Although it has a number, S.413, the bill does not yet have a text on the Thomas site. (Why not?)
The version of the bill from last July, S. 3480, the Protecting Cyberspace as a National Asset Act, had the support of Microsoft (among many others). But even that version of the bill contained what I can only call provisions that are dubious from a civil liberties perspective. Consider this:
Preserving Free Speech in Cybersecurity Emergencies: If the government knows an attack that could have catastrophic consequences, this legislation would give the President the authority to implement emergency measures protecting a select group of the most important networks and assets needed to maintain our way of life. Emergency measures under the bill would automatically expire within 30 days. The President could renew the 30-day emergency measures up to three additional times for a maximum of only 120 days and after that Congress would have to approve any extension.
If there is one thing we have learned from the Obama and Bush administrations, it is that measures designed to expire... don't. (Look at the "temporary" Bush tax cuts, for example, or the "sunset" provisions of the PATRIOT Act.) So when the bill eventually emerges from its cloak on the Thomas site, be sure you read it with the understanding that, whatever authority it grants the President, the President has, effectively, in perpetuity.
Here's what they have to say about privacy provisions in the bill (again, remember, this is the July version under discussion):
Who appoints these boards and commissions? Have you been satisfied to date with the responsibility of Obama's appointees toward civil liberties matters? (If you're reading this site, I know I need not even ask how you feel about Bush's appointees.)Some additional privacy and civil liberty provisions of the bill include:
• Numerous requirements for consultation with the Privacy and Civil Liberties Oversight Board and the Information Security and Privacy Advisory Board within the White House, DHS, and other federal agencies.
• The creation of a full-time privacy officer within NCCC to consult on cyber security matters within DHS.
• An Office of Management and Budget review of existing policies relating to current privacy requirements for the federal government.
• A required report on US-CERT’s activities relating to privacy in an unclassified form to allow it to be shared widely.
• An opportunity for the public to comment and suggest improvements to the policy and operations of the NCCC.
I am not wholly averse to a National Center for Cybersecurity and Communications (NCCC). But the notion that a U.S. president should ever be allowed plenary or even limited power to shut off portions of the internet in response to an emergency should terrify anyone who uses the internet for any purpose. That way lies totalitarian rule.
I'll have more when the text of the new version of the bill appears on Thomas. Meanwhile, the facts that LIEberman is its cosponsor and Microsoft supports it predispose me to oppose this legislation.
(H/T Attaturk of FDL.)
I have to agree with you!
ReplyDeleteWhen people who don't understand the technology involved come up with "solutions" to "problems", I'm against it.
ReplyDeleteFirst, prove that there is a problem.
Second, prove that the solution will actually fix the problem that was found.
What is the nature of this "attack"? Most of the attacks against web sites are to shut down the site, corrupt the site, or to steal from the site.
Shutting down the 'Net is ensuring the success of the most common attack DDOS, and the second and third types are defended against by standard security measures already identified by NSA.
Where is the need?
"Where is the need?"
ReplyDeleteBryan, that is indeed one question. The other one is "what is the motivation of the people who advocate this legislation?"
I can't help thinking this will end up like the Digital Millennium Copyright Act, allowing someone... in this case, probably a presidential administration... to blackmail users into avoiding ordinary actions which are perfectly within their legal rights.
When's the last time you made one copy of a movie DVD for backup purposes? I've never done so. Why? because even though the law technically allows it, it would be difficult to prove that I was not doing something very similar that would bring down the wrath of MPAA on my head.
If we allow Executive branch officials to shut off the entire internet, soon enough they will be shutting off selected parts of the internet, e.g., their political opponents' sites, email services, Twitter accounts, etc. What's to stop them? In this day and age, if the matter took a week to resolve in court, the opponent's campaign may well be dead.