Time to Put the Brakes On the Cybersecurity Act of 2009
What is essentially a federal government power grab combined with a giant money grab for industry is a real and perhaps unnecessary threat to your privacy and personal security. On top of that hole in your privacy, the Cybersecurity Act of 2009 plants a big, potentially exploitable hole on the network.
It’s hard not to think immediately of President Eisenhower’s farewell address warning of the influence of the military industrial complex when one also notices the swift path from CSIS proposal to sweeping legislation granting unprecedented power to the federal government over the Internet.
It is true that the US government’s approach to cybersecurity over the past 20 years has been relatively atrocious, and that smart people with certain expertise are needed to ward off cyber attacks from foreign as well as domestic sources. It seems appropriate also that you see organizations like the Navy, the CIA, the NSA, Oracle, Sun Microsystems, Microsoft, Cisco, GE, Verizon, et cetera et cetera et cetera ad nauseum working on the issue together.
But when the CSIS issued its report (with all of the above and more signatories) it was both jaw-dropping for the collective might behind it and appalling for the tone of demand it carried directed toward the newly elected President and Congress. If you or I had written up the same report and signed our relatively puny names to it, we’d have been laughed and pshawed out of the room for our delusions of grandeur and audacity to think we could boss the government around.
Just a few months later, there it is in Congress, giving the President the power to shut down the Internet at his discretion, and the Commerce Secretary backdoor access to all of it without the slightest bit of oversight or restriction. (These guys like lack of oversight and accountability, just ask Hank Paulson.)
Who’s to say a President couldn’t decide, with the excuse of national security and protecting of the nation’s infrastructure, to shut down the one uncontrollable information dissemination source available to the public?
Who’s to say the unfettered back door access to the entire network granted to the Commerce Secretary couldn’t itself be exploited? Who’s to say it won’t be abused (power is always abused) for any number of reasons by the federal government?
We have reason—good reason—to fear this legislation. The Electronic Frontier Foundation has been the most vocal against it, their argument very elegant: The power grab is largely unnecessary. Citing the Government Accountability Office, all the government really needs to do is bring government networks up to code with currently lacking access controls, sufficient encryption, better network management, vigilant patch installation, adequate audit procedures, and better information security programs.
The obvious need for better cybersecurity at the federal level does not necessarily include the unprecedented granting of power to the government. It especially doesn’t necessitate that a few major companies dictate how security is to be implemented. The proposed legislation would require anyone with access to the network to be licensed.
How many in your IT department are currently even certified? This legislation allows the captains of the industry to centralize and standardize everything, and to create a licensing industry similar to the Bar Association for lawyers.
And just whom do you think the government is going to contract to provide the necessary equipment, standards, licensing, and software to enable such oversight? Likely, it will be the same companies responsible for the report that led to the legislation. And that’s money, baby. Money, money, money. The military industrial complex at work.
It would be nice to dismiss all this as conspiracy theory. If so, you’d have to accuse Eisenhower of the same. But after the Pentagon’s propaganda arrangement with national television networks—which you’ll never, ever see discussed on TV—one might be considered foolish and idealistic if he wasn’t a conspiracy theorist these days.
Once you open that door and push down the conspiracy theorist stigma, once you think of Eisenhower’s warning, once you notice who benefits most in payment of money and power, once you look at the history of the abuse of the national narrative, you start noticing other things that in past seemed like benign coincidence.
The Wall Street Journal’s report about Chinese cyberspies dropping nefarious digi-bombs on the nation’s electrical grids just a week after the Cybersecurity Act of 2009 is introduced, for instance. Oracle’s purchase of Sun in another instance. Microsoft’s new “more trusted Internet” PR campaign in another. Perhaps interesting as well is ISP spying immunity, broadband caps, tiering, deep packet inspection, and network management.
How about a dirty half-dozen RIAA heavy-hitter lawyers in the Department of Justice? An international copyright treaty suppressed for national security reasons? Think strict network (content) management of the Internet might be beneficial to both government and certain industries?
Yeah, you just might be right.