Short version: the Senate wants the 'prez
to be able to turn off the internet. Except he kind of already can, and really no one thinks he would, but this updates the rules that say he can to deal with the 'tubes instead of telegraphs.
tl;dr version:
With the sort of awkward timing you'd expect from a screenplay, Democratic senators on the 26 released
this super vague statement about how the government needs to "protect" the internet. Not a day later, Mubarak killed the tubes in Egypt. Now, the Cybersecurity act referenced by that Senate press release is the "Cyber Security and American Cyber Competiveness Act", aka .
s21 of the 112th Congress. (As of yet it's five pages long and incredibly vauge.)
There are still some upset feelings over
last year's effort: the ‘‘Protecting Cyberspace as a National Asset Act of 2010’’ (S.3480), which expired in Congress last year. It is not short. That is a 197 page pdf, but it goes something like "The internet is serious business, people could attack it and cost us money and security, thus if we think its going to be attacked the President should be able to shut down information providers and stuff, but only the important ones, but we decide who is important and those decisions are "not subject to judicial review". " (aka we don't have to explain and you can't appeal)
The Committe of Homeland Security released this fun little
fact sheet last summer after people, y'know, read S.3480 and went "Omg noes." The particularly salient bit:
Quote:
MYTH #1:
S. 3480 authorizes a “kill switch” that would allow the President to shut down the Internet.
REALITY:
Rather than granting a “kill switch,” S. 3480 would make it far less likely for a President to use the broad authority he already has in current law to take over communications networks. Section 706 of the Communications Act of 1934* provides nearly unchecked authority to the President to “cause the closing of any facility or station for wire communication” and “authorize the use of control of any such facility or station” by the Federal government. Exercise of the authority requires no advance notification to Congress and can be authorized if the President proclaims that “a state or threat of war” exists. The authority can be exercised for up to six months after the “state or threat of war” has expired.
|
* I'm kind of curious where section 706 comes from and who thought that would be a fabulous idea, also why they're not revising that instead.
Also, this is completely ignoring the fact that previously he'd have to proclaim a state of war, and with the new material he just has to declare a cyber emergency while it's up to him to decide what that is.
But yeah. As much as I do think the Federal government should be involved in cyber security, I really dislike the idea of them being allowed to shut down private systems or service providers without something like a court order or judicial review, emergency or not. Even if the review to place a system on the "You cans kill" list was put together well in advance of any perceived emergency, at least companies would have a chance to influence the decision and, hopefully, avoid abuse. Abuse is inevitable this way, and last year's bill gives lawmakers all kinds of leeway to put their opinions above those of security professionals in an arena they (for the most part) have no hope of comprehending.
In summary, shutting down private machinery for it's own protection doesn't seem like a thing the Feds should be allowed to do.
What do you guys think?
Jam it back in, in the dark.