A controversial bill handing President Obama power over privately owned computer systems during a “national cyberemergency,” and prohibiting any review by the court system, will return this year.
Internet companies should not be alarmed by the legislation, first introduced last summer by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), a Senate aide said last week. Lieberman, an independent who caucuses with Democrats, is chairman of the Senate Homeland Security and Governmental Affairs Committee.
“We’re not trying to mandate any requirements for the entire Internet, the entire Internet backbone,” said Brandon Milhorn, Republican staff director and counsel for the committee.
Instead, Milhorn said at a conference in Washington, D.C., the point of the proposal is to assert governmental control only over those “crucial components that form our nation’s critical infrastructure.”
The revised version includes new language saying that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review.” Another addition expanded the definition of critical infrastructure to include “provider of information technology,” and a third authorized the submission of “classified” reports on security vulnerabilities.
“Declaration of a national cyber emergency”
The revised Lieberman-Collins bill, dubbed the Protecting Cyberspace as a National Asset Act, works this way: Homeland Security will “establish and maintain a list of systems or assets that constitute covered critical infrastructure” and that will be subject to emergency decrees. (The term “kill switch” does not appear in the legislation.)
Under the revised legislation, the definition of critical infrastructure has been tightened. DHS is only supposed to place a computer system (including a server, Web site, router, and so on) on the list if it meets three requirements. First, the disruption of the system could cause “severe economic consequences” or worse. Second, that the system “is a component of the national information infrastructure.” Third, that the “national information infrastructure is essential to the reliable operation of the system.”
At last week’s event, Milhorn, the Senate aide, used the example of computers at a nuclear power plant or the Hoover Dam but acknowledged that “the legislation does not foreclose additional requirements, or additional additions to the list.”
A company that objects to being subject to the emergency regulations is permitted to appeal to DHS secretary Janet Napolitano. But her decision is final and courts are explicitly prohibited from reviewing it.
President Obama would then have the power to “issue a declaration of a national cyberemergency.” What that entails is a little unclear, including whether DHS could pry user information out of Internet companies that it would not normally be entitled to obtain without a court order. One section says they can disclose certain types of noncommunications data if “specifically authorized by law,” but a presidential decree may suffice.
“No amount of tightening of what constitutes ‘critical infrastructure’ will prevent abuse without meaningful judicial review,” says Berin Szoka, an analyst at the free-market TechFreedom think tank and editor of The Next Digital Decade book. “Blocking judicial review of this key question essentially says that the rule of law goes out the window if and when a major crisis occurs.”
Do you believe what has happened in Egypt with the internet being shut down, could happen in the United States?