Wouldn't The Last Thing We Want During A 'Cybersecurity Emergency' Be For The Gov't To Take Over Private Networks?

from the given-their-technical-knowledge... dept

Fri, Aug 28th 2009 3:56pm — Mike Masnick

A bunch of folks are sending in this News.com story about a draft of the latest cybersecurity bill, that still includes bizarre and totally unnecessary language that would allow the President to declare a cybersecurity emergency and then be able to take control over private computer networks. First, the idea of the whole "cybersecurity emergency" that would require such a thing still remains a science fiction idea. Yes, there can be cybersecurity attacks and they can cause all sorts of problems, but these are problems that generally are not life-threatening or that can't be handled reasonably.

But the bigger issue is why the government should be taking control over private networks. This is the same gov't that doesn't let people in the State Department use Firefox and which thinks that RealPlayer is the state of the art in online video streaming. Even if there were a "cybersecurity emergency," I would think the last people I'd want to take charge would be the federal government.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, emergency

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Digital Protector (profile), 28 Aug 2009 @ 4:12pm

Am I the only one here who would consider a unilateral takeover of the 'net by the federal government to be a cybersecurity emergency?
[ link to this | view in chronology ]
- Chargone (profile), 29 Aug 2009 @ 1:29am
  
  Re:
  well, I'm pretty sure there's plenty of other countries that'd freak out of it if it actually achieved that.
  
  so probably not.
  [ link to this | view in chronology ]
gjbnh (profile), 28 Aug 2009 @ 4:20pm

What is REALLY scary is NOBODY in Congress OR the COURTS is speaking out about this!!!! There is NO seperation of powers, just sheep following the leader. Where is Ron Paul or Dennis Kursinch. Why aren't they screaming out against this??
[ link to this | view in chronology ]
- ChurchHatesTucker (profile), 28 Aug 2009 @ 4:22pm
  
  Re:
  "Where is Ron Paul or Dennis Kursinch. Why aren't they screaming out against this??"
  
  I give them twelve hours.
  [ link to this | view in chronology ]
- Anonymous Coward, 28 Aug 2009 @ 4:40pm
  
  Re:
  They are still trying to listen in to the realplayer stream from the FCC.
  [ link to this | view in chronology ]
  - ChurchHatesTucker (profile), 28 Aug 2009 @ 5:06pm
    
    Re: Re:
    Oh, SNAP!
    [ link to this | view in chronology ]
TXCHLInstructor (profile), 28 Aug 2009 @ 4:40pm

It's not about security...
It's about control. The Internet is a bit like firearms -- dangerous to tyrants.
[ link to this | view in chronology ]
Rich Kulawiec, 28 Aug 2009 @ 4:49pm

They're utterly incompetent
The DHS -- THE FRACKIN' DHS -- has been awarded an "F" grade in security for the third year in a row. And that's generous: the only reason they earned an F is that no lower grade is available.
And these are the people who think they have some tiny, insignificant clue about "cybersecurity"?
Yeah. Riiiiiiight.
[ link to this | view in chronology ]
rich, 28 Aug 2009 @ 5:10pm

The government does some things well and some things abysmally badly. Then again so do large private organizations. In general I think government gets dumped on more than it deserves. However, for network security there's an advantage in decentralized control. Sure some nets will be badly secured, but others will be impenetrable. I'd worry that centralized control by anyone, public or private, would give us lowest common denominator security. Let the government focus on properly securing their own networks. If they do a good job, make the results available via open source for others to use freely.
[ link to this | view in chronology ]
Lawrence D'Oliveiro, 28 Aug 2009 @ 5:13pm

Let’s Put It This Way...
...the Government are in charge of the military, aren’t they? And when the shit really hits the fan, who do we turn to to bail our arses out? That’s right, the Government-run military.

