|
May 01
2009
|
  |
 |
As has been reported in and around the blogosphere, Senate Bill S773 , the Cybersecurity Act of 2009 currently before the United States Congress, asserts extraordinary government powers over the Internet and sets the stage for all sorts of meddling in the name of national security.
This bill is a document worth the read if you can wade through the legalese. It's not that difficult to comprehend, especially if you've ever seen a really bad project plan written up in a beautifully formal specification document. The bill is ostensibly
To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.
What the bill actually does is :
- "The President shall establish or designate a Cybersecurity Advisory Panel" which will assess its own work as to "whether societal and civil liberty concerns are adequately addressed"
- mandates a "real-time cybersecurity dashboard"
- directs the Sec'y. Commerce to "provide assistance for the creation and support of Regional Cybersecurity Centers for the promotion and implementation of cybersecurity standards"
- Directs NIST to "develop a process or procedure to verify that (i) software development organizations comply with the protocol established under subparagraph (A) during the software development process; and(ii) testing results showing evidence of adequate testing and defect reduction are provided to the Federal Government prior to deployment of software" not only on government networks, but also for "private sector owned critical infrastructure information systems and networks."
- provides that the president "may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network" (meaning any part of the Internet).
(A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and
(B) any matter relating to, or involving the use of, computers or computer networks.
In otherwords, anything anyone could ever do with a computer on or off the Internet is to become subject to direct supervision from a directorate Washington at any time under a blanket assertion of national security.
Doesn't sound really much different than the way it already works in China, does it?
Note: updated May 30 due to a typo ... the link to the bill is correct, but I dyslexically wrote "SB733" instead of "SB773". - JW
Subscribe to this comment's feed
Show/Hide comments
Show/Hide comment form
"Internet service providers are to keep records of emails and online phone calls under controversial new government regulations that come into force today. [New paragraph] ISPs will be legally obliged to store details of emails and internet telephony for 12 months as a potential tool to aid criminal investigations. Although the content of emails and calls will not be held, ISPs will be asked to record the date, time, duration and recipients of online communications. [New paragraph] The new regulations are contained in an EC directive on data retention that already applies to telecoms providers and is now being extended to ISPs."
I've quoted that from "The Guardian", "ISPs to record all emails and calls", by Chris Tryhorn, 6 April 2009 , http://www.guardian.co.uk/tech...ta-storage . The start of the article is perhaps a little scare-mongering, since you have to read a few sentences to find that the _content_ will not be stored.
I did a bit of Googling, and turned up what I presume is the regulation mentioned, at the UK Government's Office of Public Sector Information. It's "The Data Retention (EC Directive) Regulations 2009", http://www.opsi.gov.uk/si/si20...73894_en_1 .
That doesn't sound as scary, or as tub-thumpingly inclusive, as the bill that Jack mentions: but I don't know a lot about law, or about our Government's planned net-related legislation. Anyone with knowledge of these in both the UK (or EU) and the US able to comment?