Cyber plan would give president kill switch power, senators warn

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

Proposed cybersecurity legislation's reliance on the 77-year-old Telecommunications Act could give the president broad powers over the Internet during an emergency.

A 77-year-old law passed long before the advent of the Internet or even commercial TV could give the president dangerously broad authority over the Internet during a crisis, two senators warned Monday.

Proposed cybersecurity legislation released by the Obama administration earlier this month is similar to legislation now pending in the Senate, but it does not contain the explicit emergency powers contained in the bill introduced by Joseph I. Lieberman (I-Conn.) and Susan M. Collins (R-Maine).

“The administration appears to be relying on potentially sweeping authority in the outmoded Telecommunication Act of 1934,” Collins said. “This authority is far broader than the authority in our bill,” which she said “carefully constrains” the president’s power over the Internet.

Related stories:

Under cybersecurity plan, agencies would answer to DHS

Lieberman's new cybersecurity bill forbids a kill switch

Lieberman and Collins, the chairman and ranking member, respectively, of the Senate Homeland Security and Governmental Affairs Committee, held a hearing May 23 on the White House proposal. A panel of officials from the Homeland Security, Defense and Justice departments, and the National Institute of Standards and Technology, made the first in a round of appearances before congressional committees to support the proposal.

Philip R. Reitinger, who was making his farewell appearance before the committee as the outgoing deputy undersecretary for the DHS National Protection and Programs Directorate, acknowledged that the 1934 law was not designed for the current environment. But he said that “we would use the authority that it brings to bear in the right way.”

He characterized the president’s proposal not as a bill, but as the administration’s input into the legislative process, and said that presidential authority during a cyber emergency is one of the areas that would need to be negotiated.

Lieberman and Collins each cited a litany of recent computer breaches in government and the private sector to illustrate the need for improving the nation’s cybersecurity posture.

“We urgently need to pass strong cybersecurity legislation,” Lieberman said. “If we don’t do something soon, the Internet is going to become a digital Dodge City.”

Lieberman and Collins introduced a bill in the last Congress that did not move to the Senate floor for a vote, and have reintroduced legislation this year. Lieberman said that Senate Majority Leader Harry Reid (D-Nev.) has made cybersecurity a priority in this session and is working with the Republicans leadership and with leaders in the six Senate committees claiming jurisdiction over the issue to ensure passage this year.

The administration proposal released May 12 now is a part of those negotiations. Under both proposals, DHS would oversee cybersecurity in civilian government agencies and would have a more clearly defined role in protecting privately owned critical infrastructure. The approach to critical infrastructure protection would be a risk-management approach based on incentives and rewards.

“Cyberspace is not a place that is amenable to prescriptive, top-down regulation,” Reitinger said.

In the government arena, DHS would have the assistance of DOD but would remain in charge of civilian systems while DOD defended the .mil environment. The two departments have signed a memorandum of agreement for sharing information and resources. Robert J. Butler, DOD deputy assistant secretary for cyber policy, affirmed at the hearing that DHS has the lead. However, “DOD has unparalleled cybersecurity expertise,” said Reitinger.

Both bills would move policy and oversight under the Federal Information Security Management Act from the Office of Management and Budget to DHS, where it could be collocated with the operational activities of DHS.

In addition, the administration proposal would make existing criminal laws, including the Racketeering Influenced and Corrupt Organization statute, explicitly applicable to cybercrime, said Jason C. Chipman, senior counsel to the deputy attorney general.

Where the Senate and White House proposals differ is in executive branch authority and legislative branch oversight. The Senate bill would create an Office of Cybersecurity Coordinator in the White House, similar to position one now held by Howard Schmidt but requiring Senate confirmation.

“Whoever holds that position should be accountable to Congress,” Lieberman said.

The original Lieberman-Collins bill created controversy because of what critics called a “kill switch” provision that would have given the president authority over portions of the Internet during an emergency. This section was rewritten in the current bill to define the limits of the president’s authority and require congressional oversight.

Leaving these provisions out of the administration proposal would leave the president with far greater authority than that contained in the Senate bill, Collins said. She said the 1934 law, which applies to radio stations and which the administration has said gives the president authority over any communications infrastructure in an emergency, allows the president to shut down, take over or confiscate the equipment of stations.

“The president’s authority under this law is enormously broad,” she said, and she questioned why the administration would propose relying on it without updating it.

Both Reitinger and Chipman said the issue is open for negotiation. “It merits discussion,” Chipman said.

 

NEXT STORY: Bank-robbing ZeuS Trojan returns: Is it just good business?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.