Thursday, March 18, 2010

Cybersecurity Act of 2010: Emergency Presidential control of the Internet

http://thebsreport.files.wordpress.com/2009/08/us_control_internet.jpgSen. Jay Rockefeller alarmed technology and telecommunications firms last year when he announced a plan for the president to seize "emergency" control of the Internet. Now the West Virginia Democrat is trying again with a new version that aides hope will be seen as less extreme.

During a closed-door meeting on Capitol Hill on Wednesday attended by about a dozen industry representatives, CNET has learned, Rockefeller's staff pitched a revised version of his controversial cybersecurity legislation.

It says that after the president chooses to "declare a cybersecurity emergency," he can activate a "response and restoration plan" involving networks owned and operated by the private sector. In an attempt to limit criticism, instead of spelling out the plan's details, the latest draft simply says that it must be developed by the White House in advance.

There is no requirement that the emergency response plan be made public, meaning it could still include a forcible disconnection of critical Web sites from the Internet--which is what the March 2009 version of the legislation had proposed.

Larry Clinton, president of the Internet Security Alliance, whose members include Verisign, Verizon, and Raytheon, says no disconnection language is explicitly in the bill: "We are pleased that the 'kill switch' allowing for the government to shut down private sector access to the Internet has been eliminated."

But, Clinton said, "We think the bill still has a long way to go." If the private sector is expected to help out with national security, he said, there ought to be liability protections, insurance breaks, and tax credits for small businesses.

A spokesman for Rockefeller did not respond to repeated requests for comment on Wednesday. Sen. Olympia Snowe, a Maine Republican, is a co-sponsor of the legislation.

The Senate Commerce Committee is scheduled to vote for March 24 on the Rockefeller bill, which will replace an existing measure known as S.773. Because Rockefeller is chairman of the committee, the bill is expected to be approved with little dissent. ...

Other portions of the 62-page draft bill would create certification requirements for "critical infrastructure information system personnel working in cybersecurity" and punish certain companies that "fail to demonstrate" that they comply with federal specifications. A third section would order the National Science Foundation to fund anti-anonymity research that aims to "to determine the origin of a message transmitted over the Internet." ...

The revised Rockefeller bill, called the Cybersecurity Act of 2010, does stress that the White House should develop its cyber-emergency plan "in collaboration" with the private sector. It also says "this section does not authorize...an expansion of existing presidential authorities."

via Emergency Internet control bill gets a rewrite | Politics and Law - CNET News.

This is dangerously foolish. The Internet is how We the People keep tabs on government abuses, as is our right and our duty. Give a small group of people, no matter who they are, the power to disconnect us (for our "protection") and they will have the power to create the ultimate information dictatorship. Once you build central control into what is intended to be a distributed system, you also run an even bigger risk of terrorists knocking out the Internet.

No comments: