Declan McCullagh of cnet.com published a story today about Senate Bill 773 introduced on April 1, 2009 by Senator John D. Rockefeller, IV (D-WV) that would give the President emergency control of the Internet. The summary of the bill is as follows:
A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.
McCullagh writes [Emphasis added]:
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
[...]
The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. “As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue,” he says.
Probably the most controversial language begins in Section 201, which permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.” The White House is supposed to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government. (“Cyber” is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)
“The language has changed but it doesn't contain any real additional limits,” EFF's Tien says. “It simply switches the more direct and obvious language they had originally to the more ambiguous (version)…The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it.”
Translation: If your company is deemed “critical,” a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
The Internet Security Alliance's Clinton adds that his group is “supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective.”
Forums
