Could your browsing history end up in the government's hands?


President Obama is expected to sign an executive order that would require private companies that operate critical infrastructure to get their cyber defenses in order. Congress has tried, and failed, to pass legislation aimed at voluntarily creating a system of national standards, and all manner of cyber exploitation and attacks keep coming. Though virtually every actor in the debate believes that some sort of legislation is necessary, corporate America is split in two about how much risk they ought to be required to assume. Within most companies, IT teams push for more elaborate defenses and for disclosure of problems; general counsels counsel silence, and customer service executives complain about cyber architecture that is too costly and would put them at a competitive disadvantage.
The news reports about these executive orders suggest that the system will be "voluntary," but in effect, it won't be. The government can easily require that any company that wishes to do any business with it must comply with the new regime. No pay, no play. By identifying and defining just what counts as "critical" infrastructure is also a way to compel participation.
One complex question that may be answered is how much data a company is required to give the government if it detects a cyber threat, and how much information the government can share with a company if IT detects a cyber threat. The National Security Agency tends to the really big nodes that handle critical infrastructure, and it likes to over classify just about everything. But companies, reasonably, want instantly updated information about the threat environment. Even though most big companies that handle Very Big tasks for country's infrastructure do some sort of classified work for the government and thus have employees who are cleared to see the information, there is no way to distribute it.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
What happens if a company that handles Internet infrastructure detects within your own browsing history the signature of a major virus or an attack? Almost certainly, it will be required to act on the information in a way that includes the transmission of your data to the government. Whether it can and will be anonymized is an open question. How long the government can retain it is also an open question. (There is a whole set of other rules for criminal and intelligence matters).
It's not just browsing history: What if the virus or attack is encoded within your medical records? Would your hospital be required to turn them over?
It would be great to see a Big Debate about all of this. An executive order might spur one.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Marc Ambinder is TheWeek.com's editor-at-large. He is the author, with D.B. Grady, of The Command and Deep State: Inside the Government Secrecy Industry. Marc is also a contributing editor for The Atlantic and GQ. Formerly, he served as White House correspondent for National Journal, chief political consultant for CBS News, and politics editor at The Atlantic. Marc is a 2001 graduate of Harvard. He is married to Michael Park, a corporate strategy consultant, and lives in Los Angeles.
-
California mulls pulling health care from eligible undocumented migrants
IN THE SPOTLIGHT After pushing for universal health care for all Californians regardless of their immigration status, Gov. Gavin Newsom's latest budget proposal backs away from a key campaign promise
-
Is Apple breaking up with Google?
Today's Big Question Google is the default search engine in the Safari browser. The emergence of artificial intelligence could change that.
-
Music reviews: Eric Church, Blondshell, and Model/Actriz
Feature "Evangeline vs. the Machine," "If You Asked for a Picture," and "Pirouette"
-
In the future, will the English language be full of accented characters?
The Explainer They may look funny, but they're probably here to stay
-
10 signature foods with borrowed names
The Explainer Tempura, tajine, tzatziki, and other dishes whose names aren't from the cultures that made them famous
-
There's a perfect German word for America's perpetually enraged culture
The Explainer We've become addicted to conflict, and it's only getting worse
-
The death of sacred speech
The Explainer Sacred words and moral terms are vanishing in the English-speaking world. Here’s why it matters.
-
The delicate art of using linguistics to identify an anonymous author
The Explainer The words we choose — and how we use them — can be powerful clues
-
Dashes and hyphens: A comprehensive guide
The Explainer Everything you wanted to know about dashes but were afraid to ask
-
A brief history of Canadian-American relations
The Explainer President Trump has opened a rift with one of America's closest allies. But things have been worse.
-
The new rules of CaPiTaLiZaTiOn
The Explainer The rules for capitalizing letters are totally arbitrary. So I wrote new rules.