Extraordinary Government Powers over the Internet
As has been reported in and around the blogosphere, Senate Bill S773 , the Cybersecurity Act of 2009 currently before the United States Congress, asserts extraordinary government powers over the Internet and sets the stage for all sorts of meddling in the name of national security.
This bill is a document worth the read if you can wade through the legalese. It's not that difficult to comprehend, especially if you've ever seen a really bad project plan written up in a beautifully formal specification document. The bill is ostensibly
To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.
What the bill actually does is :
- "The President shall establish or designate a Cybersecurity Advisory Panel" which will assess its own work as to "whether societal and civil liberty concerns are adequately addressed"
- mandates a "real-time cybersecurity dashboard"
- directs the Sec'y. Commerce to "provide assistance for the creation and support of Regional Cybersecurity Centers for the promotion and implementation of cybersecurity standards"
- Directs NIST to "develop a process or procedure to verify that (i) software development organizations comply with the protocol established under subparagraph (A) during the software development process; and(ii) testing results showing evidence of adequate testing and defect reduction are provided to the Federal Government prior to deployment of software" not only on government networks, but also for "private sector owned critical infrastructure information systems and networks."
- provides that the president "may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network" (meaning any part of the Internet).
(A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and
(B) any matter relating to, or involving the use of, computers or computer networks.
In otherwords, anything anyone could ever do with a computer on or off the Internet is to become subject to direct supervision from a directorate Washington at any time under a blanket assertion of national security.
Doesn't sound really much different than the way it already works in China, does it?
Note: updated May 30 due to a typo ... the link to the bill is correct, but I dyslexically wrote "SB733" instead of "SB773". - JW