Bill to control the internet- Thanks Marge.

____________________________________

Subj: oh boy......



CNET NEWS
August 28, 2009 12:34 AM PDT


Bill would give president emergency control of Internet






Internet companies and civil liberties groups were _alarmed_
(http://news.cnet.com/8301-13578_3-10200710-38.html) this spring when a U.S. Senate
bill _proposed_ (http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00773:)
handing the White House the power to disconnect private-sector computers from
the Internet. They're not much happier about a revised version that aides to
Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting
behind closed doors. CNET News has obtained a copy of the 55-page draft of
S.773 (_excerpt_
(http://www.politechbot.com/docs/rockefeller.revised.cybersecurity.draft.082709.pdf) ), which still appears to permit the president to
seize temporary control of private-sector networks during a so-called
cybersecurity emergency

The new version would allow the president to "declare a cybersecurity
emergency" relating to "non-governmental" computer networks and do what's
necessary to respond to the threat. Other sections of the proposal include a
federal certification program for "cybersecurity professionals," and a
requirement that certain computer systems and networks in the private sector be
managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its
vagueness," said Larry Clinton, president of the _Internet Security Alliance_
(http://www.isalliance.org/) , which counts representatives of Verizon,
Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what
authority Sen. Rockefeller thinks is necessary over the private sector.
Unless this is clarified, we cannot properly analyze, let alone support the
bill."

Representatives of other large Internet and telecommunications companies
expressed concerns about the bill in a teleconference with Rockefeller's
aides this week, but were not immediately available for interviews on
Thursday.

A spokesman for Rockefeller also declined to comment on the record
Thursday, saying that many people were unavailable because of the summer recess. A
Senate source familiar with the bill compared the president's power to
take control of portions of the Internet to what President Bush did when
grounding all aircraft on Sept. 11, 2001. The source said that one primary
concern was the electrical grid, and what would happen if it were attacked from
a broadband connection.

When Rockefeller, the chairman of the Senate Commerce committee, and
Olympia Snowe (R-Maine) introduced the original bill in April, they _claimed_
(http://commerce.senate.gov/public/index.cfm?FuseAction=PressReleases.Detail&Pr
essRelease_id=bb7223ef-1d78-4de4-b1d5-4cf54fc38662) it was vital to
protect national cybersecurity. "We must protect our critical infrastructure at
all costs--from our water to our electricity, to banking, traffic lights
and electronic health records," Rockefeller said.

The Rockefeller proposal plays out against a broader concern in
Washington, D.C., about the government's role in cybersecurity. In May, President
Obama _acknowledged_ (http://news.cnet.com/8301-13578_3-10252154-38.html)
that the government is "not as prepared" as it should be to respond to
disruptions and announced that a new cybersecurity coordinator position would be
created inside the White House staff. Three months later, that post remains
empty, one top cybersecurity aide _has quit_
(http://blogs.usatoday.com/ondeadline/2009/08/white-house-cyber-czar-quits.html) , and some wags have
begun to wonder why a government that _receives failing marks_
(http://news.cnet.com/DHS-scores-F-on-cybersecurity-report-card/2100-1009_3-6050520.html)
on cybersecurity should be trusted to instruct the private sector what to
do.

Rockefeller's revised legislation seeks to reshuffle the way the federal
government addresses the topic. It requires a "cybersecurity workforce plan"
from every federal agency, a "dashboard" pilot project, measurements of
hiring effectiveness, and the implementation of a "comprehensive national
cybersecurity strategy" in six months--even though its mandatory legal review
will take a year to complete.

The privacy implications of sweeping changes implemented before the legal
review is finished worry _Lee Tien_ (http://www.eff.org/about/staff) , a
senior staff attorney with the _Electronic Frontier Foundation_
(http://www.eff.org/) in San Francisco. "As soon as you're saying that the federal
government is going to be exercising this kind of power over private networks,
it's going to be a really big issue," he says.

Probably the most controversial language begins in Section 201, which
permits the president to "direct the national response to the cyber threat" if
necessary for "the national defense and security." The White House is
supposed to engage in "periodic mapping" of private networks deemed to be
critical, and those companies "shall share" requested information with the
federal government. ("Cyber" is defined as anything having to do with the
Internet, telecommunications, computers, or computer networks.)

"The language has changed but it doesn't contain any real additional
limits," EFF's Tien says. "It simply switches the more direct and obvious
language they had originally to the more ambiguous (version)...The designation of
what is a critical infrastructure system or network as far as I can tell
has no specific process. There's no provision for any administrative process
or review. That's where the problems seem to start. And then you have the
amorphous powers that go along with it."

Translation: If your company is deemed "critical," a new set of
regulations kick in involving who you can hire, what information you must disclose,
and when the government would exercise control over your computers or
network.

The Internet Security Alliance's Clinton adds that his group is
"supportive of increased federal involvement to enhance cyber security, but we
believe that the wrong approach, as embodied in this bill as introduced, will be
counterproductive both from an national economic and national secuity
perspective."

_http://www.govtrack.us/congress/billtext.xpd?bill=s111-773_
(http://www.govtrack.us/congress/billtext.xpd?bill=s111-773)