拜登签署行政令 加强对美国人敏感数据的保护

2021年6月9日,美国总统拜登前签署了《关于保护美国人的敏感数据不受外国敌对势力侵害的行政命令》。本公号第一时间翻译了全文,供大家参考。

Executive Order onProtecting Americans’ Sensitive Data from Foreign Adversaries

June 09, 2021 • Presidential Actions

By the authority vested in me as President by theConstitution and the laws of the United States of America, including theInternational Emergency Economic Powers Act (50 U.S.C. 1701 et seq.)(IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), andsection 301 of title 3, United States Code,

I, JOSEPH R. BIDEN JR., President of the United Statesof America, find that it is appropriate to elaborate upon measures toaddress the national emergency with respect to the information andcommunications technology and services supply chain that was declared inExecutive Order 13873 of May 15, 2019 (Securing the Information andCommunications Technology and Services Supply Chain). Specifically, theincreased use in the United States of certain connected softwareapplications designed, developed, manufactured, or supplied by persons owned orcontrolled by, or subject to the jurisdiction or direction of, a foreignadversary, which the Secretary of Commerce acting pursuant to Executive Order13873 has defined to include the People’s Republic of China, among others,continues to threaten the national security, foreign policy, and economy of theUnited States. The Federal Government should evaluate these threatsthrough rigorous, evidence-based analysis and should addressany unacceptable or undue risks consistent with overall national security,foreign policy, and economic objectives, including the preservation anddemonstration of America’s core values and fundamental freedoms.

By operating on United States information andcommunications technology devices, including personal electronic devices suchas smartphones, tablets, and computers, connected software applications canaccess and capture vast swaths of information from users, including UnitedStates persons’ personal information and proprietary business information. This data collection threatens to provide foreign adversaries with accessto that information. Foreign adversary access to large repositories ofUnited States persons’ data also presents a significant risk.

In evaluating the risks of a connected softwareapplication, several factors should be considered. Consistent with thecriteria established in Executive Order 13873, and in addition to the criteriaset forth in implementing regulations, potential indicators of risk relating toconnected software applications include: ownership, control, ormanagement by persons that support a foreign adversary’s military,intelligence, or proliferation activities; use of the connected software applicationto conduct surveillance that enables espionage, including through a foreignadversary’s access to sensitive or confidential government or businessinformation, or sensitive personal data; ownership, control, or management ofconnected software applications by persons subject to coercion or cooption by aforeign adversary; ownership, control, or management of connected softwareapplications by persons involved in malicious cyber activities; a lack ofthorough and reliable third-party auditing of connected software applications;the scope and sensitivity of the data collected; the number and sensitivity ofthe users of the connected software application; and the extent to whichidentified risks have been or can be addressed by independently verifiablemeasures.

The ongoing emergency declared in Executive Order13873 arises from a variety of factors, including the continuing effort offoreign adversaries to steal or otherwise obtain United States persons’data. That continuing effort by foreign adversaries constitutes anunusual and extraordinary threat to the national security, foreign policy,and economy of the United States. To address this threat, the UnitedStates must act to protect against the risks associated with connected softwareapplications that are designed, developed, manufactured, or supplied by personsowned or controlled by, or subject to the jurisdiction or direction of, aforeign adversary.

Additionally, the United States seeks to promoteaccountability for persons who engage in serious human rights abuse. If personswho own, control, or manage connected software applications engage in serioushuman rights abuse or otherwise facilitate such abuse, the United States mayimpose consequences on those persons in action separate from this order.

Accordingly, it is hereby ordered that:

Section 1. Revocation of Presidential Actions. The following orders are revoked: Executive Order 13942 of August 6,2020 (Addressing the Threat Posed by TikTok, and Taking Additional Steps ToAddress the National Emergency With Respect to the Information andCommunications Technology and Services Supply Chain); Executive Order 13943 ofAugust 6, 2020 (Addressing the Threat Posed by WeChat, and Taking AdditionalSteps To Address the National Emergency With Respect to the Information andCommunications Technology and Services Supply Chain); and Executive Order 13971of January 5, 2021 (Addressing the Threat Posed by Applications and OtherSoftware Developed or Controlled by Chinese Companies).