Does that make you feel better? Or not?
[ link to this | view in chronology ]
- Chuck (profile), 30 Aug 2009 @ 7:18am
  
  Re: Letâ��s Put It This Way...
  The government KNOWS how to run a military. I can't say the same for teh internets.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Aug 2009 @ 5:19pm

Simple way to get around it.
Look it's not that hard to get around government blocking / control.

You just need to
You can get full instructions at
[ link to this | view in chronology ]
Anonymous Coward, 28 Aug 2009 @ 5:45pm

A commenter who goes by the name "tech10171968" on another site said the following. I shamelessly re-posted it here without permission.

This shit has absolutely nothing to do with "cybersecurity". Allow me to explain:

Back in the days before cable networks and satellite TV you only had a few outlets for news: the "Big Three" networks (ABC, CBS, NBC) and a few major-league newspapers (Washington Post, New York Times, etc). A President could damned near accidentally set off a global thermonuclear war and his Chief of Staff could cover it up so easily because the news was only getting out to the unwashed masses through a few chokepoints (those "Big Three" networks I mentioned earlier).

Those days came to a screeching halt when the first dail-up modem hit the retail shelves. Nowadays news of any shenanigans coming from our politicians and others is getting out via news sites, blogs, Twitter, etc; and, thanks to all these new sources, not only is that same news is getting out **faster** but it's also damned near impossible to head it off at the pass. There's way too many sources getting around those traditional media chokepoints. As a result, these days the President can't even pick his nose without it winding up on the Drudge Report 10 minutes later (if not sooner).

If I were a politician or corporate interest planning on some nefarious deeds or trying to sneak some controversial bill behind everyone's backs, I would want the Internet shut down cold. The internet is making it a lot harder to pull off shit stunts or make backroom deals without half the planet finding out about it within hours. THIS is why certain parties would love the power to pull your computers off the net.

Scary
[ link to this | view in chronology ]
- Fred McTaker (profile), 30 Aug 2009 @ 2:09am
  
  Re:
  I saw the same comment on Digg, where apparently the GOP/Libertarian knee-jerk crowd has been having a hissy fit over this. I'm surprised to see the Techdirt crowd is susceptible to the same "death panel" GOP spin BS.
  
  FTA:
  """This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks. To be very clear, the Rockefeller-Snowe bill will not empower a "government shutdown or takeover of the Internet" and any suggestion otherwise is misleading and false."""
  
  An attack is an attack, whether the source is foreign or domestic. Saying the Executive Branch of government doesn't have the authority to take out a network server being used in a cyber-attack, just because it's on a domestic or corporate network, is akin to saying they don't have the right to take out any domestic terrorists caught in the act, just because they're attacking from their own turf. In the case of cyber-attacks, the attack source may not be intentional -- the cause may be a previous infection with a bot, trojan, or worm, but the effect is the same. If any network source is attacking core U.S. network infrastructure, the ability to cut that connection is necessary. Just ask Estonia.
  
  In any case, this isn't even a finished Bill. Read the actual Bill before jumping to conclusions, as I'm sure Obama will before he signs anything.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Aug 2009 @ 5:58pm

Who wants this?
Who requested this bill, and who is Sen. Rockefeller requesting input from?

I don't believe the citizens requested it. Some clarification would be nice.
[ link to this | view in chronology ]
Anonymous Coward, 28 Aug 2009 @ 5:59pm

I think this free documentary sums up Obama's real agenda pretty nicely:

http://www.youtube.com/watch?v=eAaQNACwaLw
[ link to this | view in chronology ]
- Fred McTaker (profile), 30 Aug 2009 @ 6:36pm
  
  Re:
  An Anonymous Coward with a Conspiracy Theory. Just another day on the Internets.
  [ link to this | view in chronology ]
Anonymous Coward (profile), 28 Aug 2009 @ 6:17pm

They can have my private network when they pry the access codes, passwords, and encryption keys from my cold, dead, digital fingers.
[ link to this | view in chronology ]
- Avatar28 (profile), 28 Aug 2009 @ 9:42pm
  
