Should we pass a bill giving the President unfettered authority to shut down the internet during a crisis and access any and all data from anyone while allowing him sole discretion to determine what constitutes a crisis and when one occurs? What could possibly go wrong?
Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?
Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.
The potential for cyber-attacks on the nation’s infrastructure, military and intelligence assets or government records is very real. We’ve known about this vulnerability for some time and a movie was even made about such a scenario. Therefore, I can see the need for a measure such as this. But before we rush into passing such a law, there are a few aspects which may need a closer look.
The Cybersecurity Act of 2009 (PDF) gives the president the ability to “declare a cybersecurity emergency” and shut down or limit Internet traffic in any “critical” information network “in the interest of national security.” The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.
The bill does not only add to the power of the president. It also grants the Secretary of Commerce “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.” This means he or she can monitor or access any data on private or public networks without regard to privacy laws.
Such laws are fine and dandy if you happen to live under a benevolent despot, but from my particularly libertarian point of view, truly benevolent despots tend to be few and far between. Shutting down internet activity quickly when a cyber-incursion is detected may need to be an option, but it should come under immediate review by some congressional entity before the situation has a chance to get out of control in either direction.
As for access to “all relevant data concerning critical networks,” that’s just a frightening phrase. Surely we can have a process where a warrant will be required, even if it’s a retroactive warrant through a FISA court. Handing out powers which are too broad raises my hackles and this just brings back images of certain portions of the so-called “Patriot Act.” This is a road we don’t need to go down again.
Far too many things have been rushed recklessly through this new Congress. Let’s not allow this to be yet another.