President Barack Obama beat his critics to the punch by signing his long-anticipated cybersecurity executive order last night, before his State of the Union address.
Some of those critics now think the order's not too bad, at least where privacy is concerned.
"The president's executive order rightly focuses on cybersecurity solutions that don't negatively impact civil liberties," American Civil Liberties Union lawyer Michelle Richardson said in a statement.
Obama's executive order smoothes the way for different branches of the federal government to share cybersecurity information with each other and with the private sector.
It also orders the government to speed up security clearances for employees of companies that manage or service critical infrastructure, so that those companies can access classified information.
Most significantly, it does not ask that the companies share private information about themselves or their customers in return.
"Greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information," Richardson said.
"This is only about outflows of information from the government," the Electronic Frontier Foundation's Lee Tien told Forbes' Andy Greenberg.
Tien contrasted Obama's order with the Cyber Intelligence Sharing and Protection Act (CISPA), a House bill passed last year that stalled in the Senate after Obama threatened to veto it.
CISPA's co-sponsors plan to re-introduce it in identical form today (Feb. 13), the same day that Obama had been expected to issue his order. The president's pre-emptive strike suddenly makes CISPA old news.
"The definition of cybersecurity threat hasn't been pinned down [in CISPA], and we've been concerned that the combination of that vague definition and legal immunity would allow an end run around privacy regulations," Tien told Greenberg.
The ACLU also reaffirmed its opposition to CISPA.
"CISPA does not require companies to make reasonable efforts to protect their customers' privacy, and then allows the government to use that data for undefined 'national-security' purposes and without any minimization procedures," Richardson said in her statement.
Obama's order is not as comprehensive as CISPA. Rather than writing new legislation, it simply establishes new government procedures.
Senate Democrats expected to introduce their own cybersecurity bill soon that would complement Obama's order.