Today’s Drudge Report screams (in big, red, capital letters) Bill Would Give Obama ‘Emergency’ Control of Internet!
The linked article goes to a Cnet page discussing an in-the-works Senate bill that would grant the Executive Branch certain control over private networks in emergency situations. The bill is apparently still being hashed (heh) out, so it seems there is much speculation. Choice quotes from the article:
Now, as mentioned in (an unquoted bit of) the article, the Executive Branch does have authority over some vital aspects of infrastructure (e.g., the grounding of airplanes on September 11). Given how horrible it is when the Dope goes down, and given the Internet’s prevalence and necessity to society (recall the fear pre-Y2K), Federal intervention to solve(?) a state of emergency is a good thing. Even the spectre of additional compliance and hiring regulations on vital industries doesn’t seem far fetched—there are already information security and other requirements in place, so catcalls of expansion into the private sector ring hollow.
But then again, while I may be partial to the Obama administration, I don’t want to give the government any more power than necessary: power corrupts, Obama himself won’t actually be at the helm, administrations change (e.g., President Palin), etc.
So:
Does the threat of cyber (or other) attack justify Executive Branch authority over private networks?
What situations would warrant intervention?
What form(s) should that intervention take?
What safeguards should be put in place?
It seems to me that it would be more a matter for law enforcement than the executive branch. It should be allowed under sufficiently immediate circumstances under the same basic principles as hot pursuit; the cops, for example, can burst into my house without a warrant if they are following a fleeing suspect who just crawled in the window.
Terrorists/enemy intelligence agencies planting viruses, remotely sabotaging things, etc.
Containing the damage; purging the viruses or whatever. Tracking down the origin if possible. All the sorts of things I’d expect law enforcement to be better at than the executive branch.
Some sort of oversight agency with complete access to what the intervening group is doing, for one. If anything is kept secret at all it should be under narrow limits, and with a strict ( and short ) sunset rule.
How are you distinguishing between law enforcement and the Executive Branch? Do state-level law enforcement branches have the resources or capacity to work at such a scale? Or is this a silly semantic miscommunication (by Exec Branch I meant the DoJ, HS, and other Exec. Branch bodies)
This seems to imply that evidence of cyber-attack or other situation would grant the administration pursuit access. How would that work? DoS attack on more than two government agencies? On more than two ‘critical’ companies?
Given how many exploits spread via unpatched computers, should the gov. have mandatory access to install patches? At what level?
I must admit I’m in the dark about what “taking over private networks” would mean. Sniff all packets traveling over them (don’t they already have that capability thanks to AT&T’s volunteerism)? Filter all traffic? Reroute?
Law enforcement/technical professionals versus administrators/bureaucrats. Although now that I look it up apparently the FBI counts as executive branch so by that standard i guess I do support certain parts of the executive branch having authority. But the article talks about the White House being in charge; not law enforcement agencies.
Those are technical questions beyond my knowledge. Which is why I made the point of secrecy being strictly limited; people who actually know the nitty gritty technical stuff should be allowed to know so they can find out if the government is overstepping it’s bounds.
But the impression of a White House staff or extension being involved is different from DoJ. Granted, the WH sets policy, but it sounds like there was a semantic difference, not a tangible one.
This sounds like another of those 2-edged swords. In those cases, those with a political agenda will frame it for their own propaganda purposes.
Read this article from two days ago that was part of a series of articles in the NY Times about cyberwarfare. It is about how the Conflicker computer code lingers out there in more than 5 million machines. Nobody really knows if it is just incubating or whether the designers have abandoned it. In any event, it appears that those who constructed the code were linked to some political entity.
We are in uncharted waters in regard to cyberwarfare. Simply taking the issue and trying to use it to scare the public and prevent proactive measures is highly irresponsible. We could be on the cusp of another situation where a disaster is about to happen, then in the aftermath the expose will show that the government knew something could happen and then the cry will be, “Why didn’t they do anything to stop it?”
Maybe, just maybe, the legislation is a proactive measure to prevent or limit a major disaster.
One of my friends who worked at NYC’s Office of Emergency Management mentioned to me that, in the event of catastrophic failure of the public data network, they (and FEMA?) had an agreement in place with Wal-Mart so that emergency services could use the company’s private network. I imagine this is the sort of thing the bill is codifying.
