The Obama administration last year reported not using expanded cybersecurity powers authorized by the White House, six months after the decree was made.
Secretary of the Treasury Jack Lew said in October that the department had not designated any “entities or individuals” under the rule.
Lew made the declaration in a regular update to Congress reported on Wednesday by Steven Aftergood, a transparency activist and national security researcher with the Federation of American Scientists.
President Obama issued Executive Order 13694 on April 1, 2015, in response to the mass cyber attack suffered in December 2014 by Sony Entertainment.
It was alleged by federal officials that the North Korean government perpetrated the attack in response to a Seth Rogen and Evan Goldberg comedy called “The Interview”–about a plot to assassinate North Korea’s leader, Kim Jong Un.
There have been doubts expressed about the involvement of Pyongyang. Among those who are skeptical, apparently, are the filmmakers themselves.
“[W]e still debate whether or not it was North Korea,” Rogen told Business Insider in May.
The Executive Order allows the Treasury Secretary to “impose sanctions on individuals or entities that engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
Observers have noted that the emergency powers are potentially ripe for abuse.
Under the Obama administration, for example, electronic payment processing companies stopped serving Wikileaks after coming under pressure from the US government. Federal officials were upset at the website for publishing hundreds of thousands of classified documents—an act protected by the First Amendment.
Journalist Marcy Wheeler also noted that “trade secrets” language and provisions targeting those “complicit” in hacks could be leveraged by the executive branch to undermine adversarial reporting.
“Does WikiLeaks’ publication of secret Trans-Pacific Partnership negotiations qualify?” she asked. “Does Guardian’s publication of contractors’ involvement in NSA hacking?”
Aftergood himself noted that “there are typically multiple ‘national emergencies’ in progress at any given time,” without the majority of the public being aware.
In defending the executive order, the Obama administration said it won’t authorize anything less than a massive attack.
“You can’t use it to go after Joe Schmo the petty criminal,” an official told The Washington Post. “You’ve got to be able to demonstrate [the activity] is on a scale that’s harmful to the United States as a whole.”
