Bidens new data security order leaves industry officials privacy advocates scratching their heads NextgovFCW
p
Mesut DoganGetty Images
ppppStay Connectedpp
By
David DiMolfetta
ppA new White House directive that gives agencies the legal power to prevent Americans sensitive data from falling into the hands of foreign adversaries is getting mixed reviews with industry executives saying it could risk muddling current data flow mechanisms and privacy advocates contending it doesnt go far enough to address potential abuses at homeppThe Justice Department and other agencies are set to kick off a complex process to craft regulations built into that sweeping data security executive order signed by President Joe Biden on Wednesday The orders aim is to block myriad data transactions with China Russia and others on grounds that such data can be surreptitiously processed to target Americans and enable other national security risksppAs officials and researchers continue to warn of hacking threats from nationstates and other countries of concern on the orders target list intelligence community partners have also urged businesses to be wary of Chinese efforts to siphon genomic data from their systems Over the past year hacking incidents involving data types listed in the order have further motivated officials to embolden agencies with the authority to help prevent misuse of Americans data overseasppActing on such an order is expected to be a complex undertaking because regulators will have to determine how the restrictions apply to different crossborder data transfer scenariosppThat would involve formally defining sensitive data types and shaping the numerical thresholds that make up bulk data transfers an industry source close to the White House told NextgovFCW speaking on the condition of anonymity in order to be candid about discussions surrounding the directiveppThe order also introduces entirely new concepts like categories that combine multiple data types such as health and genomic data being packaged in the same data set that will also have to be worked through the source addedppThe order contemplates a neartotal restriction on data broker transactions of sensitive data to adversarial countries or companies based in those countries Americans that sell bulk personal data or US government data to those nations would also be held liable for doing so Multiple data broker firms including Equifax Experian CoreLogic Oracle and Acxiom did not return requests for commentppThe order may also usher in unintended consequences if its not surgical enough particularly with employee data according to another tech industry officialppWe have 20000 employees in China We have to share data like payroll or personal information said the official who spoke on the condition of anonymity because they were not authorized to publicly communicate their views The Biden administration assured us thats not the target but I want to see how it works out they addedppThe order stamps employment agreements and other common business contracts as less restricted categories where data transactions can still occur but the directive says they would still be constrained with certain mitigationsppThe US must also consider scenarios where American data caches are ported to an allied nation and ensure prevention measures are intact to stop that data from being transmitted again to adversariesppThere are tracking techniques available that regulators may consider to address those cases said John Ackerly a former White House official who handled the Bush administrations tech policy portfolio ppFor instance specialized labeling technologies can stick to data no matter where it goes said Ackerly who now leads data encryption services firm Virtru You can create a tagging system where you have an audit over where that data is going he said adding that the Defense Department uses similar techniques to keep watch over sensitive informationppPrivacy advocates argue the order doesnt go far enough to address ongoing concerns over data broker and related activities from tech firmsppDomesticbased data brokers already legally obtain process and sell Americans data for commercial purposes though civil liberties groups and members of Congress frequently highlight cases in which they say data broker transactions ostensibly go too farppIm sure that foreign adversaries are using our information just like were seeing our own government use our information in ways that we do not like and were seeing domestic private companies use our information in ways that we may not like said Cody Venzke senior policy counsel at the American Civil Liberties UnionppThe Biden administration has argued Congress should not ban the US government from buying Americans data because such protections would put the United States at a disadvantage to China and Russia said Sen Ron Wyden DOre a privacyfocused lawmaker who sits on the Senate Intelligence Committee With this EO that argument is no longer valid and the Administration should stop opposing common sense surveillance reformppHow the order may impact US spy agencies that have relied frequently on data broker transactions and similar commercial data agreements is also unclear A contested surveillance authority in particular frequently leverages harvested communications data from overseas targetsppThe intelligence community has many tools at their disposal Ackerly said arguing the order wouldnt have a material impact on US national security activitiesppA senior administration official said at the time of the orders release that the intelligence communitys involvement in data purchases was outside the scope of the order and stressed that foreign adversaries use of Americans data is more of a concern than how the US uses such data
pp
NEXT STORY
FCC staff targeted in phishing attack that cloned agency login site
