"Senators propose granting president emergency Internet power
by Declan McCullagh"A new U.S. Senate bill would grant the president far-reaching emergency powers to seize control of or even shut down portions of the Internet.
The legislation announced Thursday says that companies such as broadband providers, search engines, or software firms that the government selects "shall immediately comply with any emergency measure or action developed" by the Department of Homeland Security. Anyone failing to comply would be fined.
That emergency authority would allow the federal government to "preserve those networks and assets and our country and protect our people," Joe Lieberman, the primary sponsor of the measure and the chairman of the Homeland Security committee, told reporters on Thursday. Lieberman is an independent senator from Connecticut who caucuses with the Democrats.
Because there are few limits on the president's emergency power, which can be renewed indefinitely, the densely worded 197-page bill (PDF) is likely to encounter stiff opposition.
TechAmerica, probably the largest U.S. technology lobby group, said it was concerned about "unintended consequences that would result from the legislation's regulatory approach" and "the potential for absolute power." And the Center for Democracy and Technology publicly worried that the Lieberman bill's emergency powers "include authority to shut down or limit Internet traffic on private systems."
The idea of an Internet "kill switch" that the president could flip is not new. A draft Senate proposal that CNET obtained in August allowed the White House to "declare a cybersecurity emergency," and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to "order the disconnection" of certain networks or Web sites.
On Thursday, both senators lauded Lieberman's bill, which is formally titled the Protecting Cyberspace as a National Asset Act, or PCNAA. Rockefeller said "I commend" the drafters of the PCNAA. Collins went further, signing up at a co-sponsor and saying at a press conference that "we cannot afford to wait for a cyber 9/11 before our government realizes the importance of protecting our cyber resources."
Under PCNAA, the federal government's power to force private companies to comply with emergency decrees would become unusually broad. Any company on a list created by Homeland Security that also "relies on" the Internet, the telephone system, or any other component of the U.S. "information infrastructure" would be subject to command by a new National Center for Cybersecurity and Communications (NCCC) that would be created inside Homeland Security.
The only obvious limitation on the NCCC's emergency power is one paragraph in the Lieberman bill that appears to have grown out of the Bush-era flap over warrantless wiretapping. That limitation says that the NCCC cannot order broadband providers or other companies to "conduct surveillance" of Americans unless it's otherwise legally authorized.
Lieberman said Thursday that enactment of his bill needed to be a top congressional priority. "For all of its 'user-friendly' allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets," he said. "Our economic security, national security and public safety are now all at risk from new kinds of enemies--cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals."
A new cybersecurity bureaucracy
Lieberman's proposal would form a powerful and extensive new Homeland Security bureaucracy around the NCCC, including "no less" than two deputy directors, and liaison officers to the Defense Department, Justice Department, Commerce Department, and the Director of National Intelligence. (How much the NCCC director's duties would overlap with those of the existing assistant secretary for infrastructure protection is not clear.)
The NCCC also would be granted the power to monitor the "security status" of private sector Web sites, broadband providers, and other Internet components. Lieberman's legislation requires the NCCC to provide "situational awareness of the security status" of the portions of the Internet that are inside the United States -- and also those portions in other countries that, if disrupted, could cause significant harm.
Selected private companies would be required to participate in "information sharing" with the Feds. They must "certify in writing to the director" of the NCCC whether they have "developed and implemented" federally approved security measures, which could be anything from encryption to physical security mechanisms, or programming techniques that have been "approved by the director." The NCCC director can "issue an order" in cases of noncompliance.
The prospect of a vast new cybersecurity bureaucracy with power to command the private sector worries some privacy advocates. "This is a plan for an auto-immune reaction," says Jim Harper, director of information studies at the libertarian Cato Institute. "When something goes wrong, the government will attack our infrastructure and make society weaker."
To sweeten the deal for industry groups, Lieberman has included a tantalizing offer absent from earlier drafts: immunity from civil lawsuits. If a software company's programming error costs customers billions, or a broadband provider intentionally cuts off its customers in response to a federal command, neither would be liable.
If there's an "incident related to a cyber vulnerability" after the president has declared an emergency and the affected company has followed federal standards, plaintiffs' lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear, but the U.S. Treasury will even pick up the private company's tab.
Another sweetener: A new White House office would be charged with forcing federal agencies to take cybersecurity more seriously, with the power to jeopardize their budgets if they fail to comply. The likely effect would be to increase government agencies' demand for security products.
Tom Gann, McAfee's vice president for government relations, stopped short of criticizing the Lieberman bill, calling it a "very important piece of legislation."
McAfee is paying attention to "a number of provisions of the bill that could use work," Gann said, and "we've certainly put some focus on the emergency provisions."
Last updated at 9:14 p.m. PT.
http://news.cnet.com/8301-13578_3-20007418-38.html
April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 January 2013 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 March 2011 January 2011 December 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 March 2005 November 2004 October 2004