Monday, April 06, 2009

"The Cybersecurity Act of 2009." What is it? What does it mean?

I admit to ignorance, I have only seen mention of this bill this morning and have not studied things nor formed any opinions. My aim is to get a post up quickly, and then after notice is given on this blog to see if I form any thoughts worth a follow-up posting.

First, this Google.

Search at the EFF site [homepage link also given on the sidebar] indicates that they've yet to articulate a policy position.

I did not see any prominent local blogging in the first few Google hits, but I did not go far enough down the list to be able to say it's not yet covered locally in blogging or mainstream media.

Mother Jones, April 2, here.

Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?

Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.

The Cybersecurity Act of 2009 (PDF) gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.

The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.

Rockefeller made cybersecurity one of his key issues as a member of the Senate intelligence committee, which he chaired until last year. He now heads the Committee on Commerce, Science and Transportation, which will take up this bill.

"We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on," Rockefeller said in a statement. Snowe echoed her colleague, saying, "if we fail to take swift action, we, regrettably, risk a cyber-Katrina."

But the wide powers outlined in the Rockefeller-Snowe legislation has at least one Internet advocacy group worried. "The cybersecurity threat is real," says Leslie Harris, head of the Center for Democracy and Technology (CDT), "but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."


See this CDT page, also. Their pdf download, here. (Same doc title as the MJ link, I have not checked to see if it's the identical pdf item.)

ComputerWorld, here.

Ron Paul, here.

How did you learn of this pending legislation, if not reading of it first on Crabgrass? Leave a comment if you've other links.

My first indication of the pending bill was from a site I do not frequently access, but which I looked at this morning: worldnetdaily.com, re the bill - here, this screenshot.



The screenshot is for illustrative/summary purposes. Go to the original, for the links. The EFF-Granick quote is interesting, referencing back to MJ on it, but the link given is only to the EFF homepage - which, as noted, has not posted a position on the pending matter. Seeing this first on WorldNewsDaily.com --- It shows reading the other guys' stuff sometimes is useful.

_______UPDATE________
Has anyone knowledge/opinion/belief whether Obama's actual or very near Harvard Law School magna cum laude and Law Review contempory, Viet Dihn, had any hand or input into the authoring of this new little hummer - he, like Jimmy Hendrix but in different things, is "experienced" [see here, here, here and here].

It would be no surprise to see this as more spreading VD around DC and the nation.

_______FURTHER UPDATE________
Additional links of interest, here (Richard Korman at ZDNet with further links, including this press release); cnet news; Korman from last November and about government data warehouse outsourcing; a conference about threat from an "internet meltdown;" and then TIA stuff from earlier times this decade, here, here, here, here here and here. Is this new thing really nothing new; simply TIA reproposed, dressed in slacks instead of a skirt; Poindexter voted off the island?

Please email if you find any bad links above, or if you have a link to anything Russell Feingold's office releases on this "cybersecurity" issue/proposal. Feingold's views, to me, are well formulated and trustworthy.

_______More_______
Search of the Feingold Senate site yielded no posted release yet from Russ. Google News, here. Plus, here, slashdot, here, here, here, here, with one view being that putting authority in the Commerce Department at least keeps NSA constrained at bay; with the nation more likely having public visibility if authority is given Commerce.