[Infowarrior] - Bill Giving Obama Power to Shut Web Takes on New Tone

Richard Forno rforno at infowarrior.org
Wed Sep 2 18:26:02 UTC 2009 

Bill Giving Obama Power to Shut Web Takes on New Tone
John Fontana, Network World

Sep 1, 2009 9:50 am

http://www.pcworld.com/article/171207/obama_web_security.html?tk=rss_news

The second draft of a Senate cybersecurity billappears to tone down  
language that would grant President Obama the power to shut down the  
Internet.
The Senate bill, first introduced in April by Senator John Rockefeller  
(D-W. Va.), does, however, still include language that gives Obama the  
authority to direct responses to cyber attacks and declare a cyber  
emergency.

The bill also gives the President 180 days, as opposed to one year  
outlined in the bill's first draft, to implement a cybersecurity  
strategy from the day the bill is passed, which for now could be a  
long way off.

But the language in the first draft of the bill, which has yet to make  
it out of Rockefeller's Senate Committee on Commerce, Science, and  
Transportation and onto the Senate floor, has been rewritten regarding  
the President's authority to shut down both public and private  
networks including Internet traffic coming to and from compromised  
systems.

Critics contend sweeping presidential power isn't good news since  
private networks could be shut down by government order. In addition,  
those same networks could be subject to government mandated security  
standards and technical configurations.

The original bill included the words: "The President may....order the  
limitation or shutdown of Internet traffic to and from any compromised  
Federal government or United States critical infrastructure  
information system or network.

The second draft, which has not been released publicly, rearranges  
those words, according to text of the bill posted by CNet.

The second draft contains more convoluted language concerning the  
President's control over computer networks and it deletes reference to  
the Internet.

It qualifies his authority to include "strategic national interests  
involving compromised Federal Government or United States critical  
infrastructure information system or network," but says he may "direct  
the national response to the cyber threat" in coordination with  
"relevant industry sectors."

The reference to relevant industry sectors is new in the second draft.

The bill still includes language that would have the President  
directing the "timely restoration of the affected critical  
infrastructure information system or network."

Earlier this year, critics expressed concern over potentially giving  
the President power to tell private network operators when they could  
turn their systems back on after a cybersecurity threat.

Proponents, however, including officials from the Center for Strategic  
and International Studies (CSIS), are on record as saying the  
legislation is comprehensive and strong and reflects the need for  
thorough debate around digital security that is long overdue.

The original bill proposed by Rockefeller, and now co-sponsored by  
Evan Bayh (D-Ind.) Bill Nelson (D-Fla.) and Olympia Snowe (R-Maine),  
touched off a storm of debate over how much power the President should  
have to control the operation of "critical infrastructure."

When the bill was release in April, Leslie Harris, president and CEO  
at the Center for Democracy and Technology (CDT), which promotes  
democratic values and constitutional liberties for the digital age,  
told Network World: "We are confident that the communication networks  
and the Internet would be so designated [as critical infrastructure],  
so in the interest of national security the president could order them  
disconnected."

Network World sources said Rockefeller's Commerce, Science, and  
Transportation committee, which includes Senators Mark Begich (D- 
Alaska), Barbara Boxer (D-Calif.) and Maria Cantwell (D-Wash.), spent  
much of the recent Senate recess meeting with stakeholders and groups  
that had problems with the first draft of the bill.

Those meetings are intended to help complete a second draft, which has  
yet to be introduced formally by the committee.

While the sources did not say who was part of those meetings,  
stakeholders could conceivably extend to large service provider  
networks such as those run by Google, Microsoft, AOL, Yahoo and others  
that offer online services and applications to corporations and  
consumers.

In April, Google confirmed it was studying the legislation.

The cybersecurity bill is very much in the early stages and the second  
draft represents progress in drafting the bill's language for the  
committee to debate.

Introduced bills and resolutions first go to committees that  
deliberate, investigate and revise them before they go to general  
debate. The majority of bills and resolutions never make it out of  
committee.

As with any law, both the House and Senate would have to pass the bill  
and the President would have to sign it.

More information about the Infowarrior mailing list