Groups Warn New Cybersecurity Bill Oversteps

White House and the Internet

Could President Obama get the power to shut down the Internet?

That’s the concern of some digital rights groups, who fear that last week’s sweeping cybersecurity bill could give the government overly broad power to regulate the Internet in times of crisis — or even pull the plug on it entirely.

One group, the Center for Democracy and Technology (CDT), quickly lashed out at the Senate bill for aiming to give the “federal government extraordinary power over private sector Internet services, applications and software.”

The bill, introduced by Commerce Committee Chairman John Rockefeller, D-W.V., and Olympia Snowe, R-Maine, aims to strengthen coordination between the public and private sectors in response to Internet threats, but the CDT fears that it goes too far.

One of the most troubling parts of the bill to the group is a clause that would give the president authority to “declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised federal government or United States critical infrastructure information system or network.”

To the CDT, that raises the possibility of the government leaning on commercial ISPs to shut down Internet service, declaring a sort of digital martial law.

The group also expressed concern that the bill would empower agencies within the Commerce Department to run roughshod over consumer privacy in the name of tracking down cyberattacks.

“The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy,” CDT President and CEO Leslie Harris said in a post on the group’s Web site.

A spokeswoman the Electronic Frontier Foundation, another digital-rights group famous for tangling with the government over Internet and privacy issues, told that the group is concerned with the implications of the bill, but that its attorneys are still reviewing the language.

A staffer at the Commerce Committee told that the bill was introduced only as a draft, and that the final language is likely to change.

“This legislation is the very beginning of the process — the objective of this cybersecurity bill is to start the debate,” said Rockefeller spokeswoman Jena Longo. “Chairman Rockefeller encourages comments from all parties, he is sitting down with stakeholders already and he welcomes input from those who have concerns about this legislation and those who are supportive.”

Congress is in recess this week and next. On return, Rockefeller is likely to hold a hearing on the bill in short order. Last month, he chaired a hearing on cybersecurity that he promised would be the “first of several,” saying that he was deeply troubled by the country’s level of vulnerability.

By that time, the comprehensive review of the government’s various cybersecurity programs President Obama commissioned is due to be completed. Obama tasked Melissa Hathaway, a senior intelligence official in the Bush administration, to meet with stakeholders in the public and private sectors and compile a report with recommendations for how to shore up federal cybersecurity efforts.

The extent to which Hathaway’s findings informed the Rockefeller-Snowe bill is unclear, but a source familiar with the matter said the senator had been in contact with the White House on the matter.

But the CDT, which met with Hathaway’s team last month, has been critical of that process, as well, claiming that the government’s efforts have been “shrouded in too much secrecy.”

The CDT has warned that heavy-handed government involvement in the private sector could inadvertently stifle on innovation, with the ultimate effect of making the country less secure.

The Rockefeller-Snowe bill, for instance, calls on the Commerce Department to set binding standards for cybersecurity systems that would be enforceable throughout the private sector.

Hathaway is due to present her report April 17.

News Around the Web