I received an email about this today, and it sounded completely crazy. "Congress is giving the President control over the Internet," and other such radical-sounding quotes abounded, and I was quite skeptical. But, I decided to poke around some more.
It didn't take long before I found that the the person who mailed me was not being radical or crazy or really even exaggerating. It's true, all of it. Head on over to OpenCongress to check out the proposal in its entirety. For your reading convenience, I am including the OpenCongress summary right here (emphasis mine):
This is comprehensive legislation designed to address our nation's vulnerabilities to cyber crime, global cyber espionage, and cyber attacks. It would establish a new Cybersecurity Advisory Panel within the White House and stream-line the cybersecurity effort through all levels of government. The bill also calls on the Department of Commerce to establish and maintain a clearinghouse on information related to cybsecurity threat and vulnerability information to public and private infrastructure deemed "critical" by the President. The Secretary of Commerce would be given access to this information "without regard to any provision of law, regulation, rule, or policy restricting such access." The bill would also give the President new authority to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."Let's take a peek at this summary for a moment to figure out what it is, exactly, that's got people all up in arms. First of all, this bill gives the Secretary of Commerce access to what essentially boils down to all the traffic, browsing habits, emails, IMs, forum posts, etc. of everybody in the United States. No longer is this just a conspiracy theory perpetuated by folks wearing aluminum hats, this is the real deal. Of particular concern in the quote "without regard to any provision of law, regulation, rule, or policy restricting such access." This means that the government won't need to obtain a subpoena or anything to get a hold of your information - they won't have to follow the processes that are in place to protect our privacy and our rights.
They just get to circumvent the whole damn thing.
From the actual bill:
SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.The blatant disregard for our rights aside, its striking that the bill makes no real effort to define terms such as "critical infrastructure" or "relevant data." Because this isn't strictly defined in the bill, it gives the President the power to determine and change what qualifies.
(a) DESIGNATION- The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal Government and private sector owned critical infrastructure information systems and networks.
(b) FUNCTIONS- The Secretary of Commerce--
(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;
(2) shall manage the sharing of Federal Government and other critical infrastructure threat and vulnerability information between the Federal Government and the persons primarily responsible for the operation and maintenance of the networks concerned; and
(3) shall report regularly to the Congress on threat information held by the Federal Government that is not shared with the persons primarily responsible for the operation and maintenance of the networks concerned.
The bill gives a very loose definition of the term "critical infrastructure: "(A) Federal Government information systems and networks; and (B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks."
That basically means "anything we want to include." To give you an idea of what can qualify, the bill defines "cyber" as: "(1) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and (2) any matter relating to, or involving the use of, computers or computer networks."
This gives the President power to define "critical infrastructure" as pretty much anything he damn well pleases. This might include:
- Your home network (2 computers and a router, for example)
- A business' internal support network (intranet)
- The entire Interne
So, essentially, Section 14 of this bill creates a place (clearinghouse, as it were) where the Secretary of Commerce stores information and can access it at any time. Think of the credit bureaus, but with even more information. This information can and likely will include who you are, what your browsing habits are, your social networking site updates and posts, your emails, IM conversations, usernames, passwords, and anything else that could possibly be used to link you to terrorist activity.
Does that scare anybody else here? I don't know about you, but I honestly can't think of any line in the Constitution that gives our government the right to spy on its citizens. Because that's essentially what this is.
The summary also mentions that this bill gives the President the power to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network." In real-people speak, that means that the President can order all Internet providers across the country to shut down all Internet access to all citizens of the United States if the President feels it is necessary.
Once again, we lack true definitions of things like "cybersecurity emergency" and "critical infrastructure". Yet again, we are left under the President's prerogative and he is free to define critical infrastructure as pretty much anything. As for "cybersecurity emergency," this is as easy to fabricate as a threat from a terrorist group. Ample evidence exists to suggest the Bush administration used the raising of the threat level during election periods to divert media attention from big Democrat news. We should be expecting similar shenanigans if the government is given the power to turn the Internet on and off.
For example, say there's a big Republican (or Independent, or Libertarian, or whatever) webcast taking place tomorrow. Oh, look at that, we just overheard a terrorist cell which was planning on hacking networks X and Y. We're declaring cybersecurity emergency and shutting down the Internet until we catch the terrorists. Sorry, Republicans.
More concerning is the fact that the bill gives the President the authority to not only shut down the entire Internet in this country, but also put limitations on such traffic. In real-person speak, this would allow the President to shut down certain websites by blocking all traffic to those sites.
In case that doesn't concern you, let's go back to our hypothetical Republican webcast. The day of, we happen to overhear terrorist threats, so we're going to block all traffic to that site.
Never mind the worst case scenario I just illustrated, but think for a moment of the ramifications. This essentially allows the g-men to control the flow of information across the Internet, to control what we read, what videos we can watch, what podcasts we can subscribe to...
But wait, we're not through yet! The bill also creates a Cybersecurity Advisory Panel - which will be comprised of President-appointed (yet another government office where the citizens have no say over who will represent them) officials who will determine and advise the President of cybersecurity threats and courses of action. They will oversee the National Institute of Standards and Technology, which will "establish measurable and auditable cybersecurity standards for all Federal Government, government contractor, or grantee critical infrastructure information systems and networks [...]". This Institute will have authority over such things as (again, emphasis mine):
- SOFTWARE CONFIGURATION SPECIFICATION LANGUAGE- The Institute shall, establish standard computer-readable language for completely specifying the configuration of software on computer systems widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks. -this allows the government to see what software you have installed on your computer and across your network, as well as how you're using it.
- STANDARD SOFTWARE CONFIGURATION- The Institute shall establish standard configurations consisting of security settings for operating system software and software utilities widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks. -this allows the government to potentially do things such as dictate what operating systems you can use, require a "back door" or tracking bug be coded into all OS programs so they can monitor your activity, or determine the level of encryption you can use over the Internet.
PURPOSE- The purpose of the Centers is to enhance the cybersecurity of small and medium sized businesses in United States through--So, not only does the Cybersecurity Act of 2009 give the government power over what you can view on the Internet, whether you can access the Internet or not, what security features come in software (including operating systems), the power to look at your specific computer and determine how you are using your programs, but it also gives them the power to dictate what businesses are doing with their computers as well.
(1) the transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology to Centers and, through them, to small- and medium-sized companies throughout the United States [...]
What's more, this bill was introduced very quietly in the Senate. This is likely because the g-men feel they have overused the "It's for your own good" thing. Now they're just going to quietly try to pass a bill that takes away even more of our rights. It's really nothing more than a sneaky power grab by the folks in office. As such, it needs to be quashed, and quashed now. For the sake of our rights as citizens of the United states, this things should never be allowed to pass into law.
In that vein, Campaign for Liberty is hosting a petition against this bill. I urge you to stand up for your rights and add your name to this very important petition.
No comments:
Post a Comment