Sec. 2. Implementation. (a) TheDirector of the Office of Management and Budget and the heads of executivedepartments and agencies (agencies) shall promptly take steps to rescindany orders, rules, regulations, guidelines, or policies, or portionsthereof, implementing or enforcing Executive Orders 13942, 13943, or 13971, asappropriate and consistent with applicable law, including the AdministrativeProcedure Act, 5 U.S.C. 551 et seq. In addition, anypersonnel positions, committees, task forces, or other entities established pursuantto Executive Orders 13942, 13943, or 13971 shall be abolished, as appropriateand consistent with applicable law.

(b) Not later than 120 days after the date of thisorder, the Secretary of Commerce, in consultation with the Secretary of State,the Secretary of Defense, the Attorney General, the Secretary of Health andHuman Services, the Secretary of Homeland Security, the Director of NationalIntelligence, and the heads of other agencies as the Secretary of Commercedeems appropriate, shall provide a report to the Assistant to the President andNational Security Advisor with recommendations to protect against harm from theunrestricted sale of, transfer of, or access to United States persons’sensitive data, including personally identifiable information, personal healthinformation, and genetic information, and harm from access to large datarepositories by persons owned or controlled by, or subject to the jurisdictionor direction of, a foreign adversary. Not later than 60 days after thedate of this order, the Director of National Intelligence shall provide threatassessments, and the Secretary of Homeland Security shall provide vulnerabilityassessments, to the Secretary of Commerce to support development of the reportrequired by this subsection.

(c) Not later than 180 days after the date of thisorder, the Secretary of Commerce, in consultation with the Secretaryof State, the Secretary of Defense, the Attorney General, the Secretary ofHomeland Security, the Director of the Office of Management and Budget, and theheads of other agencies as the Secretary of Commerce deems appropriate, shallprovide a report to the Assistant to the President and National SecurityAdvisor recommending additional executive and legislative actions to addressthe risk associated with connected software applications that are designed,developed, manufactured, or supplied by persons owned or controlled by, orsubject to the jurisdiction or direction of, a foreign adversary.

(d) The Secretary of Commerce shall evaluate on acontinuing basis transactions involving connected software applications thatmay pose an undue risk of sabotage or subversion of the design, integrity,manufacturing, production, distribution, installation, operation, or maintenanceof information and communications technology or services in the United States;pose an undue risk of catastrophic effects on the security or resiliency of thecritical infrastructure or digital economy of the United States; or otherwisepose an unacceptable risk to the national security of the United States or thesecurity and safety of United States persons. Based on the evaluation,the Secretary of Commerce shall take appropriate action in accordance withExecutive Order 13873 and its implementing regulations.

Sec. 3. Definitions. For purposes of thisorder:

(a) the term “connected software application” meanssoftware, a software program, or a group of software programs, that is designedto be used on an end-point computing device and includes as an integralfunctionality, the ability to collect, process, or transmit data via theInternet;

(b) the term “foreign adversary” means any foreigngovernment or foreign non-government person engaged in a long-term pattern orserious instances of conduct significantly adverse to the national security ofthe United States or security and safety of United States persons;

(c) the term “information and communicationstechnology or services” means any hardware, software, or other product orservice primarily intended to fulfill or enable the functionof information or data processing, storage, retrieval, or communication byelectronic means, including transmission, storage, and display;

(d) the term “person” means an individual or entity;and

(e) the term “United States person” means any UnitedStates citizen, lawful permanent resident, entity organized under the laws ofthe United States or any jurisdiction within the United States (includingforeign branches), or any person in the United States.

Sec. 4. General Provisions.

(a) Nothingin this order shall be construed to impair or otherwise affect:

(i) the authority grantedby law to an executive department or agency, or the head thereof; or

(ii) the functions of theDirector of the Office of Management and Budget relating to budgetary,administrative, or legislative proposals.

(b) This order shall be implemented consistent withapplicable law and subject to the availability of appropriations.

(c) This order is not intended to, and does not,create any right or benefit, substantive or procedural, enforceable at law orin equity by any party against the United States, its departments, agencies, orentities, its officers, employees, or agents, or any other person.

JOSEPH R. BIDEN JR.

THE WHITE HOUSE,

June 9, 2021.

声明:本文来自网信企业对外合作促进,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。