Marc Ambinder

What's an 'emergency cyber action'?

Several paragraphs in the Presidential Policy Directive on cyberware — those about "emergency cyber actions" — will trouble civil libertarians and companies in the U.S. The reason is not so much the content of the paragraphs but the fact that the government felt it necessary to hide them.

Actually, the words "emergency cyber actions" are themselves classified!

Who wouldn't be suspicious of a SECRET document that spells out the fact that the government, acting under the national command authority, will act to shut down part of the internet if there's an existential threat?

I'm going to reprint the (S/NF) paragraphs in full because they seem to be something we'd want the government to do.

The caveats themselves (and the fact that THEY are secret) suggest that the government will truly revert to something like this in an absolute emergency.

And there is no reason why they can't admit that fact and then allow, encourage, and foster the debate that will result from it. Laying out these general rules, and then making them state secrets, endows them with a power that they ought not have.

Emergency Cyber Actions (C/NF)

The Secretary of Defense is hereby authorized to conduct, or a department or agency head with appropriate authorities may conduct, under procedures approved by the President, Emergency Cyber Actions necessary to mitigate an imminent threat or ongoing attack using DCEO if circumstances at the time do not permit obtaining prior Presidential approval (to the extent that such approval would otherwise be required) and the department or agency head determines that:

An emergency action is necessary in accordance with the United States inherent right of self-defense as recognized in international law to prevent imminent loss of life or significant damage with enduring national impact on the Primary Mission Essential Functions of the United States Government,5 U.S. critical infrastructure and key resources, or the mission of U.S. military forces;

Network defense or law enforcement would be insufficient or unavailable in the necessary timeframe, and other previously approved activities would not be more appropriate;

The Emergency Cyber Actions are reasonably likely not to result in significant consequences;

The Emergency Cyber Actions will be conducted in a manner intended to be nonlethal in purpose, action, and consequence;

The Emergency Cyber Actions will be limited in magnitude, scope, and duration to that level of activity necessary to mitigate the threat or attack;

And so forth. What the classification of this information says to the American people is: We don't trust you, so we are not going to give a basis for stuff we might do in the future that might make you trust us less.

Good job, secret-keepers.

Recommended

Why social anxiety in young people may be on the rise
Person on computer alone.
take care of your mental health

Why social anxiety in young people may be on the rise

The 3 deadlines that made this Congress' 'week from hell'
Nancy Pelosi.
now or never

The 3 deadlines that made this Congress' 'week from hell'

10 things you need to know today: September 27, 2021
SPD supporters
Daily briefing

10 things you need to know today: September 27, 2021

Pitfalls of going big
Nancy Pelosi.
Picture of Joel MathisJoel Mathis

Pitfalls of going big

Most Popular

Jimmy Fallon and Nicole Kidman almost make it through interview without awkwardness
Jimmy Fallon and Nicole Kidman
Last Night on Late Night

Jimmy Fallon and Nicole Kidman almost make it through interview without awkwardness

7 cartoons about America's vaccine fights
Editorial Cartoon.
Feature

7 cartoons about America's vaccine fights

Democrats are governing like Republicans
A donkey.
Picture of W. James Antle IIIW. James Antle III

Democrats are governing like Republicans