FRONT PAGE CONTRIBUTOR
On the Obama cybersecurity bill
As overbearing as it is impractical
So, the Cybersecurity bill is back, fully formed as the Protecting Cyberspace as a National Asset Act (PCNAA). When I first highlighted the bill in August of 2009, I summarized it like so:
S. 773, a bill by West Virginia Sen. Jay Rockefeller, Democrat, would create new “emergency” powers for the President, a ‘cybersecurity’ Enabling Act of sorts, that would give the President the authority broad powers over any “non-governmental” computer networks, whether public or private, that are declared by the President to be “critical.”
These powers extend beyond declared emergencies, however. Rockefeller’s bill would immediately grant the ability of the government to control hiring and firing of jobs related to these so-called critical networks, because the President could unilaterally declare that jobs related to those networks would be required to be filled by people certified to the task by the government. And much like with the car dealerships, the Obama administration is fully expected to use its power to favor political allies for these jobs by granting or denying certification depending on your level of donations to Obama for America or the Democratic National Committee.
Yeah, so it’s back. Some parts of it may seem harmless, or even beneficial, such as the part highlighted by the good people at Bayshore Networks that seems to amount to an online Real ID act. But such things, if we want them, can and should be achieved without all the baggage associated with them.
Because you see: the emergency powers sought by the Democrats and the White House not only amount to a huge power grab over private computers that is unprecedented online, but the purported goal still won’t be achieved. The bill is as overbearing in its means as it is impractical in its ends.
Consider the premise of the bill: we have to defend ourselves against a hypothetical attack by a foreign power on this country’s computers over the Internet. It sounds just so reasonable that we should just be able to “shut off the pipe” to country X until the threat passes, doesn’t it? The problem is, there is no one pipe. The Internet is not like the system of roads, centralized and government owned. The Internet is a tangled web of private networks, any or all of the biggest of which (“the Backbone”) might have their own connections to private networks in other countries. Take a look at this diagram of the Internet backbone made by the Opte Project:
See the colors, and how they weave together in so many different places? They aren’t for show. Red is east Asia and Oceania, Green is Europe, the rest of Asia, and Africa, Blue is North America, Yellow is Latin America and the Caribbean, and nobody can say for sure what the White ones are. It’s all connected, all of it, in many different ways.
See also CAIDA’s diagram of the backbone which shows in pink the connections between the continents, all redundant and robust. That’s just it: the Internet is designed to resist a line being cut here or there, because the kind of deliberate shutdown the Obama administration wants is the kind of thing that can and does happen by accident!
So what would it take for the Democrats even to try this? Take a look at the diagrams again. Anywhere a North America dot connects with another country, let alone another continent, Government is going to demand to know who works at that dot, what computers are there, and insist on being able to give orders to the people at that dot whenever the President decides to say it’s an emergency.
We’re not just talking about the traditional Constitutional emergencies here, after all. The Constitution recognizes “cases of Rebellion or Invasion” as well as Congressionally declared War as special times, but this Cybersecurity bill is not limited to such specifically grave situations. As Bruce Henderson writes at The New Ledger:
S773 makes no attempt to outline and describe what form of emergency would trigger the use of these broad new powers to limit communication, nor any means by which it could be reviewed by anyone outside the executive branch. The bill also proscribes that the executive branch will perform periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government.
But again, remember those diagrams before: How are you going to close off the US from, say, China or Iran? The only way, given the Internet’s robust interconnectivity, is to close off the US from the entire world, which would mean the government taking dictatorial control over every major Internet provider in the country, isolating us, and without a doubt creating a greater disruption on the lives and businesses of Americans than any one attack could create. We, like North Korea, would end up a dark spot on a well-lit world.
So where are we left with the Cybersecurity bill? The problem the Obama administration wants to solve is impractical to solve. The power they want is vast. The solution they end up with is worse than the problem. So it’s time to make some noise. The bill has made it out of Senate committee. We have to get loud and get loud quickly if we want to stop the Internet Blackout Czar from becoming a reality.
In particular, let’s ask cosponsor Susan Collins to drop her support, and turn from the side of control and censorship, to the side that is less like Communist-controlled China. We expect huge expansions of government power from Democrats like Joe Lieberman or Jay Rockefeller, but Republicans should know better than to support more progressive crisis mongering. We need all hands on deck, and every Republican pulling for our side in order to ensure this bill goes down to a well-deserved defeat. The PCNAA is worse than snake oil: it’d kill the patient.