Home » Digital Insight, Internet

Cybersecurity Act of 2009: Who Controls the Internet?

By Jon Henke 8 October 2009 3 Comments

Cybersecurity

Recently, there was some debate over whether the Cybersecurity Act of 2009 (S. 773) would, as Mike Masnick feared and Declan McCullagh wrote, “permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency”.  Wired’s Nicholas Thompson responded, arguing that the text of the bill did not justify those allegations.

Notice all the hedging. He “may”, “may”, “if he finds it necessary”, “in coordination.” And then they payoff? He can “direct the national response”!

That’s not giving him any powers that he doesn’t already have, and there’s no justification in that language for the hysteria. It is also much more in sync with what Obama himself has said. He has been very clear that he doesn’t want to snoop on private networks, much less take them over.

However, a Congressional staffer (who works on this issue and wishes to remain anonymous) has told me that the hedge language cited by Wired does not necessarily support Thompson’s conclusions.

Just because it no longer explicitly says the President “may…order the limitation or shutdown of Internet traffic” doesn’t necessarily mean it doesn’t still give him that authority.

What is a “cybersecurity emergency”, and what does such a declaration mean?

What does “direct[ing] the national response to the cyber threat” mean?

“Critical information systems and networks” is defined as “information systems and networks…designated by the President as critical information systems and networks”.  Thus, the President can exercise his vague “cybersecurity emergency” authority on any system or network he deems “critical”.

“[I]n coordination with relevant industry sectors” is a throwaway provision.  If the President declares an emergency and the White House simply calls up AT&T or Level 3 or Cox Cable to inform them that the government is shutting down their networks, that would probably satisfy the “coordination” clause.

There’s no review or redress process given for the exercising of this emergency authority.

Vaguer language doesn’t necessarily mean less power or authority.  Just cause it sounds more innocuous doesn’t mean that it is.

3 Comments »

  • George said:

    I’m hearing that we won’t see a cyber bill before the end of this year. It’ll probably happen by the end of the 111th Congress, but there are is still a lot of work to do. I’m also hearing that it won’t be the Rockefeller/Snowe bill…it’ll be the Lieberman/Collins bill. We’re working with all staffs on this initiative.

    # 8 October 2009 at 1:52 PM
  • Jon Henke (author) said:

    Interesting. Good insight.

    # 8 October 2009 at 4:25 PM
  • S.773 Cybersecurity Act of 2009 said:

    [...] Jon Henke over at digitalsociety.com posted an interesting article that caught my eye. Of particular interest is the quote from the “Congressional staffer (who works on this issue and wishes to remain anonymous).” Thought I’d share it here. Recently, there was some debate over whether the Cybersecurity Act of 2009 (S. 773) would, as Mike Masnick feared and Declan McCullagh wrote, “permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency”. Wired’s Nicholas Thompson responded, arguing that the text of the bill did not justify those allegations. [...]

    # 8 October 2009 at 11:54 PM

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.