The Public Eye with Eric Chabrow

Mums the Word on E-Privacy Bill Update

Senate Panel Hears Generalities from Administration Officials
Mums the Word on E-Privacy Bill Update

It's tough these days representing the Obama administration before a congressional panel when asked for specific recommendations on provisions to be included in legislation to secure information technology or assure the privacy of those who use technology.

At a Senate Judiciary Committee hearing Wednesday on modernizing the 24-year-old Electronic Communications Privacy Act, panel members asked Associate Deputy Attorney General James Baker and Cameron Kerry, Commerce Department's general counsel, what the Obama administration would like to see in an updated law. Neither official offered specifics, but both promised cooperation if and when lawmakers draft a new law e-privacy law.

Illustrating the administration's reticence to provide specific recommendations was the following exchange between Sen. Ben Cardin, D-Md., and Baker as they discussed how the privacy of e-mail is treated differently when stored on an individual's personal computer (more protection) versus a server of a cloud computing provider (fewer protections), such as Google's Gmail.

    Baker: "The administration has not vetted the law today, but the administration has not taken a position on changing that at this point in time, but we look forward to working with you on that."
    Cardin: "Well, I appreciate you dodging the question."

The Baker-Cardin exchange was reminiscent of a similar go-around in June between the Department of Homeland Security's highest ranking IT security official, Philip Reitinger, and Sen. Susan Collins, R-Maine, during a hearing on a comprehensive cybersecurity bill held in June by the Senate Homeland Security and Governmental Affairs Committee.

Collins tried to get Reitinger to commit on how the administration would want the bill to reflect presidential powers in dealing with a cyber emergency.

    Collins: "Shouldn't we be spelling out exactly what the president's authority is short of state of a war?"
    Reitinger: "I apologize that I can't take a position on the bill at this time, but I do appreciate the effort that the committee made to tailor the authorities so they are focused on the expected need."
    Collins: "I'll take that as a yes."

Later an exasperated Collins added: "I'm not trying to put you in an uncomfortable spot, but as you know, we have been working with the department on this issue for more than year. I just don't understand why the department isn't much further along in its thinking on what should be done."

At the time, Reitinger said the administration's review of the bill wasn't completed; he didn't give a timetable on when it would be finished. Since then, a White House spokesman said the administration is working with lawmakers to develop a bill, although those on Capitol Hill familiar with the give and take between the executive and legislative branches say they expected more guidance from the administration than has been received on drafting a cybersecurity law.

The fact that the administration may show reluctance to spell out in detail the numerous provisions it would want in a bill doesn't mean they don't share what they don't like or want in legislation. Reitinger, at that June hearing, said the administration didn't like a provision in the cybersecurity draft bill that would have separated oversight of physical and virtual security.

And, at Wednesday's hearing on updating the e-privacy act, Baker provided general guidance on what a new law should not do:

"We urge Congress to proceed with caution and to avoid amendments that would disrupt the fundamental balance between privacy protection and public safety. Congress should refrain from making changes that would impair the government's ability to obtain critical information necessary to build criminal, national security and cyber investigations, particularly if those changes would not provide any appreciable or meaningful improvement in privacy protection."

Though the administration witnesses didn't provide the specifics some lawmakers sought, the hearing proved useful as the witnesses and senators delineated two major advances in technologies in recent years that the e-privacy law has not kept pace with: legally treating content stored on individual and corporate computers differently than files kept on cloud-computing provider servers, and the ability to track the whereabouts of individuals who use mobile devices.

Not that it matters for the near term. No one predicts that Congress will enact an e-privacy law this year, so the Obama administration still has time to decide what it would like to see in a modernized Electronic Communications Privacy Act.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.