Written by Jim Harper, Director of Information Policy Studies at the Cato Institute. Posted with permission from Cato @ Liberty.
A year ago, almost to the day, I blogged about a legislative package on cybersecurity being proposed in the Senate. “Soviet-Style Cybersecurity,” I called it, because of the “centralizing and deadening effect” it would have on the many and varied efforts to respond to the many problems lumped together as “cybersecurity.” President Obama’s new executive order, titled “Improving Critical Infrastructure Cybersecurity,” has similar, if slightly more sinister, qualities.
To understand my thinking in this area, you must first understand the concepts in a superlative law review article I first read when I was doing oversight of the regulatory process as a congressional staffer. “Administrative Arm-Twisting in the Shadows of Congressional Delegations of Authority” is by University of Flordia law professor Lars Noah. In it, he described the administrative practice of imposing sanctions or withholding benefits in order to elicit “voluntary compliance” from regulated entities. The upshot? There is no “voluntary” when businesses are repeat players or under ongoing supervision of an agency.
The cybersecurity executive order has arm-twisting all over it.