Saturday, 29 August 2009


S.773 cybergrab bill resurfaces; changes only cosmetic

And it’s nice to know others are finally noticing.

First, the latest from Declan McCullagh:

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They’re not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt [Note: contains Title 2 only - o.g.]), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
Probably the most controversial language begins in Section 201, which permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.”  The White House is supposed to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government.  (“Cyber” is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)

“The language has changed but it doesn’t contain any real additional limits,” EFF's Tien says.  “It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...  The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There’s no provision for any administrative process or review.  That’s where the problems seem to start. And then you have the amorphous powers that go along with it.”

Translation:  If your company is deemed “critical,” a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
And a reminder: The Democrats’ favorite RINO, Olympia Snowe, has signed on as co-sponsor.

I’ve been following this one since April.  My first post was largely snark about the cluelessness of the bill’s sponsors, but it also spotlighted the measure’s less-noted licensing provisions.  Work on a network the government (not your employer) says is “critical”?  Get federal certification, or get unemployed!

My next two posts looked at a pair of suspiciously-timed front-page articles in The Wall Street Journal.  A little consent-manufacturing?:

April 8: Unnamed “officials” exploit the confusion between “a network” and “the internet” and “sabotage-by-hacking-in” with “an inside job” to paint doom-and-gloom scenarios while calling for more government control of private networks.  Meanwhile, the government’s own data reports that the number of “intrusions” on commercial systems is minuscule- and falling- when compared to the government’s.

April 22:  A good old spy story: Somebody nefarious pilfered some information- it’s unclear as to whether it was even classified- from both Defense Department and contractor-operated networks involving the Joint Strike Fighter project.  Used as a hook upon which to hang dire predictions of foreign penetration of infrastructure-related systems like air traffic control and electric utility power management.  Are the cybergrab advocates using government-network breaches as a pretext for mandating standards for private networks?  You be the judge.


Bill text at THOMAS (at this writing, may not incorporate latest revisions)

Credit where due:
I first heard about this from Joanna, who got the word from this article by Steve Aquino in the April 2 Mother Jones.

Posted by: Old Grouch in Rants at 19:46:15 GMT | No Comments | Add Comment
Post contains 585 words, total size 8 kb.

Comments are disabled. Post is locked.
72kb generated in CPU 0.05, elapsed 0.1769 seconds.
51 queries taking 0.1474 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.