Friday, August 28, 2009
A revised version of the bill by Sen. Jay Rockefeller (D-WV) behind closed doors (see excerpt), appears to permit the president to seize temporary control of private-sector networks when the White House during a so-called cybersecurity emergency.
The new bill allows the president to “declare a cybersecurity emergency” relating to “non-governmental” computer networks and do what’s necessary to respond to the threat. Other sections of the proposal include a Federal certification program for “cybersecurity professionals,” and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
According to Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board:
“I think the redraft, while improved, remains troubling due to its vagueness. It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill.”
A spokesman for Rockefeller declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president’s power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001.
When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-ME) introduced the original bill in April, they claimed it was vital to protect national cybersecurity:
“We must protect our critical infrastructure at all costs, from our water to our electricity, to banking, traffic lights and electronic health records.”
Rockefeller’s “all costs” legislation raises troubling concerns about the role of the Federal government in achieving its goal to address the very real threat cybersecurity and limitations on privacy.
Lee Tien, an attorney with the Electronic Frontier Foundation in San Francisco says:
“As soon as you’re saying that the Federal government is going to be exercising this kind of power over private networks, it’s going to be a really big issue.”
Arguably, the most controversial language begins in Section 201, which permits the president to “direct the national response to the cyber threat,” if necessary for “the national defense and security.” The White House is supposed to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the Federal government. “Cyber” is defined as anything to do with the Internet, telecommunications, computers, or computer networks.
Does this include bloggers and Americans who participate on social networking communities like Facebook and Twitter? Such concentrated power in the hands of this, or any other president, is not change that I can believe in.