West Virginia Senator John Davidson “Jay” Rockefeller IV — the Democratic great-grandson of oil mogul John D. Rockefeller — has been said to be working for months on a draft of S. 773, a bill whose stated goal is “to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption.”
Translation: It means the White House can order companies to disclose information, and possibly take control of their networks and computers, if the President declares them “critical” to an emergency involving the Internet.
CNET reporter Declan McCullagh has obtained a copy of a 55-page working draft that’s newer than the version online at thomas.loc.gov. He’s excerpted the part that allows the President to “declare a cybersecurity emergency” relating to “non-governmental” computer networks. Here’s the exact wording:
The President … (A) may declare a cybersecurity emergency; and (B) may, if the President finds it necessary for the national defense and security, and in co-ordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network.”
The president of the Internet Security Alliance, which includes Verizon, Verisign, Nortel and Carnegie Mellon University on its board, told McCullagh the bill is “troubling due to its vagueness.” Especially the part where it says that in a cyber-emergency, companies whose private networks are deemed critical will be required to share information requested by the government, but doesn’t set limits on what that information can be.
Fred Tien, an attorney with online rights advocates the Electronic Frontier Foundation, also told CNET that the bill’s language has become “more ambiguous” over time, empowering the President — currently a guy who has already had one cyber-czar quit on him — to declare a private network “critical” and effectively take control of it.
McCullagh is personally critical of the bill’s requirement that the White House implement a comprehensive national cybersecurity strategy in six months, because the mandatory legal review of the strategy to decide what is or isn’t legal in the strategy will take at least a year to complete. Hey, it’s just like Twitter’s business model.