Thread: Bill would give president emergency control of Internet

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."

Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.

A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.

The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.

Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.

The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.

Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)

"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."

Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.

The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."

http://news.cnet.com/8301-13578_3-10320096-38.html

This is the BIG main headline on drudge right now.

Suspicious of this bill also.

Senate Bill Would Give President Emergency Control of Internet
Details of a revamped version of the Cybersecurity Act of 2009 show the Senate bill could give the president a "kill switch" on the Internet and allow him to shut out private networks from online access.

A Senate bill would offer President Obama emergency control of the Internet and may give him a "kill switch" to shut down online traffic by seizing private networks — a move cybersecurity experts worry will choke off industry and civil liberties.

Details of a revamped version of the Cybersecurity Act of 2009 emerged late Thursday, months after an initial version authored by Sen. Jay Rockefeller, D-W.V., was blasted in Silicon Valley as dangerous government intrusion.

"In the original bill they empowered the president to essentially turn off the Internet in the case of a 'cyber-emergency,' which they didn't define," said Larry Clinton, president of the Internet Security Alliance, which represents the telecommunications industry.

"We think it's a very bad idea ... to put in legislation," he told FOXNews.com.

Clinton said the new version of the bill that surfaced this week is improved from its first draft, but troubling language that was removed was replaced by vague language that could still offer the same powers to the president in case of an emergency.

"The current language is so unclear that we can't be confident that the changes have actually been made," he said.

The new legislation allows the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and make a plan to respond to the danger, according to an excerpt published online — a broad license that rights experts worry would give the president "amorphous powers" over private users.

"As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, told CNET News.

A Senate source familiar with the bill likened the new power to take control of portions of the Internet to what President Bush did when he grounded all aircraft on Sept. 11, 2001, CNET News reported.

Spokesmen for Senator Rockefeller and the Commerce Committee did not return calls seeking comment before this article was published.

But Rockefeller, who introduced the bill in April with bipartisan support, said the legislation was critical to protecting everything from water and electricity to banking, traffic lights and electronic health records.

"I know the threats we face," Rockefeller said in a prepared statement when the legislation was introduced. "Our enemies are real. They are sophisticated, they are determined and they will not rest."

The bill would also let the government create a detailed set of standards for licensing "cybersecurity professionals" who would oversee a single standard for security measures.

But many in the technology sector believe it's a job the government is ill-equipped to handle, said Franck Journoud, a policy analyst with the Business Software Alliance.

"Simply put, who has the expertise?" he told FOXNews.com in April. "It's the industry, not the government. We have a responsibility to increase and improve security. That responsibility cannot be captured in a government standard."

Clinton, of the Internet Security Alliance, praised President Obama's May science policy review, which he said would take cybersecurity in the right direction by promoting incentives to get the private industry to improve its own security measures.

But he faulted the Senate bill, which he said would centralize regulations for an industry that is too varied to fall under the control of a single set of rules without endangering the economy and security.

"We think a lot of things need to be done to enhance cybersecurity," he told FOXNews.com, but this bill is "not something that we could support."

http://www.foxnews.com/politics/2009/08 ... -internet/

This crap is beginning not to be funny

Originally Posted by TexasBorn

This crap is beginning not to be funny

So true, it's getting scary!

It almost looks like he's planning a bloodless coup, hope this wakes up more people.

What constitutes a cyber-security emergency? Who has oversight over the executive branch? I can understand blocking to prevent hackers from getting into critical government and military systems, or to restore such systems if attacked by viruses, malware, etc. But I am also concerned about what limits will be placed on the executive branch if this is ever invoked. Moreover, I don't think the government manages its own IT very well, so how can we rely on them to 'fight a cyberwar'.

Truth spoken, 4th.
And for some reason Olympia Snowe has always made me a bit uncomfortable: a wolf in Republican clothing, perhaps.

You dont think? , well then again , naw . But they are pretty darn ignorant .
Obama was most likely briefed by health and human services and homeland security that those crazy patriotic conservative nut jobs may try sending the swine flu vrus over the internet . They must stop it now !
Cmon now this administration is only trying to protect us from ourselves .
Perhaps a self destruction czar for them . My compliments . Thats change the whole administration along with Pelosi and Reed need .
As I wrote in newbie Joes post on this subject last nite " control / shut down the internet " ? That would be impressive LOL .
Some give these goofballs way to much credit . I think they all have to help each other tie their shoes . Now thats scarey . As always My Opinion .

This is so Big Brother that I’m at a loss for words... People freaked about the government being able to monitor phone calls. This potentially takes it to a much higher level. This could quickly evolve into a “Fairness Doctrineâ€