That is the name of the bill introduced this week by Senators Lieberman, Collins, and Carper, giving broad powers to the executive branch to control the Internet in case of certain emergencies. It is an important bill and it’s going to excite a lot of discussion about how much we need, and how much we fear, government control of the Internet.
The worries have been growing. A year ago a similar bill was introduced by Jay Rockefeller of WV. Richard Clarke’s Cyberwar is #1605 on Amazon as I write this post. We all know the damage that teenagers and criminals can do — imagine what an organized cyber-attack orchestrated by our enemies could accomplish.
As the worries have been growing, so has the skepticism. There was a terrific Intelligence Squared debate a couple of weeks ago about whether the “cyberwar” risks had been exaggerated. Mike McConnell of Booz Allen Hamilton, and former director of the NSA, argued that the risks had not been exaggerated, and he was joined by Jonathan Zittrain. Arguing the other side were privacy expert Marc Rotenberg and computer security expert Bruce Schneier. Shneier listed some of the purple language that had been used to describe the attacks that are occurring already — 9/11, Pearl Harbor, etc. — and noted that we in the U.S. love to use war language for describing things that are not wars but crimes, almost as much as we hate labeling as wars things that really are wars, our decade-old undeclared wars abroad. McConnell acknowledged that “war” is a metaphor, but so was “Cold War,” and no one doubts that the risk was real and that we won.
But it was Rotenberg who drilled down on the underlying problem with the rhetoric, which is not the semantic question of metaphors and language, but that purple language has repeatedly been used by the government in the past to argue for sweeping technological controls that undermine personal liberties. Rotenberg referred to the demands (recounted in Chapter 5) for government control of encryption technology, key escrow requirements, and the proposed requirement for the Clipper Chip). None of these supposedly essential measures wound up being approved, Rotenberg notes, and here are our friends from NSA back to help us again. McConnell responded that there was no danger to civil liberties — you just have to get the laws right and then unwarranted government surveillance would be illegal. Mark exploded that mere illegality had not stopped warrantless wiretapping under the Bush administration. McConnell promised to return to the issue if asked to, but it never happened.
I do think that exchange was at the crux of the issue. If you could trust the government, we wouldn’t worry about government monitoring what we are doing. But the whole Constitution is premised on the fact that we can’t trust the government always to do the right thing. Even reasonable-sounding laws are written with vague edges — especially laws about technology, which are drafted to cover innovations that haven’t happened yet. Prosecutors and other government officials, confronted with people they don’t like and a law with elastic edges, will stretch the law to cover the situation, and such cases often don’t even come to trial because the defendant pleads to a lesser charge rather than risk the judgment of the court on whether a harsh law is being stretched too far. (See Harvey Silverglate’s gripping and scary Three Felonies a Day.)
The Lieberman-Collins proposal allows the President to declare a “national cyber emergency” (the term is defined, but based on the examples in Clarke’s book and McConnell’s debate remarks, the NSA would probably argue that we have been in one several times, perhaps continuously). A new bureaucracy, the National Center for Cybersecurity and Communications, would reside within Homeland Security and would be charged with developing plans for responding to emergencies and seeing that they are implemented. CNET’s Declan McCullagh described the legislation as creating an Internet “kill switch,” separating problematic servers from the Net by government edict. Lieberman’s spokespeople were offended, saying that the legislation actually restricted authority the president already had under the 1934 Telecommunications Act.
The devil will be in the details.
Missing in the immediate reaction is the answer to a question raised by Chris Soghoian in the Intelligence Squared debate. None of this would be as much of a problem if our computer software wasn’t buggy. If Microsoft’s operating system were not so vulnerable to attack, the risks to the nation of being attacked would be a lot less. Is anyone in Washington thinking about requiring Internet security at that level–with some significant financial penalties for violators?