In its comprehensive review (PDF) of cybersecurity released Friday, the White House calls for the president to appoint of a cybersecurity czar whose main duty would be "to coordinate the Nation’s cybersecurity-related policies and activities." The report also calls for the appointment of a privacy and civil liberties official to act as a check on the bureaucracy's power to access sensitive online data.
That recommendation seems to indicate the White House is not interested in having the authority to access any relevant data without regard to privacy laws, or the power to shut down the internet in a cyber emergency—broad powers outlined in The Cybersecurity Act of 2009, released last month and sponsored by senators Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine).
Some civil libertarians had expressed concern that the cybersecurity czar—a position also proposed in the Rockefeller-Snowe legislation—would report to the National Security Agency. But Friday's proposal from the White House calls for that official to work dually under the National Security Council and the National Economic Council, Executive Branch offices under whose umbrella transparency is much easier to achieve than at the NSA.
"It's clear that the White House review team was committed to building privacy into these cybersecurity policy recommendations from the beginning of the process," says Leslie Harris, head of the Center for Democracy and Technology.
The Senate commerce committee, which has been holding the Rockefeller-Snowe bill in anticipation of Friday's White House report, seems to agree with the privacy guidelines. In a statement, Rockefeller and Snow said the president's cybersecurity advisor must be required "to put civil liberties protections front and center. Our aim is to improve the nation’s security—and by this we mean, the security of American lives, property, and civil liberties."