The United States Department of Justice Department of Justice Seal The United States Department of Justice
Search The Site
 
Home   »  Briefing Room   »  Justice News
Printer Friendly Icon Printer Friendly
 
Justice News Banner
Deputy Attorney General James M. Cole Speaks at the Administration Event to Highlight Priorities for Cybersecurity Policy
Washington, D.C. ~ Wednesday, February 13, 2013

Last year, the Administration made its views on the importance of privacy and civil liberties clear during deliberations on cybersecurity legislation.   The Administration declared, “Cybersecurity and privacy are not mutually exclusive.”   It also affirmed its commitment that “[t]he sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties….”   

 

Today, as we roll-out the Executive Order on Improving Critical Infrastructure Cybersecurity, the Administration is just as resolute about adhering to those ideals.     

 

As Deputy Secretary Lute and General Alexander have emphasized, one of the most important aspects of the Executive Order is its emphasis on improving government mechanisms for providing timely cyber threat information to the private sector.   For example, the Executive Order explicitly adopts a “whole-of-government” policy to increase the volume, timeliness, and quality of cyber threat information that is shared with the U.S. private sector so that they may better protect and defend themselves against cyber threats.  In that vein, the Order mandates expansion of the Enhanced Cybersecurity Services initiative—a voluntary program that provides classified cyber threat information to appropriately cleared personnel employed by private sector owners and operators of critical infrastructure.   In addition, the Order requires the Department of Justice, the Department of Homeland Security, and the Office of the Director of National Intelligence to declassify cyber threat intelligence reports that target U.S. entities and to establish a process for rapidly notifying those entities of cyber threats.  These are critical initial steps that the government must take to assist private sector companies in defending their systems and networks from escalating, evolving, and increasingly sophisticated cyber threats.   In taking these steps to improve the flow of cyber threat information, however, we must not lose sight of our commitment to secure individual privacy and civil liberties as we do it.     

 

How will we ensure that information received and disseminated under the Executive Order is protected consistent with our commitment to protect privacy and civil liberties?  

 

We will do so by ensuring that our cybersecurity activities are conducted in a transparent manner with the guidance and oversight of officials trained to safeguard privacy and civil liberties.   Under the Executive Order, each federal department and agency is required to develop and implement privacy and civil liberties safeguards in concert with their cybersecurity activities.   Each agency’s senior officials for privacy and civil liberties are required to conduct assessments of those safeguards and their implementation.   Those assessments will be shared with DHS’ Chief Privacy Officer and Officer for Civil Rights and Civil Liberties for inclusion in a public report.   That report will be produced in consultation with the Privacy and Civil Liberties Oversight Board and reviewed annually.  

 

The Executive Order includes another important feature designed to ensure that federal agencies take a consistent and thorough approach to identifying and mitigating potential privacy impacts of cybersecurity activities.   In particular, it requires agencies to conduct their assessments using the well-established Fair Information Practice Principles—also known as “FIPPs.”

 

So what are the “FIPPs”?   FIPPs are the widely-accepted framework of principles used to assess and mitigate privacy and civil liberties impacts of information systems, processes, or programs. They consist of eight interdependent principles— Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, Accountability and Auditing.

 

The FIPPS provide an objective set of principles, but they also permit agencies to apply those principles in the context of their differing authorities and missions.   They are not a new invention of this Executive Order.   Rather, they are time-tested and universally recognized principles that form the basis of the Privacy Act of 1974 and dozens of other federal privacy and information protection statutes.   They continue to be used prominently today, including in the White House’s National Strategy for Trusted Identities in Cyberspace and the Consumer Privacy Bill of Rights.

 

In closing, I want to emphasize the Administration’s commitment to doing this right—which is demonstrated by the Executive Order itself.   This Order sets the direction for responsible, effective cybersecurity standards and information sharing, while preserving individual privacy and civil liberties and ensuring transparency and accountability to the American public we seek to protect.

Department of Justice Accomplishments
Open Government at the Department of Justice
The Criminal Justice System as a Counterterrorism Tool
Justice.gov en espanol

Department of Justice Seal - Department of Justice Action Center

Report a Crime

Get a Job

Locate a Prison, Inmate, or Sex Offender

Apply for a Grant

Submit a Complaint

Report Waste, Fraud, Abuse or Misconduct to the Inspector General

Find Sales of Seized Property

Find Help and Information for Crime Victims

Register, Apply for Permits, or Request Records

Identify Our Most Wanted Fugitives

Find a Form

Report and Identify Missing Persons

Contact Us


Recovery Act
Stay Connected YouTube Twitter Facebook Sign Up for E-Mail Updates Subscribe to News Feeds
 
U.S. Department of Justice - 950 Pennsylvania Avenue, NW, Washington DC 20530-0001
Justice.gov
 
Site Map
A to Z Index
Archive
Accessibility
FOIA
No FEAR Act
Information Quality
Privacy Policy
Legal Policies & Disclaimers
  
For Employees
Office of the Inspector General
Government Resources
USA.gov
 
ABOUT
The Attorney General
Budget & Performance
Strategic Plans
AGENCIES
BUSINESS & GRANTS
Business Opportunities
Small & Disadvantaged Business
Grants
  RESOURCES
Forms
Publications
Case Highlights
Legislative Histories
NEWS
Justice News
The Justice Blog
Videos
Photo Gallery
   CAREERS
Legal Careers
Student Opportunities
Diversity Policy
Internships
CONTACT