Senator Rockefeller (D-WV) and Senator Snowe (R-ME) have authored a bill which is co-sponsored by Senator Nelson (D-FL), and Senator Bayh (D-IN). The Cyber Security Act of 2009 would give unprecedented access to, and Federal authority over, the internet.
Of course this is all done in the name of protecting America from cyber-crime, global cyber-espionage and cyber-attacks.
I understand the need to protect the country's infrastructure from outside threats. But in typical fashion the response from these legislators goes too far. This bill takes that legitimate concern and turns it into a nightmare for all who use the internet.
The Cyber Security Act of 2009 (PDF format) was introduced to the Senate Committee on Commerce, Science, and Transportation on April 1st. (ironically)
One of the stated intentions of the bill is:
to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.
Sounds reasonable enough.
However, it is the "other purposes" comment that alarms me. The provisions in this bill (in its current form) should alarm everyone. From an article published on Monday:
A recently proposed but little-noticed Senate bill would allow the federal government to shut down the Internet in times of declared emergency, and enables unprecedented federal oversight of private network administration.
It only gets more disconcerting.
From the Electronic Frontier Foundation
Essentially, the Act would federalize critical infrastructure security. Since many of our critical infrastructure systems (banks, telecommunications, energy) are in the hands of the private sector, the bill would create a major shift of power away from users and companies to the federal government. This is a potentially dangerous approach that favors the dramatic over the sober response.
Furthermore, the bill contains a particularly dangerous provision that could cripple privacy and security in one fell swoop:
"The Secretary of Commerce— shall have access to all relevant data concerning (critical infrastructure) networks without regard to any provision of law, regulation, rule, or policy restricting such access..."
In other words, the bill would give the Commerce Department absolute, non-emergency access to "all relevant data" without any privacy safeguards like standards or judicial review. The broad scope of this provision could eviscerate statutory protections for private information, such as the Electronic Communications Privacy Act, the Privacy Protection Act, or financial privacy regulations.
This eerily reminds me of The Patriot Act. As in, forget all the laws currently established, this is about protecting the country!
One thing I found particularly troubling is the assertion by the Washington Post of White House involvement.
The legislation .... was drafted with White House input. Although the White House indicated it supported some key concepts of the bill, there has been no official endorsement.
Granted, this bill has not even left committee review. I expect there will be changes to the legislation during the committee discussions. However it would be wise to be prepared should it make it to the Senate floor.
We all need to keep our eyes on this one going forward.
The finished product will need to be carefully scrutinized.