The Cybersecurity Act of 2009 (PDF link), introduced by Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine), in no April Fool’s joke. The proposed law would give President Obama have the power to shut down domestic Internet traffic (services, applications and software) during a state of emergency. The Committee on Commerce, Science and Transportation will take up this proposed law.
The proposed law would create the Office of the National Cybersecurity Advisor, which would be an extension of the executive branch that would have broad power to control and monitor Internet traffic to protect against cybersecurity threats. Furthermore, the Commerce Department would be given the ability to bypass every existing law regarding privacy, and access any relevant information regarding citizens and businesses use of the Internet while investigating cybersecurity threats (real and perceived).
The proposed law makes no clear indication of what is meant by the phrases “critical information network” or a “cybersecurity emergency,” instead (broadly) leaving that interpretation to the president. The Secretary of Commerce would have “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.”
Under existing laws, law enforcement must obtain a warrant (and meet the requisite legal standards) before accessing data transmissions over the Internet. These requirements under the Electronic Communications Privacy Act (ECPA) would, effectively disappear if the powers under the proposed law are exercised.
The proposed law would also create a public-private clearinghouse for cybersecurity threats and information regarding discovered vulnerabilities under authority of the Department of Commerce.
Finally, proposed law would also put in place mandates for designated private networks and systems, including standardized security software/testing/licensing, and professional licensing program for certifying who can serve as a cybersecurity professional.
But Senators Rockefeller and Snowe offered no apologies. "It’s an understatement to say that cyber-security is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber-attacks and we must act now. …We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on," Rockefeller said in a statement.
Snowe supported Rockefeller’s comments, saying, "America’s vulnerability to massive cyber-crime, global cyber-espionage and cyber-attacks has emerged as one of the most urgent national security problems facing our country today. Importantly, this legislation loosely parallels the recommendations in the CSIS [Center for Strategic and International Studies] blue-ribbon panel report to President Obama and has been embraced by a number of industry and government thought leaders. …If we fail to take swift action, we, regrettably, risk a cyber-Katrina."
Mark McCreary is a partner in Fox Rothschild’s Corporate Department, specializing in privacy and Internet law. If you have questions regarding this post, or any other privacy matter, you may contact Mark at (215) 299-2010 or mmccreary@foxrothschild.com.