When Mother Jones and Jules Crittenden agree, isn’t that a sign of the apocalypse? Both take a hard look at the Cybersecurity Act of 2009, S.773 sponsored by Jay Rockefeller (D-WV), Bill Nelson (D-FL), and Olympia Snowe (R-ME). The bill addresses the need to protect vital networks from cyber attack, but it gives a lot of power to the executive branch — perhaps too much power. Mother Jones reports:
The Cybersecurity Act of 2009 (PDF) gives the president the ability to “declare a cybersecurity emergency” and shut down or limit Internet traffic in any “critical” information network “in the interest of national security.” The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.
The bill does not only add to the power of the president. It also grants the Secretary of Commerce “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.” This means he or she can monitor or access any data on private or public networks without regard to privacy laws.
You know, if it was the Bush administration, I’d be more inclined to trust them. They sought extraordinary wartime powers, and used them to prosecute the war on terror. Never abused them, though, despite all the squawking.
Jules wonders when the Leftosphere will erupt in outrage. Mother Jones isn’t a bad start, though.
Here are the sections raising eyebrows:
SEC. 14. PUBLIC–PRIVATE CLEARINGHOUSE.
(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.
(b) FUNCTIONS.—The Secretary of Commerce—
(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access; …
SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President— …
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network; …
The second provision is something less than advertised, I believe. It gives the President the authority to disconnect federal networks from the Internet in the case of cyberattack. That doesn’t seem like an outrageous provision to me; it sounds like a sensible option to protect vital government systems. In fact, I’d be surprised if that power doesn’t already exist within the various federal agencies. This would allow the President to make a blanket order to take networks off line.
That doesn’t make it completely benign, either. That power could get abused to keep people from accessing public information. However, the provision on its own does not equate to “shutting down the Internet”, at least not how I read it.
Section 14 may be a bigger problem. It essentially revokes all privacy safeguards on Internet use for all networks. The Fourth Amendment would go straight out the window with the explicit inclusion of “private sector owned critical infrastructure information systems and networks.” While Section 18 limits jurisdiction to federal networks, Section 14 allows the government to go after private networks without search warrants. The section also doesn’t limit the jurisdiction to acute attacks, either. That jurisdiction exists at all times.
The big problem isn’t that Obama might shut down the Internet. It’s that the bill essentially repeals the Fourth Amendment.
Update: Suitably Flip sees the Terminator on the horizon.
Update II: I used the word “repeals” for rhetorical effect, not as a literal meaning. It takes a Constitutional amendment to repeal any part of the Constitution. CSA’s Section 14 certainly appears to be an explicit violation of the Fourth Amendment.