The days of an open, largely unregulated Internet may soon come to an end.
A bill making its way through Congress proposes to give the U.S. government authority over all networks considered part of the nation’s critical infrastructure. Under the proposed Cybersecurity Act of 2009, the president would have the authority to shut down Internet traffic to protect national security.
The government also would have access to digital data from a vast array of industries including banking, telecommunications and energy. A second bill, meanwhile, would create a national cybersecurity adviser — commonly referred to as the cybersecurity czar — within the White House to coordinate strategy with a wide range of federal agencies involved.
The need for greater cybersecurity is obvious:
— Canadian researchers recently discovered that computers in 103 countries, including those in facilities such as embassies and news media offices, were infected with software designed to steal network data.
— A Seattle security analyst warned last month that the advancement of digital communication within the electrical grid, as promoted under President Obama’s stimulus plan, would leave the nation’s electrical supply dangerously vulnerable to hackers.
— And on Tuesday the Wall Street Journal reported that computer spies had broken into the Pentagon’s $300 billion Joint Strike Fighter project and had breached the Air Force’s air-traffic-control system.
Nonetheless, the proposal to give the U.S. government the authority to regulate the Internet is sounding alarms among critics who say it’s another case of big government getting bigger and more intrusive.
Silicon Valley executives are calling the bill vague and overly intrusive, and they are rebelling at the thought of increased and costly government regulations amid the global economic crisis.
Others are concerned about the potential erosion of civil liberties. “I’m scared of it,” said Lee Tien, an attorney with the Electronic Frontier Foundation, a San Francisco-based group.
“It’s really broad, and there are plenty of laws right now designed to prevent the government getting access to that kind of data. It’s the same stuff we’ve been fighting on the warrantless wiretapping.”
Sen. Jay Rockefeller, D-W. Va, who introduced the bill earlier this month with bipartisan support, is casting the legislation as critical to protecting everything from our water and electricity to banking, traffic lights and electronic health records.
“I know the threats we face.” Rockefeller said in a prepared statement when the legislation was introduced. “Our enemies are real. They are sophisticated, they are determined and they will not rest.”
The bill would allow the government to create a detailed set of standards for cybersecurity, as well as take over the process of certifying IT technicians. But many in the technology sector say the government is simply ill-equipped to get involved at the technical level, said Franck Journoud, a policy analyst with the Business Software Alliance.
“Simply put, who has the expertise?” he said. “It’s the industry, not the government. We have a responsibility to increase and improve security. That responsibility cannot be captured in a government standard.”
Warning bells for liberty should be resounding in our minds.