Bill Gives Feds "Emergency" Powers To Secure Civilian Nets

ziani writes "Joe Lieberman wants to give the federal government the power to take over civilian networks' security if there's an 'imminent cyber threat.' From the article: 'Lieberman and Collins' solution is one of the more far-reaching proposals. In the Senators' draft bill, "the President may issue a declaration of an imminent cyber threat to covered critical infrastructure." Once such a declaration is made, the director of a DHS National Center for Cybersecurity and Communications is supposed to "develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure."'"

Uh, no, you can't have my network

[WCMI92]

First off it's private property, and private property rights are covered in the Constitution.

Obama can have my root passwords only from my cold, dead, brain.

Re:Uh, no, you can't have my network

[Kjella]

Well, during normal peace time a lot of things like water pipes, electricity, phone lines etc. basically what you call critical infrastructure is a civilian matter. In a real emergency or military conflict the military can send an engineer corps to fix it, and I doubt any civilian has the authority to stop them. This sounds like something fairly similar for cybersecurity. If they need to plug in some extra cryptoboxes or firewall rules or armed guards at interconnects to secure the network infrastructure, they can and will. I'm just saying that depending on what exactly this means, it might be quite similar to what's already happening for other infrastructure.

Re:Uh, no, you can't have my network

[DJRumpy]

I don't have a problem with this. This is worded in such a way that they can't just quietly come in and take control of the infrastructure. It would require a presidential declaration to start this in motion. Hardly something you can hide. It will also protect the rest of the internet that we control in the event of a cyberattack. I agree with the parent. This is a logical step to secure critical infrastructure in the event of an attack. Not some paranoid bill that will allow big brother to sneak in unaware and monitor/control every aspect of the internet. It is very specific in it's target and implementation trigger.

Re:Uh, no, you can't have my network

[PerformanceDude]

Hmm - let's for a minute imagine that you are the person in charge of an essential utility (say an electrical retailer with the new "smart meters" installed) and you are under attack. You are not coping, your countermeasures are not working. Bit by bit, your network fall under the control of your attacker and people are slowly but surely getting their power turned off.

Lets add to that scenario that it is the middle of winter in one of the northern states, so people are starting to freeze to death.

In that equation, would you still not hand over your root password to safe lives? Just because it is "private property"?

I'm not saying that you are incompentent as a sys-admin - but I'm saying that there may be incompetent sys-admins out there in very critical private companies (in fact - I'm sure there is - at least incompetent when it comes to fighting a competent blackhat).

I'm not sure of the details of this bill - but as in the above scenario I can certainly think of situations where intervention by specialist government experts may be needed for the greater good or to save lives.

Re:Uh, no, you can't have my network

[Pojut]

Obama can have my root passwords only from my cold, dead, brain.

Read the freakin' summary, at the very least. It's Lieberman the Toad that wants to do this, not Obama. (Although, given the chance, Obama likely would...but still, this is about Lieberman.)

Re:Uh, no, you can't have my network

[postbigbang]

Please consider that the bill comes from an anti-civil libertarian, a war 'hawk', and a post-9/11 buddy of the bunch in Congress that gave you the Patriot Act, and so on. Yeah, hurricanes, oil spills, and Internet threats-- perfect candidates for federal government emergency work.

Re:Uh, no, you can't have my network

[erroneus]

You are pretty wrong about that.

First of all, they wouldn't be interested in internal/private networks. They would be interested in the public internet. To that end, nearly all of the pieces of the public internet are privately owned but are granted "right of way" by governing agencies. This "right of way" is how their cables and devices are protected under law. But in order to get this right of way, they have to agree to be governed under certain rules. This is no different from the FCC leasing radio band ranges and then controlling what can be done with them or how they are used. In fact, participation in the public internet comes with rules of its own. Which governing agency is a subject of controversy but you know all about that I'm sure.

Re:Uh, no, you can't have my network

[cosm]

Yes it does. If a man is bleeding to death outside a bandage store, I am perfectly entitled to get the bandages and save the mans life even if he cannot pay or the store is closed.

That is not true. At least from a legal standpoint. If such a thing were true, if a homeless person is starving to death, is he "perfectly entitled" to breaking into a grocery store, even if the store is closed? FUCK NO. Now don't get me wrong, I am not trying to come off as a cold hearted ass, but when you start applying entitlement to situations involving unauthorized acquisition of private goods, drawing the line just cannot be done without legal precedent, so please cite a case in which a person was entitled to another persons goods based on need, and was given right to take those goods without the other persons consent, regardless of extenuating circumstances.

Entitlement will be the death if America. Look at Greece. They felt entitled to everything, were given everything, and it broke them. Look at California. Look anywhere where large amounts of entitlement ran the country for years.

Re:Uh, no, you can't have my network

[Jurily]

It is very specific in it's target and implementation trigger.

You forgot one thing: there's always an "imminent cyberattack", for the same reasons we still have spam.

