September 2, 2009 | By Richard Esguerra

Cybersecurity Act Returns With a Fresh Coat of Paint

In April, we voiced serious concerns about the Cybersecurity Act of 2009, a bill by Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), that sought to give the federal government unprecedented power over the Internet. For months, the bill has been redrafted behind closed doors and has recently been circulated, but by all accounts, the changes are cosmetic and it's sadly more of the same.

Like the original bill, the new version appears to give the President carte blanche to decide which networks and systems, private or public, count as "critical infrastructure information systems or networks." And alongside that authority, there still appears to be murky language that would permit the President to shut down the Internet. Note the troubling provision in the original bill, which said:

The President [...] may order the disconnectionof any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;

The new bill says:

The President [...] in the event of an immediate threat [...] may declare a cybersecurity emergency; and may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threatand the timely restoration of the affected critical infrastructure information system or network;

In other words, they appear to have packaged Presidential authority to shut down the Internet and other private networks behind a ribbon of red tape, and the words "national response."

In addition, a CNET article by Declan McCullagh indicates that many of the early concerns about privacy, authority, and security effectiveness have gone unsolved: there is vague language about mapping federal and private networks; there is an unexplained scheme to certify cybersecurity professionals at the federal level; and the mandated implementation of a "cybersecurity strategy" before the completion of a legal review that could protect against inadvertent privacy violations or inefficiency.

Despite the many questionable provisions, the bill may snake its way through the lawmaking process by virtue of having been produced in large part by Sen. Rockefeller, who is chairman of the committee in charge of reviewing and approving the bill. Stay tuned to EFF Deeplinks for news as the bill progresses -- we'll be watching it carefully.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

If you're in the SF Bay Area, join us tomorrow in Oakland for a privacy and security workshop: https://eff.org/r.50f7

May 22 @ 4:03pm

The Great Firewall is now blocking access to all of Chinese Wikipedia: https://eff.org/r.tgv

May 22 @ 3:49pm

Using the middle-finger emoji in the UAE could land you in jail: https://eff.org/r.m1dy

May 22 @ 3:29pm
JavaScript license information