  Re:
  Exactly. They can have my network when they pry the (20 character) security key from my cold dead hands. Oh, wait, I don't have it written down. Oh well, I guess they're just screwed then.
  [ link to this | view in chronology ]
Glurbie, 28 Aug 2009 @ 7:27pm

"All your networks are belong to us."
[ link to this | view in chronology ]
Dan, 28 Aug 2009 @ 7:45pm

Who are the going to get to manage this clusterf*ck? Maybe the British hacker they extradited. He might at least know the soft spots. Obviously the DHS doesn't, their to busy confiscating toothpaste from granny's. Keep the politicians out of technology, they barely understand Twitter if at all.
[ link to this | view in chronology ]
John Laprise (profile), 28 Aug 2009 @ 10:10pm

Ummm...The President already can shut down the Internet...
Following 9/11, the only surprise here is that Congress is putting it in writing. The President already has broad authority to manage US transportation and communications networks in time of national emergency. There is strong and long standing precedent for this (WWI and seizure of radio stations). President Bush ordered a full ground stop of air traffic on 9/11. In the face of a massive cyberattack upon US websites from forign locales, I would expect the government to do the same. It wouldn't be instantaneous but it would be pretty quick. There's only so many fiber optic cable landings in North America. Moreover, the White House, via the Department of Commerce and the National Telecommunications and Information Administration (NTIA), has oversight authority over ICANN. How many TLDNS's are there in the US? How crippled would the Internet be if they were all taken offline more or less simultaneously?

Don't get me wrong, I think that the President should have this power. But it is a power only to be used in extremis like on 9/11. Really, who among you even conceived of a total air traffic ground stop? How many of you objected to it? How many people questioned it in the aftermath? I'll wager very few. I would suggest to you that in a cyber 9/11 scenario, where unknown hackers systematicly disable SCADA systems wreaking havoc on utilities infrastructure and release a virus that randomly reassigns blood types in medical records, the President of that future day will cripple the Internet and you will be glad that he did.

With the first ship came the shipwreck...
[ link to this | view in chronology ]
- Tek'a R (profile), 28 Aug 2009 @ 10:38pm
  
  Re: Ummm...The President already can shut down the Internet...
  but even the most devious hacker has no way to hijack an Internet and crash it into a building.
  
  Air Traffic Groundstop =/= Internet Communications Stop
  
  Utility infrastructure online?
  Medical records without a thousand offline and onlined backups?
  
  I would support bills to force utilities to keep their systems tight, and systems in place to force Them off the net when compromised, and accountability/backup requirement for medical records storage.
  
  Any mythical superhackers with their supervirus would have compromised systems and planted timed packages long before their "Cyber 9/11 Scenario" went into effect, and a POTUS-initiated "Internet Shutdown" could only have the effect of slowing/stopping detection and reaction to threats.
  
  Think of it like closing all roads to all traffic, even police and fire teams, AFTER the criminals have left. Or locking the gate after the horses have all been stolen. Its reactionary in the worst ways.
  
  This is of course assuming that, even after chopping fiber hardlines with an axe or something, you could really kill all network connections between the US and anywhere else.
  [ link to this | view in chronology ]
  - jlaprise (profile), 29 Aug 2009 @ 10:38am
    
    Re: Re: Ummm...The President already can shut down the Internet...
    "Air Traffic Groundstop =/= Internet Communications Stop"
    
    On the contrary, federal statute as it stands presently sees them in exactly the same way. The point I am making is not about whether a shutdown would be good policy or bad policy. Rather, The President already is legally empowered to do this and bill in Congress is oblivious to the truth on the ground.
    
    I nor anyone that I know has modeled what would happen if you shut down the main MAE links and say 6-8 TLDNS's at the same time. Furthermore, no chopping would be required. The airlines cooperated with a ground stop. Are you seriously suggesting that (the heavily regulated) Tier 1 providers would not honor a request from the federal government? My guess is that it would probably not shutdown the Internet but would cripple it for a time. Your comment of being too little too late and even counter productive may be entirely correct. I just don't know.
    