Basically this gives the president the power to declare computing martial law whenever he feels like it.

Re:Uh, no, you can't have my network

[Borealis]

Do you remember Katrina? Do you really want the feds fucking with your network? It is far more plausible to believe that civilian networks will rebound faster from a cyber attack without federal interference because most civilian networks are run by people who do that sort of thing for a living, with their networks, configured properly for their use. Do you really think some random fed network guy is going to be able to reconfigure your network from afar without prior knowledge of how you have it configured? How will they know your user names? How will they access your backups? How will they know which entries on your administrator list are valid administrators and which ones are planted by cyber attackers?

Re:Uh, no, you can't have my network

[Nimey]

You're not factoring in the irrational hate some people have for Obama.

Re:Uh, no, you can't have my network

[DeadPixels]

It is very specific in it's target and implementation trigger.

Unfortunately, that's not enough to reassure me. How many times have we seen laws "creatively interpreted" to allow someone to do something that might otherwise be considered illegal?

Re:Uh, no, you can't have my network

[Proteus+Child]

I don't have a problem with this. This is worded in such a way that they can't just quietly come in and take control of the infrastructure. It would require a presidential declaration to start this in motion. Hardly something you can hide.

Whether or not the takeover is hidden is not the point. Whether or not they'll give it back is the point.

Re:Uh, no, you can't have my network

[smooth+wombat]

It is far more plausible to believe that civilian networks will rebound faster from a cyber attack without federal interference because most civilian networks are run by people who do that sort of thing for a living,

Agreed. Just look at what a great job the civilian oil industry has done in stopping the flow of oil from the broken well in the Gulf by the people who do that sort of thing for a living when the government hasn't interfered.

I'm not saying you're wrong, just giving a counter-example to the mantra that private companies are better at doing things than the government. Government, on the whole, can martial resources more quickly and get them to where they are needed faster than can civilian institutions. However, that requires that both parties not be at each other's throats during the process. The process should be:

1) Government gets the resources and delivers them to pre-position points
2) Civilian organizations then distribute/use those resources as they know what needs to be done

To use Haiti as an example, it should have been the government, in the form of the military, who got to the airport first, then using engineers, cleared a path from the airport to the city. During that time, basic resources should have been collected and prepared for delivery with civilian organizations working with the government on what aid was really needed.

Once a path was cleared, the resources were delivered along with the civilians who would be distributing the resources, using the paths cleared by the engineers.

This is a very basic overview of what needed to be done, but you get the point. A partnership of government and civilian organizations is what is needed in emergencies. Not one or the other.

Re:Uh, no, you can't have my network

[misexistentialist]

Not only did they not repeal the PATRIOT Act, but Congress easily renewed it and Obama signed it earlier this year. The Senate even exercised its own hypocritical right to privacy by voting anonymously.

Re:Uh, no, you can't have my network

[Shakrai]

And even though the USA is almost totally made their once respected police officers into para-military goons

Blame the War on Drugs for this. Two generations ago the local police were rarely armed with anything heavier than a revolver and the occasional shotgun. Now they have armored vehicles, fully automatic weapons, flashbangs, etc. Mind you, that's because the criminals got more firepower too, but that's also attributable to the War on Drugs. The last time we tried prohibition it started an arms race between the criminals and the police. Too bad we didn't learn any lessons from that experience.

Re:Uh, no, you can't have my network

[DaMattster]

I applaud the efforts of Terry Childs and, yes, he did stop the authorities. It cost him his freedom but he sent a clear message. A law can only be enforced when it is feasible to do so. If everyone en masse stopped paying taxes, the government would be absolutely hamstrung so they count on their populace being divided and thus easily conquered. You cannot have 3/4 of the population in prison! If everyone united against the government in civil (as in non-violent) protest, stopped paying taxes, stopped going to work you would have your force for change. The government is just good at instilling fear in weaker minds. If everyone stopped paying taxes and peacefully demanded the repeal of the Patriot Act, the government would have no choice but to do so like a whipped puppy. India gained independence from Britain because its populace was united. We may never see this again. It is unfortunate because it is non-violent and extremely effective. By being non-violent, Indians gained the support of the world at large making the pressure so intense the British government had no choice but to relinquish a piece of its empire. A scenario like this is terrifying to the US Government.

Re:Uh, no, you can't have my network

[schon]

There is if you are a civil libertarian.

No - we're talking about rational people here.

Re:Uh, no, you can't have my network

[DragonWriter]

The trigger for this bill is also very specific.

That's not at all clear. An actual bill number would let us check the text, all we have in TFA is two characterizations by staffers which disagree, and you've pulled the one favorable to your position and ignored the other:

As to the trigger in this bill, from TFA:

"In order for the President to declare such an emergency, there would have to be knowledge both of a massive network flaw — and information that someone was about to leverage that hole to do massive harm. For example, the recent “Aurora” hack to steal source code from Google, Adobe and other companies wouldn’t have qualified, one Senate staffer noted: “It’d have to be Aurora 2, plus the intel that country X is going to take us down using that vulnerability.”

