Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Obama Appoints Privacy Board Members

Board is designed to oversee privacy and civil liberties protections built into the administration's cybersecurity legislative proposal.

NASA's Next Mission: Deep Space
NASA's Next Mission: Deep Space
(click image for larger view and for slideshow)
President Obama has made three nominations to a board that will oversee the federal government's cybersecurity and counterterrorism efforts with an eye toward protecting Americans' privacy and civil liberties.

The president has appointed David Medine as chairman of the Privacy and Civil Liberties Oversight Board, and Rachel Brand and Patricia Wald as board members, according to a White House blog post by cybersecurity coordinator Howard Schmidt.

The federal government is engaged in numerous activities to gather and share information across agencies, with state and local governments, as well as with the private sector to secure U.S. cyber infrastructure from cyberattacks--terrorist or otherwise. The administration detailed a broad legislative cybersecurity proposal to support these plans in May.

[ Collaboration and research are key to plans to secure U.S. networks. See White House Sets Cybersecurity R&D Priorities. ]

The board's job is to prevent the feds' activities from violating privacy and civil liberty rights, and report to Congress the impact the activities have on these rights, according to Schmidt.

Specifically, the board will oversee the privacy and civil liberties protections built into the administration's cybersecurity legislative proposal, he said. The board also will recommend regulatory improvements or modifications to address any concerns.

"The administration firmly believes that both Board oversight and affirmative requirements for privacy policies and procedures are essential components of any legislation," Schmidt said.

The three nominees--who must be approved by Congress before their work can begin--all have notable legal backgrounds and have previously served or currently hold other positions with the federal government.

Medine is a partner in the WilmerHale law firm, focusing on privacy and data security. He was senior adviser to the White House Economic Council from 2000 to 2001.

Brand is currently chief counsel for regulatory litigation at the U.S. Chamber of Commerce, National Chamber Litigation Center. Previously, she was a private-practice attorney and also handled policy issues--including counterterrorism--as assistant attorney general for legal policy at the Department of Justice.

From 1979 until 1999, Wald served on the U.S. Court of Appeals for the District of Columbia, including a five-year stint as chief judge. Since then she has served as judge on the International Criminal Tribunal for the former Yugoslavia and a member on the President's Commission on the Intelligence Capabilities of the U.S. Regarding Weapons of Mass Destruction.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
12/20/2011 | 7:26:03 PM
re: Obama Appoints Privacy Board Members
Good to know that there is a designated group of people who will be looking into this. Part of the key for this though will be the level of influence they truly have over any piece of legislation.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.