Steve Aquino at Mother Jones asks, "Should President Obama have the power to shut down domestic Internet traffic during a state of emergency? Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so." I've highlighted what I think are the interesting passages in the article.
On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians. The Cybersecurity Act of 2009 (PDF) gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.
The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.
The Mother Jones article quotes a number of sources who argue that the proposed bill significantly undermines the Constitution and makes a mockery of existing privacy laws. But I think the main problem with the proposed legislation is that the operational justification for it has not been made. There are two parts to this proposal. The first is the ability to shut down the network in whole or in part due to a "cybersecurity emergency" and the second is the implied power to wiretap without a warrant in certain circumstances, where such circumstances are defined by the President.
I think it is perfectly reasonable to jam any bandwidth carrier (such a cell phone network) if it is being used to carry out an attack on the nation. But such measures always have an implied cost because they also shut down own communications. Communications fratricide. Thus any effective communications disruption strategy is normally selective. It disrupts the enemy bandwidth but leaves own bandwidth functioning. Under what circumstances is it justified to "shut down domestic Internet traffic during a state of emergency?" The answer to that question deserves consideration, because a great many things increasingly depend on the functioning of the Internet, and 99.9999% of them are legitimate, in the pursuit of public safety, the essential conduct of commerce and in the coordination of society. So while it makes sense to say, "black out a four square mile cell because a Mumbai style hit team is operating in it", it makes far less sense to pull the plug on the domestic Internet. Most of the people who will be disrupted with be responders. It's like firing a cannon at yourself to remove a wart. The same is true for the proposed authority to wiretap anybody in an emergency. It makes no sense to surveil the public in bulk. There simply isn't the the capacity to analyze an intercept on that scale. Under what circumstances would you listen to a crowd? It's absurd on the face of it -- unless you're a tyrant. What you want to do in the face of a threat is prosecute particular contacts across the nodes. More on this later.
Much of the justification for the Act cites the danger to national financial systems. This is also the reason why many of the cybersecurity functions will be based, of all places, in Commerce. But while it is vital that these systems are defended, their primary protections should be designed around the systems themselves and in their internal security. It makes little sense to defend a given network by shutting down the carriers of information to it. The defenses should be around the threatened networks itself. It may be argued that some kind of pervasive network monitoring is required to establish the Real Time Cybersecurity Dashboard described on page 10 of the PDF, but what is the use of such a Dashboard if doesn't enable a selective shutdown of the parts of the system which are being used by the enemy. If you're just going to pull the plug on the system, the Dashboard is superfluous unless it is one of those Dashboards which doesn't granularly show the threats, but displays Red, Yellow and Green status like a traffic light. And I doubt this.
What does make sense is a doctrine of "hot pursuit", where the Federal Authorities have the authority to chase enemy cyberforces across the network, shutting down such parts of it as is necessary, according to military necessity. You can imagine a situation where the Feds overhear a cell phone conversation from Party X to Party Y about a nuclear device about to go off in New York City. They should be able to wiretap Y immediately without waiting for the court order. And if Y were to speak to Z and Z1 and Z2 then those should be pushed into the stack also. But to say, "we've overheard X, now let's wiretap the phonebook" makes no sense except as an exercise in power.
The last several months have seen a vast increase in Federal Power. Parts of the Cybersecurity Act of 2009 seem reasonable, even necessary. But extreme care should be exercised to ensure, that like the stimulus package, it doesn't sail in with excess baggage. This has the potential for abuse written all over it. Democrats should ask themselves whether they want any future President to have this power. Because the political system may live to regret passing an act with such blanket authority. Maybe not today, or tomorrow, but as Rick Blaine once said, "soon and for the rest of your life." It used to be the case that the quality of a gentleman was shown by his reluctance to ask a woman for favors while she was at a disadvantage. Any man who came on to a woman while she was destitute was considered a cad and a bounder. The dictum to "never let a good crisis go to waste" was never a tasteful one. In this context, with the lady being Columbia herself, it is shameful.