Posted on 08/28/2009 8:13:33 AM PDT by Ernest_at_the_Beach
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."
Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.
A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.
When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.
The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.
Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.
The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.
Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)
"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."
Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."
Cool :) It’s mentioned in the CCNA V4.0 curriculum. You probably used the V3.0 curriculum. Have a look - it’s very well done.
So the President could take over an American based global company’s intranet for cyber security reasons? YIKES!
Let’s see... how many people just can’t make it to the 9/12 D.C. event?
If ever there was a reason to drive, ride, walk, run, or crawl there, THIS IS IT.
Yep. Post HASTE!
In some places “Downriver” (just south of Detroit), you can swim to Canada. A few hundred feet.
It’s where my DHs family used to row across to run rum down to Peoria.
If need be, you could send a radio controlled boat with a message to someone on the other side.
I can’t figure out how to get a license on the Arrl.org site!!!
I believe the 6 months behind closed doors was not in writing the bill but in planning HOW they could accomplish this. Without that, the bill would be like giving the Resident control of mars.
Accurately presuming that they will have free reign while conservative groups are gone after.
Watch for phrases like “special controls to protect Americans”.
BTTT
So this is satire???
you can’t just get a license by clicking somewhere on the ARRL website. The entry level license requires passing an actual FCC examination which evaluates knowledge of FCC rules and regulations as well as basic electronics and radio theory. The ARRL is the non-profit organization which lobbies congress to help preserve amateur radio. There are hams which volunteer to help people become hams and proctor the examinations. The ARRL will have a list of those people - known as “elmers”. They also have extensive literature which you can purchase to help you pass the exam. The codeless technician license not that difficult.
This was the one I saw that was satire... :-)
Bill Granting President Authority to Shutdown Internet Advances
http://www.freerepublic.com/focus/f-bloggers/2327698/posts
from...
A Semi-News/Semi-Satire from AzConservative
http://azconserv1.wordpress.com/2009/08/29/bill-granting-president-authority-to-shutdown-internet-advances/
—
As for the other legitimate news sources... I would take those details in those articles as factual... on the other hand...
Would it be possible to just listen without a license?
I guess I’m looking for a way to get information if the internet is censored.
Reference bump.
You said — I wonder how those ridiculous persons would have responded had the previous administration bee drafting a bill like this? If this is enacted I will hold all Democrats (and RINOS) equally responsible. Ignorance is no excuse.
—
The cybersecurity issue has been going on for quite a long time now. I’ve been reading about cyber-war activities of other governments (the Chinese, Russian and North Koreans) for many years, with them being said to have teams of cyber-warriors, sponsored by those respective governments and designed to probe, map and be able to shut down other countries’ systems. The example of the Russians doing that very thing to one of their former satellite countries is an example and case-in-point...
The following is from another post that I did on another thread...
Well, this issue transcends one administration. It’s something that has occupied three administrations. In fact the report talks about a major intrusion into government resources from unknown sources and then classified top secret after it happened (could have been Chinese or North Korean or Russian attacks). This could be setting up an attack over these vectors in preparation for an all-out attack. That’s very likely. I understand the Chinese have teams probing the U.S.
And, of course, the issue, when discussing these things always comes down to civil liberties versus national security (or security in general).... it’s a long-standing argument in any case...
The interesting thing here — is — that anyone who has a distrust in the Obama Administration (in regards to this security and the measures needed to secure the network) — would actually be taking the *liberal position* of organization like ACLU for “privacy” versus government action in terms of being able to protect itself and its citizens (which is usually a more ‘conservative issue”... :-) ....).
from... The Slow Road to Cybersecurity
http://freerepublic.com/focus/f-news/2326386/posts
You said — Hello ACLU?? Where are you??
—
The interesting thing here... is that it’s those very same (and so-called) “liberal groups” that would have been shunned in the past by many conservatives here... who are raising these issues, it seems...
For example this very article itself, is from one *well-known* liberal and privacy advocate, throughout all administrations... and has a very long-standing column/newsletter in regards to many of these issues — of which *this article* is one example... :-)
You asked — Where are all the civil liberties groups and the ACLU at now?
—
LOL..., you might not know it... but Declan McCullagh is one of those very same fellows... :-)
Define: emergency & threat
Well, that's an easy one that people here at Free Republic should be able to "identify with" -- since we've been "under attack" a number of times by "cybersecurity issues"...
Jim Robinson has posted a few times that we've been under attack by means of DoS or DDoS attacks...
This is from Wikipedia on Denial-of-service attack ...
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
SO..., one clear definition for that kind of emergency or threat would simply be any computer and/or connection to the Internet that was engaging in a DDoS attack. I would say that should result in an immediate disconnection from the Internet if that computer is doing so.
If that were the case and the ISP and other telecommunications companies shut down anyone's computer that became compromised and was thus engaging in cyber-security issues, because the owner of that computer could not take care of his own computer adequately -- then -- that person should be shut off immediately from the Internet, until such time as they have cleaned up their own system so that they are not engaging in further attacks.
On the other hand, if that computer/person is directly engaging in these attacks, as in originating them, that computer should be banned from being on the Internet ever in any case, and that person doing so, should be banned from that ISP or telecommunications firm and/or put on a "black-list" to never be able to get another Internet connection, unless they put up a deposit, first -- adequate to the costs of correcting another DDos attack from their Internet connection.
That would be one such example of a definition and a means by which that kind of person should be dealt with...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.