Posted on 08/28/2009 8:13:33 AM PDT by Ernest_at_the_Beach
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."
Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.
A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.
When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.
The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.
Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.
The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.
Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)
"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."
Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."
Sounds a lot like the scenario from Fallout 3 and the radio broadcasts one hears traveling the wasteland to rebel against the mutants..no one really knows where the broadcasts originate from till the end of the game..
“This is an example of what’s sooooooo disturbing about these people. This is a huge piece of news- but there’s SO MUCH ELSE he’s got us looking at that this isn’t on the radar.”
More folks than Tea Party curmudgeons and Freepers are getting it. It’s all part of the same strategy, and it has to be taken down. Just like the Taliban and al Qeada.
And he [that is the false prophet under the Anti-Christ] causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the number of the beast [that is the Anti-Christ], or the number of his name...
Time for “The UNDERNET”.
I'll do better - I'll respect you and others like you.
marker
Thank you for the photo. We need to see this every day and pass the word!
can I borrow that jpg?
bfl to ask someone how the HECK to do this......
Well thats a familiar theme with this bunch in the WH
Read the bill. He doesn’t want control of the internet, he wants to be able to shut down private access to it in case of an emergency. Just like IRAN shut down the ability of their people to TWITTER what was going on. He can use it to shut us down when he puts us under martial law.
I'm not sure that I could bring down my complete network without a few weeks of work, on site, in a lot of remote and somewhat dangerous locations. My downtime numbers reflect how robust my network is.
/johnny
“The real bone here is that they really intend to control communication between the citizens.”
They control the majority of media, if they shut down the internet, organizing and communicating between patriots would be dramatically reduced. So we would basically go back to eating what was put on our plates.
Taking over just a handful of major backbones and ISPs gives them control of most of the Internet traffic in the US.
Emergency:Polls falling below 45%
Threat:Polls falling below 30%
Another step toward fascism. God save America.
And so that will be it. But just for a while.
I didn’t go through the whole thread, but speaking as a CyberSecurity professional, there is ALWAYS a “cybersecurity emergency” occurring in the US segments of the internet at any given time. Just as there is always a perpetual “state of emergency” that certain executive orders are always poised to exploit if the need should arise. If this bill passes, the office of the president will have the ability to shut down the US system anytime something happens he doesn’t like, simply by pointing at whatever Chinese, North Korean, or Eastern European hacker club happens to be trying to break into NASA that day and invoking the bill.
And to those pointing out the distributed nature of the internet, you are correct, to a point. However, there is a “backbone” if you will, and it along with the top-level DNS servers (or server clusters) can be co-opted; and if they are, the internet is effectively crippled. Recall what happened when that Korean team nailed just one of the 13 top-level domain DNS machines a couple of years ago.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.