Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.
"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."
Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.
A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.
When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.
The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.
Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.
The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.
Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)
"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."
Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."
Update at 3:14 p.m. PDT: I just talked to Jena Longo, deputy communications director for the Senate Commerce committee, on the phone. She sent me e-mail with this statement:
The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Snowe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks. To be very clear, the Rockefeller-Snowe bill will not empower a "government shutdown or takeover of the Internet" and any suggestion otherwise is misleading and false. The purpose of this language is to clarify how the president directs the public-private response to a crisis, secure our economy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government's response.
Unfortunately, I'm still waiting for an on-the-record answer to these four questions that I asked her colleague on Wednesday. I'll let you know if and when I get a response.
WASHINGTON--Energy Secretary Steven Chu announced on Thursday a number of ways he will streamline the process by which the Energy Department distributes funding, with the goal of dispersing 70 percent of its funds from the American Recovery and Reinvestment Act by the end of 2010.
"We have undergone a detailed scrubbing of the process," he said. "What we've found is that the old process required too much paperwork and simply took too long. These are sweeping reforms in the way the Department of Energy does business."
The energy investments in the stimulus package intimately tie the reshaping of the energy sector to the country's economic recovery.
Chu called the significant investment "very farsighted."
To get the money out more quickly, Chu announced Thursday he is naming Matt Rogers as a senior adviser to implement the new department reforms. Rogers formerly served as a senior partner at McKinsey and worked with the energy industry for more than 20 years. He also served on the Obama transition team.
The changes Rogers will implement include rolling out appraisals of applications for loan guarantees, rather than waiting for the application deadline to evaluate them. Loan application forms will be simplified and the department will speed up loan underwriting by using outside partners.
With these changes in place, the department should be able to begin offering loan guarantees under its previous loan guarantee program by late April or early May, Chu said, though some recipients may have to secure their own share of the financing or meet other conditions before their applications are approved. With the same financing conditions, the department should be offering loan guarantees under the stimulus legislation by early summer, Chu said.
"The goal is to begin making these investments in months, not years," Chu said.
Steven Chu, now secretary of the Department of Energy, at his former lab at Stanford University.
(Credit: Stanford University)Among other things, the department also intends to establish a Web site to provide more assistance to applicants and add transparency to the process.
The department will also be working with outside industries to find good projects to finance.
"It'll be interesting to see what the market brings forward," Rogers said Thursday.
When President Obama signed the American Recovery and Reinvestment Act on Tuesday, he said the bill should allow the country to double its use of renewable energy within three years.
Chu said he could not parse out specifically how much of that energy will come from which sources, but he said there are a few mature renewable sources that could help the country reach that goal, such as wind and photovoltaic energy.
"There are numerous wind projects that can go forward," he said. "The Bonneville Power Administration has (transmission) lines sited and those lines will connect to wind farms. This is something that can be done within this two-year period."
Chu said as the government tries to accelerate the use of renewable energies, it will also be exploring different methods of carbon capture and sequestration.
"Right now, to the best of my knowledge, it is not a slam dunk which technology is the right one," he said.
He also said he meets with White House climate czar Carol Browner and Environmental Protection Agency Administrator Lisa Jackson about once a week to make sure the Energy Department's interests do not conflict with the White House's climate change goals.
As the department works to develop the renewable energy sector, Chu said it is imperative it also fund basic science research.
"If you look at some of the wealth creation in the United States--the Internet, biotech--a lot of that was driven by companies that deeply believed in research like Bell Laboratory, IBM Labs," he said. "In the energy sector, you don't have that. What I see is the Department of Energy filling that vacuum."
- prev
- 1
- next