ppHelp us tailor content specifically for youp
Mesut DoganGetty Images
ppppStay Connectedpp
By
David DiMolfetta
ppA new White House directive that gives agencies the legal power to prevent Americans sensitive data from falling into the hands of foreign adversaries is getting mixed reviews with industry executives saying it could risk muddling current data flow mechanisms and privacy advocates contending it doesnt go far enough to address potential abuses at homeppThe Justice Department and other agencies are set to kick off a complex process to craft regulations built into that sweeping data security executive order signed by President Joe Biden on Wednesday The orders aim is to block myriad data transactions with China Russia and others on grounds that such data can be surreptitiously processed to target Americans and enable other national security risksppAs officials and researchers continue to warn of hacking threats from nationstates and other countries of concern on the orders target list intelligence community partners have also urged businesses to be wary of Chinese efforts to siphon genomic data from their systems Over the past year hacking incidents involving data types listed in the order have further motivated officials to embolden agencies with the authority to help prevent misuse of Americans data overseasppActing on such an order is expected to be a complex undertaking because regulators will have to determine how the restrictions apply to different crossborder data transfer scenariosppThat would involve formally defining sensitive data types and shaping the numerical thresholds that make up bulk data transfers an industry source close to the White House told NextgovFCW speaking on the condition of anonymity in order to be candid about discussions surrounding the directiveppThe order also introduces entirely new concepts like categories that combine multiple data types such as health and genomic data being packaged in the same data set that will also have to be worked through the source addedppThe order contemplates a neartotal restriction on data broker transactions of sensitive data to adversarial countries or companies based in those countries Americans that sell bulk personal data or US government data to those nations would also be held liable for doing so Multiple data broker firms including Equifax Experian CoreLogic Oracle and Acxiom did not return requests for commentppThe order may also usher in unintended consequences if its not surgical enough particularly with employee data according to another tech industry officialppWe have 20000 employees in China We have to share data like payroll or personal information said the official who spoke on the condition of anonymity because they were not authorized to publicly communicate their views The Biden administration assured us thats not the target but I want to see how it works out they addedppThe order stamps employment agreements and other common business contracts as less restricted categories where data transactions can still occur but the directive says they would still be constrained with certain mitigationsppThe US must also consider scenarios where American data caches are ported to an allied nation and ensure prevention measures are intact to stop that data from being transmitted again to adversariesppThere are tracking techniques available that regulators may consider to address those cases said John Ackerly a former White House official who handled the Bush administrations tech policy portfolio ppFor instance specialized labeling technologies can stick to data no matter where it goes said Ackerly who now leads data encryption services firm Virtru You can create a tagging system where you have an audit over where that data is going he said adding that the Defense Department uses similar techniques to keep watch over sensitive informationppPrivacy advocates argue the order doesnt go far enough to address ongoing concerns over data broker and related activities from tech firmsppDomesticbased data brokers already legally obtain process and sell Americans data for commercial purposes though civil liberties groups and members of Congress frequently highlight cases in which they say data broker transactions ostensibly go too farppIm sure that foreign adversaries are using our information just like were seeing our own government use our information in ways that we do not like and were seeing domestic private companies use our information in ways that we may not like said Cody Venzke senior policy counsel at the American Civil Liberties UnionppThe Biden administration has argued Congress should not ban the US government from buying Americans data because such protections would put the United States at a disadvantage to China and Russia said Sen Ron Wyden DOre a privacyfocused lawmaker who sits on the Senate Intelligence Committee With this EO that argument is no longer valid and the Administration should stop opposing common sense surveillance reformppHow the order may impact US spy agencies that have relied frequently on data broker transactions and similar commercial data agreements is also unclear A contested surveillance authority in particular frequently leverages harvested communications data from overseas targetsppThe intelligence community has many tools at their disposal Ackerly said arguing the order wouldnt have a material impact on US national security activitiesppA senior administration official said at the time of the orders release that the intelligence communitys involvement in data purchases was outside the scope of the order and stressed that foreign adversaries use of Americans data is more of a concern than how the US uses such data
pp
NEXT STORY
FCC staff targeted in phishing attack that cloned agency login site
ppHelp us tailor content specifically for youp