Taking the Internet.
There is a piece of legislation before the U.S. Senate today that I think has at least a little relevance to what we all do here -- by which I do not mean Livejournal in particular, but on the Internet as a whole. I should like to share the documents in question with you, but as they are of considerable length I will provide links and put behind the following cut anything I find of unusual interest. Especially unusual phrases marked in bold.
From this article: http://cdt.org/security/CYBERSEC4.pdf
come the following quotes
"... the United States is unprepared to respond to a 'cyber-Katrina' ... 'a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.'" -- p.4 l.15-19
"The Institute [NIST] shall, establish standard computer-readable language for completely specifying the configuration of software on computer systems widely used in the Federal government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks." -- p.18 l.14-20
Page 43, line 17, et seq:
"SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President -
* (1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include -
*** (A) a long-term vision of the nation’s cybersecurity future; and
*** (B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
* (2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network;
* (3) shall designate an agency to be responsible for coordinating the response and restoration of any Federal government or United States critical infrastructure information system or network affected by a cybersecurity emergency declaration under paragraph (2);
* (4) shall, through the appropriate department or agency, review equipment that would be needed after a cybersecurity attack and develop a strategy for the acquisition, storage, and periodic replacement of such equipment;
* (5) shall direct the periodic mapping of Federal government and United States critical infrastructure information systems or networks, and shall develop metrics to measure the effectiveness of the mapping process;
* (6) may order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security;
* (7) shall, through the Office of Science and Technology Policy, direct an annual review of all Federal cyber technology research and development investments;
* (8) may delegate original classification authority to the appropriate Federal official for the purposes of improving the Nation’s cybersecurity posture;
* (9) shall, through the appropriate department or agency, promulgate rules for Federal professional responsibilities regarding cybersecurity, and shall provide to the Congress an annual report on Federal agency compliance with those rules;
* (10) shall withhold additional compensation, direct corrective action for Federal personnel, or terminate a Federal contract in violation of Federal rules, and shall report any such action to the Congress in an unclassified format within 48 hours after taking any such action; and
* (11) shall notify the Congress within 48 hours after providing a cyber-related certification of legality to a United States person."
"SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
* (a) IN GENERAL. - Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals. [No doubt with all the concomitant bureaucracy and paperwork.]
* (b) MANDATORY LICENSING. - Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program." -- p. 21 l.18 - p.22 l.9
"(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS. - The term 'Federal government and United States critical infrastructure information systems and networks' includes--
* (A) Federal Government information systems and networks; and
* (B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks." -- p.50 l.21 - p. 51 l.7 [NB. Nowhere in this document is there any more precise definition of a "critical infrastructure information system (or) network". Such designation is to be entirely at the President's discretion.]
********
See also here and here.
Whatever the intentions of this bill may be, I am convinced after reading it that, if passed as written, it will create several angles from which free speech may be restricted on the Internet in "the interests of national security." No matter who's in charge in D.C., at this moment or ten years from now, I don't think anyone who knows about this is going to be entirely comfortable with it... nor should they. Given, theoretically, a sufficiently unscrupulous White House (the actual political affiliation would make no difference), the Internet could have things inflicted on it that would make Joseph Goebbels jizz in his pants.
From this article: http://cdt.org/security/CYBERSEC4.pdf
come the following quotes
"... the United States is unprepared to respond to a 'cyber-Katrina' ... 'a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector.'" -- p.4 l.15-19
"The Institute [NIST] shall, establish standard computer-readable language for completely specifying the configuration of software on computer systems widely used in the Federal government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks." -- p.18 l.14-20
Page 43, line 17, et seq:
"SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President -
* (1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include -
*** (A) a long-term vision of the nation’s cybersecurity future; and
*** (B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
* (2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network;
* (3) shall designate an agency to be responsible for coordinating the response and restoration of any Federal government or United States critical infrastructure information system or network affected by a cybersecurity emergency declaration under paragraph (2);
* (4) shall, through the appropriate department or agency, review equipment that would be needed after a cybersecurity attack and develop a strategy for the acquisition, storage, and periodic replacement of such equipment;
* (5) shall direct the periodic mapping of Federal government and United States critical infrastructure information systems or networks, and shall develop metrics to measure the effectiveness of the mapping process;
* (6) may order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security;
* (7) shall, through the Office of Science and Technology Policy, direct an annual review of all Federal cyber technology research and development investments;
* (8) may delegate original classification authority to the appropriate Federal official for the purposes of improving the Nation’s cybersecurity posture;
* (9) shall, through the appropriate department or agency, promulgate rules for Federal professional responsibilities regarding cybersecurity, and shall provide to the Congress an annual report on Federal agency compliance with those rules;
* (10) shall withhold additional compensation, direct corrective action for Federal personnel, or terminate a Federal contract in violation of Federal rules, and shall report any such action to the Congress in an unclassified format within 48 hours after taking any such action; and
* (11) shall notify the Congress within 48 hours after providing a cyber-related certification of legality to a United States person."
"SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
* (a) IN GENERAL. - Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals. [No doubt with all the concomitant bureaucracy and paperwork.]
* (b) MANDATORY LICENSING. - Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program." -- p. 21 l.18 - p.22 l.9
"(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS. - The term 'Federal government and United States critical infrastructure information systems and networks' includes--
* (A) Federal Government information systems and networks; and
* (B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks." -- p.50 l.21 - p. 51 l.7 [NB. Nowhere in this document is there any more precise definition of a "critical infrastructure information system (or) network". Such designation is to be entirely at the President's discretion.]
********
See also here and here.
Whatever the intentions of this bill may be, I am convinced after reading it that, if passed as written, it will create several angles from which free speech may be restricted on the Internet in "the interests of national security." No matter who's in charge in D.C., at this moment or ten years from now, I don't think anyone who knows about this is going to be entirely comfortable with it... nor should they. Given, theoretically, a sufficiently unscrupulous White House (the actual political affiliation would make no difference), the Internet could have things inflicted on it that would make Joseph Goebbels jizz in his pants.