The "Kill Switch" is not the only issue with this bill. "Liability of companies" is another issue; as in, they won't be liable for damages depending on circumstances {See CBO report linked below} and they'll be required to share information {See 'shared information' section below}.
The
Protecting Cyberspace as a National Asset Act (PCNAA) is not yet dead.
It has been "Ordered to be reported with an amendment in the nature of a substitute favorably." I found a description of what that phrase means:
<snip>
This substitute is actually drafted in the form of an amendment to the original that reads “strike all after the enacting clause and insert the following”, i.e. it’s an amendment that says start over with this.
<snip>
As for the term favorably , this means that a majority of the members of a committee support the bill beinig reported.
details at this linkIn the interim, it was sent to the Congressional Budget Office. Link
to .pdf of CBO report.
<snip>
The bill would, under certain circumstances, indemnify owners of critical infrastructure
who implement emergency-response plans required by the federal government.
<snip>
S. 3480 would impose intergovernmental and private-sector mandates, as defined in the
Unfunded Mandates Reform Act (UMRA), on owners and operators of information
systems designated as critical infrastructure by DHS. Owners and operators of such
systems would have to comply with new security standards and procedures. The bill also
would impose a mandate by limiting the damages that users of critical infrastructure can
seek from owners and operators of such systems for incidents related to cyber risks.
{much more at
link}
A
House version was introduced in June and there is a
http://techinsider.nextgov.com/2010/11/house_dhs_cyber_bill_unveiled.php">November 17, 2010 report of legislation introduced by House Democrats to
"expand the Homeland Security Department's cybersecurity powers".Quotes from
June article reporting on the Senate legislation:
<snip>
Any private company reliant on "the Internet, the telephone system, or any other component of the U.S. 'information infrastructure'" would be "subject to command" by the NCCC, and some would be required to engage in "information sharing" with the agency, says CBS4. {See definition of 'National Information Infrastructure below}
<snip>
{Joe} Lieberman recently defended the PCNAA, arguing that it was imperative the president had the ability to "say to an electric company or to say to Verizon, in the national interest, 'There's an attack about to come, and I hereby order you to put a patch on this, or put your network down on this part, or stop accepting any incoming from country A.'"
He added that the bill is necessary for it would reduce the liability of companies that may need to resort to extreme measures in an emergency situation. Companies might have to "do things in a normal business sense you'd be hesitant to do but national security requires you to do," Lieberman explained, adding "We protect them from that because the action the government is ordering them to take is in national security or economic interest." {emphasis added}
Another article
from June notes:
<snip>
"It's been frustrating to read some of the misrepresentations of our bill in the cybersphere," {Senator Susan} Collins said, arguing the new bill actually circumscribes the president's existing authority and puts controls on its use. "I believe the substitute amendment we're offering strengthens those protections even more."
As we wrote here, the bill would also see the creation of a new agency within the Department of Homeland Security, the National Center for Cybersecurity and Communications (NCCC). Any private company reliant on "the Internet, the telephone system, or any other component of the U.S. 'information infrastructure'" would be "subject to command" by the NCCC, and some would be required to engage in "information sharing" with the agency, says CBS4.
NOTE: from
text of bill:
NATIONAL INFORMATION INFRASTRUCTURE - The term `national information infrastructure' means information infrastructure--
(A)
.....(i) that is owned, operated, or controlled within or from the United States; or
.....(ii) if located outside the United States, the disruption of which could result in national or regional catastrophic damage in the United States; and
(B) that is not owned, operated, controlled, or licensed for use by a Federal agency.{Federal information infrastructure is defined elsewhere}
Additional definitions found in the text:
the term ‘
information sharing and analysis center’ means a self-governed forum whose members work together within a specific sector of critical infrastructure to identify, analyze, and share with other members and the Federal Government critical information relating to threats, vulnerabilities, or incidents to the security and resiliency of the critical infrastructure that comprises the specific sector;
<snip>
‘(vii) any non-Federal entity, including, where appropriate, information sharing and analysis centers, identified by the Director, with the concurrence of the owner or operator of that entity and consistent with applicable law;
‘(D) work with the entities described in subparagraph (C) to establish policies and procedures that enable information sharing between and among the entities;
<snip to
more at link>
Did you know that during various "Inquisitions" in the Middle Ages, the Catholic Church worked in concert with the secular government when putting accused witches to "The Question." Yes. It seems torture was a "sin" but sending accused witches to friendly-to-the-Church authorities so that
they could "Put the Question," wasn't a sin.
The government might have to watch out for our civil liberties, but as we already seen, when businesses and corporations trounce all over them, hey, "It's just business" and the government has
plausible deniability.
This will be one to watch.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
