie Stepanovich, associate litigation council at EPIC pointed to a one-sentence provision in the order [Sec. 5.2 (e)] that directs the secretary of DHS to develop measures for ensuring that commercial and privately-owned communications resources are available for government use when appropriate.
The provision is troubling because it basically gives DHS new authority over private communication networks in emergency situations, she said. A takeover of private networks for government communications purposes during a crisis could degrade or severely compromise the civilian population's ability to communicate in an emergency, she maintained.
"This specific authority is something that should have been granted through Congress," rather than through executive order, Stepanovic noted.
The Obama directive comes at a time when opinion appears divided on the extent of authority the government should have over the Internet and communications networks, in a crisis. Last year, several lawmakers proposed a bill that would have given the President the authority to quarantine or even shut down parts of the Internet in the event of a massive cyberattack on critical infrastructure targets.
Proponents of the bill argued the bill was nothing more than a common-sense measure aimed at protecting critical Internet assets in an attack. But opponents argued that the bill would give the President an unprecedented Internet "kill switch" that could be pulled anytime.
Opinion was similarly divided earlier this year, when the Federal Communications Commission (FCC) sought comments from the public on the government's authority to shut down wireless networks in an emergency.
Supporters of the idea argued that targeted wireless shutdowns were vital to protecting public safety. Organizations such as the CTIA, The Wireless Association, maintained that in certain emergency situations a service interruption might be necessary to prevent or stop a life-threatening emergency.
Others dismissed such arguments, saying that any government-directed wireless shutdowns would infringe upon First Amendment rights to protected speech, and impose unconstitutional prior restraints on speech.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about gov't legislation/regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Endpoint Security and Virtualisation
Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability.
Staying Ahead of the Data Explosion
The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.
The Big Data Security Analytics Era is Here
Large organisations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect them from targeted attacks and advanced malware. Henceforth, security management must be based upon continuous monitoring and data analysis for up‐to-the‐minute situational awareness and rapid data-driven security decisions. This means that large organisations have entered the era of big data security analytics. Learn more.