[Infowarrior] - Groups Warn New Cybersecurity Bill Oversteps

Wed Apr 8 02:19:24 UTC 2009

www.internetnews.com/government/article.php/3814171

Back to Article

Groups Warn New Cybersecurity Bill Oversteps
By Kenneth Corbin
April 7, 2009

White House and the Internet
Could President Obama get the power to shut down the Internet?

That's the concern of some digital rights groups, who fear that last  
week's sweeping cybersecurity bill could give the government overly  
broad power to regulate the Internet in times of crisis -- or even  
pull the plug on it entirely.

One group, the Center for Democracy and Technology (CDT), quickly  
lashed out at the Senate bill for aiming to give the "federal  
government extraordinary power over private sector Internet services,  
applications and software."

The bill, introduced by Commerce Committee Chairman John Rockefeller,  
D-W.V., and Olympia Snowe, R-Maine, aims to strengthen coordination  
between the public and private sectors in response to Internet  
threats, but the CDT fears that it goes too far.

One of the most troubling parts of the bill to the group is a clause  
that would give the president authority to "declare a cybersecurity  
emergency and order the limitation or shutdown of Internet traffic to  
and from any compromised federal government or United States critical  
infrastructure information system or network."

To the CDT, that raises the possibility of the government leaning on  
commercial ISPs to shut down Internet service, declaring a sort of  
digital martial law.

The group also expressed concern that the bill would empower agencies  
within the Commerce Department to run roughshod over consumer privacy  
in the name of tracking down cyberattacks.

"The cybersecurity threat is real, but such a drastic federal  
intervention in private communications technology and networks could  
harm both security and privacy," CDT President and CEO Leslie Harris  
said in a post on the group's Web site.

A spokeswoman the Electronic Frontier Foundation, another digital- 
rights group famous for tangling with the government over Internet and  
privacy issues, told InternetNews.com that the group is concerned with  
the implications of the bill, but that its attorneys are still  
reviewing the language.

A staffer at the Commerce Committee told InternetNews.com that the  
bill was introduced only as a draft, and that the final language is  
likely to change.

"This legislation is the very beginning of the process -- the  
objective of this cybersecurity bill is to start the debate," said  
Rockefeller spokeswoman Jena Longo. "Chairman Rockefeller encourages  
comments from all parties, he is sitting down with stakeholders  
already and he welcomes input from those who have concerns about this  
legislation and those who are supportive."

Congress is in recess this week and next. On return, Rockefeller is  
likely to hold a hearing on the bill in short order. Last month, he  
chaired a hearing on cybersecurity that he promised would be the  
"first of several," saying that he was deeply troubled by the  
country's level of vulnerability.

By that time, the comprehensive review of the government's various  
cybersecurity programs President Obama commissioned is due to be  
completed. Obama tasked Melissa Hathaway, a senior intelligence  
official in the Bush administration, to meet with stakeholders in the  
public and private sectors and compile a report with recommendations  
for how to shore up federal cybersecurity efforts.

The extent to which Hathaway's findings informed the Rockefeller-Snowe  
bill is unclear, but a source familiar with the matter said the  
senator had been in contact with the White House on the matter.

But the CDT, which met with Hathaway's team last month, has been  
critical of that process, as well, claiming that the government's  
efforts have been "shrouded in too much secrecy."

The CDT has warned that heavy-handed government involvement in the  
private sector could inadvertently stifle on innovation, with the  
ultimate effect of making the country less secure.

The Rockefeller-Snowe bill, for instance, calls on the Commerce  
Department to set binding standards for cybersecurity systems that  
would be enforceable throughout the private sector.

Hathaway is due to present her report April 17.