A bill being crafted in the closed-rooms of our nation’s capital raises serious concerns about interference by the Federal government in the affairs of the states, and in the lives of our citizens. This seems to be just another rush to judgment on a complex issue that impacts millions of people without their input.
The United States has recently been the victim of a rash of cyber attacks, most notably by the Chinese and North Korean governments. There is no question that cybersecurity must be increased, but that does not mean that the Federal Government, which has continuously failed to protect its own infrastructure, should be trusted with the takeover of local government and private-sector networks, least of all without broad input from the affected parties.
Declan McCullagh, of CNET News, released an excerpt of draft legislation by West Virginia Senator Jay Rockefeller which appears to authorize the President to seize temporary control of private sector networks. The bill would allow the President to “declare a cybersecurity emergency” and “direct the national response to a cyber threat.” What specifically is a cyber threat? It is defined loosely as any threat having to do with the Internet, telecommunications, computers, or computer networks.
Rockefeller’s draft bill, S. 773, is a new version of a bill originally introduced in April. The original bill’s language would have given the President the power to seize control of the internet from the private-sector. This new bill includes what appear to be the same powers though masked in vague and unclear language. This should be a serious concern not only for individual citizens, but for state and local governments as well as companies who do business over the internet.
Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco, who was quoted in the CNET piece, said over e-mail that “the bill does intend, in an unclear way, to give the President more power over the Internet for cybersecurity purposes, including state and local government communications systems.” Section 23 of the bill defines “Federal Government and United States critical infrastructure information systems and networks,” this definition includes:
B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.
The problem according to Tien – and this should give pause to Members of Congress, as well as local government officials – is that “without clarification, we are very wary of what the bill’s authority might be used to do.”
Many state and local agencies use the internet to interface with constituents and taxpayers. At the Board of Equalization we use the Internet for e-filing services and to inform and educate taxpayers and tax professionals about their rights and responsibilities under state tax law. Businesses increasingly use the Internet to attract customers and drive sales; and that’s not including the vast array of web-based businesses that could be affected by a Federal government power-grab.
Let’s not forget the bloggers and tweeters and general-purpose web-surfers; the new-media types that could conceivably be blocked from the Net. The need for enhanced cybersecurity is unquestionable, but so is the need for a serious discussion of the implications that this type of legislation may have.
There is no reason to presume malicious intent in the crafting of this legislation. But the vague language in the bill, and the lack of public input in the process is worrisome. If states and businesses can be brought in – to help craft a clear, workable, solution to the nation’s cybersecurity gap, we can assure that everyone’s best interest is protected.