[Infowarrior] - Emergency Presidential control of Internet?
Richard Forno
rforno at infowarrior.org
Fri Aug 28 12:22:58 UTC 2009
August 28, 2009 12:34 AM PDT
Bill would give president emergency control of Internet
by Declan McCullagh
http://news.cnet.com/8301-13578_3-10320096-38.html?part=rss&subj=news&tag=2547-1_3-0-20
Internet companies and civil liberties groups were alarmed this spring
when a U.S. Senate bill proposed handing the White House the power to
disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen.
Jay Rockefeller, a West Virginia Democrat, have spent months drafting
behind closed doors. CNET News has obtained a copy of the 55-page
draft (excerpt), which still appears to permit the president to seize
temporary control of private-sector networks during a so-called
cybersecurity emergency.
The new version would allow the president to "declare a cybersecurity
emergency" relating to "non-governmental" computer networks and do
what's necessary to respond to the threat. Other sections of the
proposal include a federal certification program for "cybersecurity
professionals," and a requirement that certain computer systems and
networks in the private sector be managed by people who have been
awarded that license.
"I think the redraft, while improved, remains troubling due to its
vagueness," said Larry Clinton, president of the Internet Security
Alliance, which counts representatives of Verizon, Verisign, Nortel,
and Carnegie Mellon University on its board. "It is unclear what
authority Sen. Rockefeller thinks is necessary over the private
sector. Unless this is clarified, we cannot properly analyze, let
alone support the bill."
Representatives of other large Internet and telecommunications
companies expressed concerns about the bill in a teleconference with
Rockefeller's aides this week, but were not immediately available for
interviews on Thursday.
A spokesman for Rockefeller also declined to comment on the record
Thursday, saying that many people were unavailable because of the
summer recess. A Senate source familiar with the bill compared the
president's power to take control of portions of the Internet to what
President Bush did when grounding all aircraft on Sept. 11, 2001. The
source said that one primary concern was the electrical grid, and what
would happen if it were attacked from a broadband connection.
When Rockefeller, the chairman of the Senate Commerce committee, and
Olympia Snowe (R-Maine) introduced the original bill in April, they
claimed it was vital to protect national cybersecurity. "We must
protect our critical infrastructure at all costs--from our water to
our electricity, to banking, traffic lights and electronic health
records," Rockefeller said.
The Rockefeller proposal plays out against a broader concern in
Washington, D.C., about the government's role in cybersecurity. In
May, President Obama acknowledged that the government is "not as
prepared" as it should be to respond to disruptions and announced that
a new cybersecurity coordinator position would be created inside the
White House staff. Three months later, that post remains empty, one
top cybersecurity aide has quit, and some wags have begun to wonder
why a government that receives failing marks on cybersecurity should
be trusted to instruct the private sector what to do.
Rockefeller's revised legislation seeks to reshuffle the way the
federal government addresses the topic. It requires a "cybersecurity
workforce plan" from every federal agency, a "dashboard" pilot
project, measurements of hiring effectiveness, and the implementation
of a "comprehensive national cybersecurity strategy" in six months--
even though its mandatory legal review will take a year to complete.
The privacy implications of sweeping changes implemented before the
legal review is finished worry Lee Tien, a senior staff attorney with
the Electronic Frontier Foundation in San Francisco. "As soon as
you're saying that the federal government is going to be exercising
this kind of power over private networks, it's going to be a really
big issue," he says.
Probably the most controversial language begins in Section 201, which
permits the president to "direct the national response to the cyber
threat" if necessary for "the national defense and security." The
White House is supposed to engage in "periodic mapping" of private
networks deemed to be critical, and those companies "shall share"
requested information with the federal government. ("Cyber" is defined
as anything having to do with the Internet, telecommunications,
computers, or computer networks.)
"The language has changed but it doesn't contain any real additional
limits," EFF's Tien says. "It simply switches the more direct and
obvious language they had originally to the more ambiguous
(version)...The designation of what is a critical infrastructure
system or network as far as I can tell has no specific process.
There's no provision for any administrative process or review. That's
where the problems seem to start. And then you have the amorphous
powers that go along with it."
Translation: If your company is deemed "critical," a new set of
regulations kick in involving who you can hire, what information you
must disclose, and when the government would exercise control over
your computers or network.
The Internet Security Alliance's Clinton adds that his group is
"supportive of increased federal involvement to enhance cyber
security, but we believe that the wrong approach, as embodied in this
bill as introduced, will be counterproductive both from an national
economic and national secuity perspective."
More information about the Infowarrior
mailing list