The Internet — arguably the most empowering and important innovation of the modern era — is in danger of being stifled by the heavy hand of government control. Legislation now pending in the U.S. Senate would give the president, the Department of Commerce and other federal bureaucracies absolute power to define the Internet’s usage and to close it down at will.
While the “Cybersecurity Act of 2009” so far has only a few sponsors, it appears on a fast track for hearings, mark-up and passage.
This cybersecurity bill presents itself as a necessary and carefully considered response to a legitimate problem — the lack of adequate security measures for national security programs and infrastructure sectors. It is, however, a cyber-wolf in sheep’s clothing. As introduced by Democrat Jay Rockefeller and Republican Olympia Snowe, the legislation’s scope and power to reach every corner of the vast Internet system — including individual, private Internet usage — raises extremely troubling privacy and censorship concerns.
When coupled with provisions in the little-known International Cybercrime Treaty ratified by the Senate in 2006 under pressure from the Bush administration, enactment of the Cybersecurity Act of 2009 presents the very real possibility of direct interference by other nations and international organizations in domestic Internet use.
As with most pieces of bad legislation, this one starts with high-sounding “findings” that mask and divert focus from its actual effects. The preliminary section, for example, correctly states that “failure to protect cyberspace” constitutes a serious national security problem, and that a cyber attack on our national power grid, for example, could be devastating.
However, rather than focus solutions to these problems on areas properly within the scope of the federal government the legislation sweeps so broadly as to grant the federal government virtually unfettered and unreviewable power over every aspect of the Internet, from the most complex national security segment to the smallest individual user.
First, the bill defines the operative term, “cyber,” to include: “any process, program, or protocol relating to the use of the Internet or … transmission … via the Internet,” and “any matter relating to, or involving the use of, computers or computer networks.”
The bill incorporates within the unwieldy term “federal government and United States critical infrastructure information systems,” the following : all “state, local, and nongovernmental information systems … designated by the President as critical .
It is easy to understand the concern of many Internet users and network administrators, especially when considered in the context of the actual powers the act proposes to give the federal government.
The president is empowered to declare a “cybersecurity emergency” (not defined in the bill) and “order the limitation or shutdown of Internet traffic to and from” any of the defined networks! Even in the absence of declaring a so-called cybersecurity emergency, the president can order the shutdown of any of the defined networks whenever he decides doing so would be “in the interest of national security.”
The bill grants deeply troubling powers over private-sector use of the Internet that should bother every user and purveyor of Internet services. Such concerns are heightened when considering that the 2006 Cybercrime Treaty requires U.S. law enforcement agencies to grant to foreign governments that have likewise adopted the treaty, access to an Internet service provider’s customer use records.
If signed into law, the 2009 Cybersecurity Act would constitute the second half of a one-two punch effectively neutering the Internet.