    As for effects of soft power, simply consider how much worse a natural disaster with the added difficulties of even minor hacking. A cyber 9/11 would likely not be simply a massive set of hacks, rather the perpetrators would combine them with some actual physical attacks. As for data backups, how long does it take a large organization to realize that its data has been tampered with? Sure if every record is worng but what if only a random 4-5% of records are altered. How quickly would an organization choose to do a full restore from a backup? moreover, how much doubt would that sow in other organizations?
    
    As for the true skeptics, please note that no one seriously considered and even scoffed at the idea of people crashing a plane into a building for mass casualties. That being said, it was a theme in popular fiction. Anyone read any Tom Clancy? Previous non-existence is no guarantee of future non-existence.
    
    Finally, I am aware of why the US was attacked on 9/11. I also realize that they haven't given up and that we're the the main enemy and the way to hurt us and change our policy is by altering the fundamental economics of the struggle. Publicly and horrificly destroying two buildings in our largest city has, to their minds, not changed our behaviour sufficiently. It has resulted in setbacks for them and a general tightening of physical security making their operations and communications harder and more dangerous. All that means is that they are looking for another way to influence US policy. A large scale cyberattack is simply one possibility and one which the current administration is taking far more seriously than previous administrations. The efforts they are putting into cybersecurity relative to previous administrations is, I believe, telling.
    [ link to this | view in chronology ]
    - Lawrence D'Oliveiro, 30 Aug 2009 @ 4:27am
      
      Re: Ummm...The President already can shut down the Internet...
      jlaprise wrote:
      
      Are you seriously suggesting that (the heavily regulated) Tier 1 providers would not honor a request from the federal government? My guess is that it would probably not shutdown the Internet but would cripple it for a time.
      
      Time to remind everyone of John Gilmore’s quote: “The Internet interprets censorship as damage and routes around it”. In this case, “censorship” means “anyone who tries to shut it down”.
      [ link to this | view in chronology ]
- Anonymous Coward, 29 Aug 2009 @ 8:23am
  
  Re: Ummm...The President already can shut down the Internet...
  What the f**k are you talking about? You've been watching too many episodes of 24. The media has fueled this idea of these super-terrorist hiding behind every corner waiting to strike at your "freedoms". Do you know why the US was attacked on 9/11? I didn't think so.
  [ link to this | view in chronology ]
Anonymous Coward, 29 Aug 2009 @ 2:59am

There needs to be a project that, in case of an "cyber-emergency", Obama can enlist the help of Bruce Willis and that guy that says he's a Mac.
[ link to this | view in chronology ]
- Headbhang (profile), 29 Aug 2009 @ 6:25am
  
  Live Free
  LOL. Yeah, I also thought some gullible politicians took Die Hard 4 a bit too seriously...
  [ link to this | view in chronology ]
P0rkCh0pS@ndwich, 29 Aug 2009 @ 8:28pm

Cyber Security?
There's already been maneuvering to allow authorization for retaliatory and preemptive cyber attacks by the millitary. This is probably one piece of something larger to allow the military/intelligence agencies to put together a massive botnet to be part of that effort under the heading of "Cyber Security."
[ link to this | view in chronology ]
Yeebok (profile), 31 Aug 2009 @ 2:51am

I, for one, welcome your new governmental overlords.

Seriously though, if you have your own network secured, you won't have control over any major networks - and that's what they'll go for.
[ link to this | view in chronology ]
negdcom, 2 Sep 2009 @ 7:07am

Cia/nsa/dod allready has this ability
People are really getting hysterical over this. Let me put it to you this way, right now if theres a cyberattack the organization that has control of protecting our networks is the nsa/dod/cia. this bill would take it out of their hands and put it into the white house. THIS IS GONNA HAPPEN WETHER YOU LIKE IT OR NOT, would you rather the nsa do this under the radar or the white house do this and it have to be somewhat accountable?
[ link to this | view in chronology ]