The White House confirmed Friday that President Obama is indeed considering enacting an executive order to address cybersecurity. That means that even though the Cybersecurity Act of 2012 (CSA) was recently defeated in Congress, Obama could sign a version of that bill into law on his own.

In an open letter to Sen. Jay Rockefellar (D-W.Va.), Obama’s chief counterterrorism advisor John Brennan wrote:

“[W]e are exploring an executive order to direct executive branch departments and agencies to secure the nation's critical infrastructure by working with the private sector. To that end, we appreciate your specific suggestions.”

That Brennan addressed his letter to Rockefellar, chair of the committee on Commerce, Science, and Transportation, is likely no coincidence. Rockefellar and the president have long indicated a preference for the Cybersecurity Act of 2012 (CSA), which was defeated in the Senate in August, over other cybersecurity bills like the Cyber Intelligence Security Protection Act (CISPA). Rockefellar was a cosponsor of the CSA, and Obama’s advisors threatened to veto CISPA.

The potential executive order has received serious contention from senators with vastly different ideas of how the U.S. should deal with cybersecurity.

Three Republican senators, including John McCain (R-Ariz.) argued in the Wall Street Journal Thursday that Obama’s potential executive order “unilaterally imposes more mandates and regulations on the private economy,” echoing the same arguments the Chamber of Commerce used when lobbying senators to vote against the CSA. The three senators instead called for a “a strong information-sharing bill” like CISPA or the similar Senate bill introduced by McCain, the SECURE IT Act.

On the other side of the aisle, Ron Wyden (D-Oreg.), the only member of the Senate to sign the Declaration of Internet Freedom, wrote to Obama’s cybersecurity coordinator with cautious praise for the move. While he supported the general idea of the order—that private companies should be given incentives to adopt stricter security standards—Wyden insisted that new regulations shouldn’t apply to every site:

“There is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules.”

Techdirt published a leaked draft of the executive order, which resembles the CSA, on Friday. The Daily Dot has contacted several legal experts for their interpretation of how it would affect users’ online privacy.

When asked about the draft, a White House representative told the Daily Dot that “we’re not going to comment on ongoing internal deliberation.” When asked about Obama’s commitment to user privacy, she pointed to previous official remarks on the CSA’s defeat in the Senate, which said a cybersecurity bill would need “essential safeguards to preserve the privacy rights and civil liberties of our citizens.”

Photo via Wikimedia Commons