The Obama administration’s latest salvo resurrects a difficult, urgent debate over keeping Americans safe online and respecting their privacy.
His executive order on cybersecurity, issued Tuesday, sought to strike a balance. It asked government agencies to share with private companies what intelligence they have about computer security threats; but it did not ask the private sector to share its own information with the government. The president, in his State of the Union address, explicitly cited the need to protect both “national security” and “privacy.”
The White House order reopens rather than settles an argument that computer scientists, lawyers and civil liberties groups have been having for years over whether increased surveillance of our digital lives will make us safer. It has been fought over body scanners at the airport and surveillance cameras on the street. But expect a new political brawl on this. Both sides have powerful advocates in Washington.
On one side are proponents of greater “information sharing” between the government and the private sector. A bill proposed Wednesday, by Representatives Mike Rogers, a Republican from Michigan, and C. A. Dutch Ruppersberger, a Democrat from Maryland, would permit the flow of intelligence from private companies to government agencies.
An earlier version of the bill passed the House of Representatives last year, but failed in the Senate amid the threat of a White House veto.
Mr. Rogers, chairman of the House Intelligence Committee, took pains to say that the new legislation would protect civil liberties.
But that did not reassure many civil libertarians.
The Center for Democracy and Technology, an advocacy group in Washington, warned Wednesday that the bill, the Cyberintelligence Sharing and Protection Act, known as Cispa, could allow private communications to be shared with the National Security Agency, part of the Defense Department. “Once that private information is in the hands of the military, it can be used for purposes completely unrelated to cybersecurity,” argued Leslie Harris, the group’s president. “In seeking to promote cybersecurity information sharing, Cispa creates a sweeping exception to all privacy laws.”
Another advocacy group, called Fight for the Future, which agitated successfully against antipiracy legislation last year, set up an online petition in an effort to defeat Cispa.
The American Civil Liberties Union, likewise, criticized the House bill, and gave its blessings to the White House executive order instead. “Two cheers for cybersecurity programs that can do something besides spy on Americans,” the group said in a blog post.
The presidential order has been criticized by others for lacking enforcement teeth. It does not give the government the power to set minimum standards for how private operators of power plants and other critical infrastructure should protect their computer systems to deter attack; that would require Congress to change current law.
Meanwhile, the debate over privacy and security continues to be stuck in what Daniel J. Solove, a law professor at George Washington University, calls a false trade-off. In his 2011 book “Nothing to Hide: The False Trade-Off Between Privacy and Security,” Mr. Solove argues that Americans in the post-Sept. 11 era have been increasingly persuaded to trade “privacy” for “security,” with technology including video surveillance cameras, wiretapping and all kinds of digital data mining. “Privacy often loses out to security when it shouldn’t,” he writes.
The issue should not be seen, he adds, as a zero-sum game. “Privacy often can be protected without undue cost to security,” he continues. “In instances when adequate compromises can’t be achieved, the trade-off can be made in a manner that is fair to both sides. We can reach a better balance between privacy and security. We must. There is too much at stake to fail.”