This year's version of the Cybersecurity Act was approved by the Senate Committee on Homeland Security and Governmental Affairs after amending it to limit the president's authority in the event of a cyber emergency, reported The Hill.
The bill, sponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), and Tom Carper (D-Del.), is an update to a bill from last year that was also worked on by Senator Jay Rockefeller (D-West Virginia) and Senator Olympia Snowe (R-Maine). At that time, people were concerned about reports that it would give the President a "kill switch" to shut down the Internet, though the technical details of exactly how a single switch could shut down the Internet were not specified.
"Giving government, especially the president, unprecedented control over America's trunk line of information, over electronic free speech and over business activities simply invites suspicions about whether it would be used politically to frighten people at election time—as did the color-code alerts—and to trample on constitutional rights like the Patriot Act did," wrote the Idaho Mountain Express, noting that Lieberman said he had modeled that aspect of the bill on governmental rights in Communist China.
Indeed, the President already has that authority, wrote the co-sponsors earlier this week. "Section 706 of the Communications Act of 1934 provides nearly unchecked authority to the President to “cause the closing of any facility or station for wire communication” and “authorize the use of control of any such facility or station” by the Federal government. Exercise of the authority requires no advance notification to Congress and can be authorized if the President proclaims that “a state or threat of war” exists. The authority can be exercised for up to six months after the “state or threat of war” has expired."
The original bill gave the president indefinite emergency authority to shut down private sector or government networks in the event of a cyber attack capable of causing massive damage or loss of life, according to The Hill. The amendment passed Thursday limits that authority, requiring the president to get Congressional approval after controlling a network for 120 days, The Hill continued.
Former Republican Presidential candidate Sen. John McCain (R-Ariz.) expressed concerns about the Department of Homeland Security being in charge of civilian cybersecurity, "claiming the department's response to recent attempted terrorist attacks have shaken his confidence in its ability to effectively carry out the mission," as well as concern that passing the legislation would result in the expansion of the federal workforce and budget.
A group of more than 20 civil liberties and civil rights groups, including the American Civil Liberties Union and the Electronic Frontier Foundation, sent a letter to the committee earlier this week with its own concerns about the bill. "[T]he bill does not adequately define [Covered Critical Infrastructure], giving rise to concern that it includes elements of the Internet that Americans rely on every day to engage in free speech and to access information," the groups said. "Some have regarded the national communications system itself as a “critical infrastructure” in other contexts. We ask that you clarify the scope of the legislation by restrictively defining CCI so that cybersecurity responsibilities the bill imposes fall only on truly critical network components."
In addition, Marc Rotenberg, executive director of the Electronic Privacy Information Center, in a June 8 debate in New York downplayed the importance of "cyber war." "We used to call them hackers in the good ole days," he said. "All of them pose various types of threat to the Internet as we know it, but if we reduce all of these threats to the catch-all of cyber war, I am concerned that it will take our country in a direction that we will very much regret."
The bill now goes to the Senate floor. A similar bill, HR5548, cosponsored by Reps. Jane Harman (D-CA) and Peter King (R-NY), is working its way through the House; it has been referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Homeland Security, Intelligence (Permanent Select), Armed Services, the Judiciary, and Education and Labor. Sens. Kit Bond (R-MO) and Orrin Hatch (R-UT) have also introduced a competing bill, the National Cyber Infrastructure Protection Act of 2010, which designates a Senate-confirmed cyberczar.