April 15, 2009:

From S. 773, introduced on April Fool's Day and currently in the Committee on Commerce, Science, and Transportation:

Section 2: (13) President Obama said in a speech at Purdue University on July 16, 2008, that `every American depends--directly or indirectly--on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being. But it's no secret that terrorists could use our computer networks to deal us a crippling blow. We know that cyber-espionage and common crime is already on the rise. And yet while countries like China have been quick to recognize this change, for the last eight years we have been dragging our feet.' Moreover, President Obama stated that `we need to build the capacity to identify, isolate, and respond to any cyber-attack.'.

Within 1 year after the date of enactment of this Act, the President, or the President's designee, shall review, and report to Congress, on the feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks.

The President--
(1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include--
(A) a long-term vision of the Nation's cybersecurity future; and
(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;
(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;

Section 23: (3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS- The term `Federal Government and United States critical infrastructure information systems and networks' includes--
(A) Federal Government information systems and networks; and
(B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.

It was sponsored by John D. Rockefeller IV of West Virginia and cosponsored by Evan Bayh (Indiana), Bill Nelson (Florida) and Olympia J. Snowe (Maine).

The ringing endorsement of China's network security infrastructure (which, while reasonably effective at stopping political speech, does not seem to me to have much effect upon organized crime - US criminal enterprises operate with impunity on Chinese servers) in the Findings section of the bill hardly fills me with confidence in Obama's good intentions. Fundamentally, though, the problem is that 23(3)(B) permits the President, with no oversight, to designate a system 'critical infrastructure' and then invoke 18(2) to order it immediately censored to his or her specifications.

Additionally, section 17 calls for a feasibility study on the integration of identity tracking into communications infrastructure.

(a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.
(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Section 7 will, at a minimum, give the government the ability to vet prospective employees for certain positions at major backbone ISPs. Given that the government decided to drop contract awards to Qwest when they refused to cooperate with Bush's illegal surveillance program, it would not be all that surprising if material and political support of the regime became a precondition for a 'cybersecurity service provider'.


{ Add Comment }