September 2, 2009 | By Richard Esguerra

Cybersecurity Act Returns With a Fresh Coat of Paint

In April, we voiced serious concerns about the Cybersecurity Act of 2009, a bill by Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), that sought to give the federal government unprecedented power over the Internet. For months, the bill has been redrafted behind closed doors and has recently been circulated, but by all accounts, the changes are cosmetic and it's sadly more of the same.

Like the original bill, the new version appears to give the President carte blanche to decide which networks and systems, private or public, count as "critical infrastructure information systems or networks." And alongside that authority, there still appears to be murky language that would permit the President to shut down the Internet. Note the troubling provision in the original bill, which said:

The President [...] may order the disconnectionof any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;

The new bill says:

The President [...] in the event of an immediate threat [...] may declare a cybersecurity emergency; and may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threatand the timely restoration of the affected critical infrastructure information system or network;

In other words, they appear to have packaged Presidential authority to shut down the Internet and other private networks behind a ribbon of red tape, and the words "national response."

In addition, a CNET article by Declan McCullagh indicates that many of the early concerns about privacy, authority, and security effectiveness have gone unsolved: there is vague language about mapping federal and private networks; there is an unexplained scheme to certify cybersecurity professionals at the federal level; and the mandated implementation of a "cybersecurity strategy" before the completion of a legal review that could protect against inadvertent privacy violations or inefficiency.

Despite the many questionable provisions, the bill may snake its way through the lawmaking process by virtue of having been produced in large part by Sen. Rockefeller, who is chairman of the committee in charge of reviewing and approving the bill. Stay tuned to EFF Deeplinks for news as the bill progresses -- we'll be watching it carefully.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Tech companies should not validate secret trade agreements like TISA as a way to decide new rules for the Internet: https://eff.org/r.hxui

Aug 27 @ 5:58pm

Malaysian PM cracks down on peaceful anti-corruption protest by censoring organizer's website and news reports: https://eff.org/r.y6pv

Aug 27 @ 5:20pm

¿Estoy siendo rastreado?, una plataforma sobre seguimiento en redes celulares: https://eff.org/r.w9wk

Aug 27 @ 4:44pm
JavaScript license information