Skip to content

Rockefeller-Snowe: ‘Internet Takeover’ Panic

30 August 2009
tags: ,
by Tim Stevens

It’s always difficult to add something to a story that’s already plastered across the internet. This story, for example, has already been ‘dugg’ nearly 5000 times.

The ruckus is over amendments to the proposed Rockefeller-Crowe cybersecurity bill S.773. The earlier version dealt with national cybersecurity, and effectively proposed that responsibilities for such should be concentrated in the White House. This led to calls for what has popularly been characterised as a ‘cyber czar’, and a proposal that the president be able ‘to disconnect a Federal or critical infrastructure network from the Internet if they are found to be at risk of cyber attack.’

The earlier draft [summary pdf] was analysed by the Center for Democracy and Technology in Washington, DC:

The Rockefeller/Snowe Cybersecurity Act of 2009 fails to draw appropriate distinctions between the telecommunications sector and other critical infrastructures, and applies heavy-handed government mandates to both, putting at risk civil liberties and innovation.

Although they additionally concluded:

The bill also includes market-based proposals and measures that could properly enhance the security of critical infrastructure information systems.

So, a mixed bag. One assumes that the amended version [pdf] was intended to address the concerns of the CDT and other advisory parties to the drafting process, but Declan McCullagh had the scoop on Friday:

The new version would allow the president to ‘declare a cybersecurity emergency’ relating to ‘non-governmental’ computer networks and do what’s necessary to respond to the threat. Other sections of the proposal include a federal certification program for ‘cybersecurity professionals,’ and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

Rockefeller’s revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a ‘cybersecurity workforce plan’ from every federal agency, a ‘dashboard’ pilot project, measurements of hiring effectiveness, and the implementation of a ‘comprehensive national cybersecurity strategy’ in six months – even though its mandatory legal review will take a year to complete.

I’ve posted a bunch of links below by people with far greater understanding of the issues than me, but a few things occur to me:

  • it seems extraordinary that such ‘powers’ do not already exist; I’m sure there are contingency plans for all manner of control/takedown/ co-option of civilian communications networks in national emergency situations (Note: do not construe this as advocacy of such – it’s merely an observation)*
  • what constitutes a national cyber emergency?
  • centralising control sounds like exactly the wrong thing to do
  • it’s a bit rich coming from a government whose Department of Homeland Security has failed cybersecurity audits every year since its inception
  • clarification of scope, responsibility, intent, etc?
  • the internet doesn’t work like that
  • it won’t succeed – unless you turn the electricity off …
  • it’s not a law yet, people.

.

And so on. It’s worth reading all the posts below, as they take slightly different views on the issue. All agree that there’s some way to go yet.

I would say though, that it’s great that the US public is engaged with this – there’s very little such conversation going on in the UK. But then again, Congress has been very open about its legislation in this area. Not only should the UK government learn from the issues that this raises, but also perhaps consider widening the scope of its consultations ahead of any future policy, let alone legislation.

Selected posts:

Mike Tanji, From My Cold, Dead Hands, Threats Watch

Marc Ambinder, On Cyber Bill, Skepticism Warranted – But Nuance Needed, The Atlantic

Wayne Crews, Bill Would Give Obama ‘Cybersecurity Emergency’ Powers, Technology Liberation Front

Xeni Jardin, US Senate Cyber Security Bill Sparks Debate, ‘Internet Takeover’ Fears, Boing Boing

[h/t Aaron]

.

*Update:

There are indeed such powers available to the President. At least two that I’ve become aware of:

War Powers Act (1973)

International Emergency Economic Powers Act (1977)

from → ubiwar

Leave a Reply

Note: You can use basic XHTML in your comments.

Subscribe to this comment feed via RSS