SAN FRANCISCO—Earlier this week, a new rumor began spreading about an expected cybersecurity executive order from President Trump. A purported draft of the document had been leaked to The Washington Post, with the final version set to be announced by the president sometime Tuesday.
Noting that previous executive orders from the Trump administration aligned with campaign promises, including significantly restricting U.S. acceptance of refugees who identify as Muslim, several legal experts at the security- and privacy-focused Enigma Conference in Oakland feared that Trump’s cybersecurity executive order would claim the right to shut down foreign countries’ Internet access, another campaign promise.
The immigration executive order, which banned U.S. entry from seven countries—and increased scrutiny of U.S. travelers suspected of being Muslim, even if U.S. citizens or green card holders—sparked widespread protests across the country, including here at San Francisco International Airport. It also reportedly prompted Customs and Border Protection officials from New York to Los Angeles to demand access to the mobile phones, laptops, and social-media accounts of numerous travelers.
Christine Lin, a senior staff attorney at the Center for Gender and Refugee Studies at the University of California Hastings law school, who coordinated a legal aid table at SFO staffed by volunteer lawyers, said that in the middle of a protest against the immigration and refugee executive order, CBP officials had stopped publicly revealing even basic facts pertaining to the order.
One man claims that CBP agents choked him after he refused to unlock his phone for them. The digital-rights group Electronic Frontier Foundation has put out a call looking for people who have had their accounts searched by CBP.
The CBP said in a statement published on Wednesday that it had acted “with professionalism.”
Lin said that, as the daughter of immigrants, she understood why the protesters were demonstrating against the executive order. “Parents immigrating [to create a better life for their children] is fundamental to what the U.S. stand for,” Lin said.
As the end of the business day neared on Tuesday, the administration revealed that it would not sign the rumored cybersecurity executive order that day. It didn’t publish the order the following two days, either—leaving unanswered questions about the new administration’s cybersecurity intentions.
Would Trump order a 60-day review of the country’s cybersecurity policies, as Obama did shortly after taking office? Would he heed any of the advice contained in a new Center for Strategic and International Studies report on cybersecurity? (Obama adopted some of the recommendations in the CSIS report given to him.) And whom does he plan to put in charge of anything related to cybersecurity?
Domestic U.S. cybersecurity policy under the Trump administration remains largely opaque. Trump’s campaign website says he will order an “immediate review of all U.S. cyberdefenses and vulnerabilities, including critical infrastructure” led by a team of military, law enforcement, and private-sector personnel. That team has yet to be assembled, at least publicly.
New Customs and Border Protection demands for access to travelers’ social-media accounts and mobile hardware reflects a decrease in the privacy of individuals lawfully traveling to the United States. Although people traveling under the visa waiver program, or about whom the CBP had a “reasonable suspicion” of wrongdoing, have been subjected to such demands since at least 2016, the current order appears to significantly expand their applicability.
Trump’s move toward blanket access to travelers’ devices has upset legal and privacy advocates. One former head of intelligence law at the National Security Administration, April Doss, tweeted that she would not have approved of the Trump administration authorizing the searching of social-media accounts because it “violates law” and is “bad policy, and poor intel.”
I used to be head of intelligence law at NSA. If asked to approve this, I would’ve said no. Violates law, bad policy, & poor intel. https://t.co/J5kjFNXkJc
— April Doss (@AprilFDoss) January 29, 2017
Trump’s cybersecurity show has not been able to escape the controversies that plague the rest of his administration. The president has appointed former New York City Mayor Rudy J. Giuliani to advise him on cybersecurity issues. His transition team said in a statement that Giuliani was chosen for the role in part because of his “now 16 years of work providing security solutions in the private sector.” However, Giuliani’s cybersecurity credentials have been questioned by several reports.
Meanwhile, Trump’s cybersecurity-adjacent appointees are in place—but not without controversy. Retired Army Lt. Gen. Michael Flynn did not need Senate approval to assume the role of national security adviser. Gen. John Kelly has been confirmed as secretary of Homeland Security, albeit after Trump criticized his candidates for the job. And former Kansas congressman Mike Pompeo now directs the CIA, at a time when the agency is in open conflict with the president over the agency’s attribution of election interference to Russia and its president, Vladimir Putin.
At the highest levels of government, Trump has upended decades of procedure. On the security front, he has placed his chief political adviser, Steve K. Bannon, a former executive chairman of Breitbart News who has repeatedly expressed sympathies with neo-Nazis—and not his nominees for the director of national intelligence (former Sen. Dan Coats) and the chairman of the Joint Chiefs of Staff (Gen. Joseph F. Dunford, Jr.)—on the National Security Council’s Principals Committee of leaders. As Trump elevates Bannon’s power, rumors swirl that he is also looking to reduce the influence of DNI and the Joint Chiefs.
Writing in The Washington Post, David J. Rothkopf, National Security Council historian and publisher of the magazine Foreign Policy, said Trump’s changes to the National Security Council foreshadow even worse decisions than the “un-American, counterproductive, and possibly illegal” executive order on immigration.
“The president compounded this error of structure with an error of judgment that should send shivers down the spine of every American and our allies worldwide,” he wrote.