See, that sounds somewhat narrowly applicable. But if you keep reading the following paragraph in TFA, you'd see another staffer suggesting that something like the Conficker worm might have triggered based on unspecific evidence that "hackers" were looking to "leverage" it in some way (not the kind of specific "country X" kind of requirement the first staffer suggested):

A second staffer suggested that evidence of hackers looking to leverage something like the massive Conficker worm — which infected millions of machines and was seemingly poised in April 2009 to unleash something nefarious — might trigger the bill’s emergency provisions. “You could argue there’s some threat information built in there,” the staffer said.

So, given that the staffers quoted in TFA don't agree -- and, frankly, even if they did -- maybe we shouldn't take the most inoffensive characterization in TFA as being an accurate reflection of the bill.

People complain that politicians lie too much, but you know -- if people didn't just accept the most comforting thing they or their staffers said on faith, maybe they wouldn't keep lying.

Strange name

[miffo.swe]

Strange name for a bill thats made for limiting and controlling the flow of information in case of, well just about anything. War on drugs, immigrants, terrorists, citizens?

If there was any real concern about cyber security, Windows would be outright banned on the spot.

Wager time!

If this passes. (and it will, in some form) I bet we will have a 'threat' within 5 years.

And they just won't give back control of the net.

Hope i'm wrong. but... that doesn't happen often.

Which will be extended to?

[LatencyKills]

And how long before "imminent cyberthreat" is software piracy, child pornography, or any number of other crimes du jour? Thanks but no thanks - we'll take care of our own tubes.

i'm sick of the fallacy of the slippery slope

[circletimessquare]

the slippery slope implies that there is no rational thinking people in the room

its the same argument used by those who stand against gay's right to marry: "if we let gays marry, then people will be marrying sheep! polygamy will be legal too!" bullshit. people understand that homosexual marriage is not bestiality or multiple wives

or howabout: "if they legalize marijuana they will legalize meth and heroin too!" no. meth is not marijuana. heroin is not marijuana. everyone understands the radical differences between these drugs

if you can understand that those who use the bullshit tactic of the slippery slope against gay marriage or marijuana legalization are trafficking in fear and hysteria, then maybe you can see that in your own words, is the exact same fear and hysteria

so, just so you clearly understand... no: a cyberattack is not piracy. a cyberattack is not pedophilia. common sense attempts to secure a network is not going to be confused with efforts against piracy. or pedophilia

really. we all understand the difference. really

people, please: shut up with the bullshit slippery slope arguments. whenever you find yourself arguing in terms of the slippery slope, you have lost your grasp on rationality and reason and are simply fearful, hysterical, and confused. there is no such thing as a slippery slope. repeat: there is no such thing as a slippery slope

Re:i'm sick of the fallacy of the slippery slope

[VShael]

If you can give me ONE example, where a set of laws were introduced (like the Patriot Act) with the promise they wouldn't go down slippery slope, AND THEY KEPT THAT PROMISE, then I'll shut up about the slippery slope.

Okay?

Re:i'm sick of the fallacy of the slippery slope

[CrimsonAvenger]

the slippery slope implies that there is no rational thinking people in the room

And the "there is no slippery slope" argument implies that everyone in the room shares your opinions on everything that matters.

Note that we're talking about government here. The government's objectives at any given time are not necessarily the same as your objectives. They're not even necessarily similar to your objectives.

Do remember all the screaming about the PATRIOT Act. And then look back over the last eight years and see how much of that has actually happened...

As to the question of legalizing Gay Marriage...personally, I'm pretty much indifferent to the question, but I hate to break it to you, but the arguments used to justify gay marriage work quite well to justify polygamy/polyandry/polygyny. If I were a Mormon, I'd already be planning my ad campaign for the 2020 election season....

Re:i'm sick of the fallacy of the slippery slope

[WCMI92]

I am a conservative who opposed (and still opposes) the PATRIOT act just for this reason. I am against giving the government ANY additional power or control over citizens. Especially ones with such huge possibility for misuse. I didn't want Bush to have the PATRIOT act because I knew that someday there'd be someone like Obama come along to also use it. What has this guy taken over so far? 2/3rds of the US auto industry, the entire banking industry, and now the healthcare system. Yeah, do we want to allow them to take over the private network infrastructure too?

They can't even get unemployment back under 9%.

History has proven that whenever you give government power that CAN be abused, it WILL be abused.

Re:i'm sick of the fallacy of the slippery slope

[Overzeetop]

You do realize that propping up those industries likely prevented a 1930s style collapse? And that the safeguards which were removed (and safeguards which were not put into place) occurred during the 14 years that the Republicans controlled both houses of congress? And that it was President Bush who bought out the banking industry?

The problem with this particular law is that we don't need it. The president has this power in the event of an immanent attack or war anyway. IMHO, this is posturing - and counterproductive.

Re:i'm sick of the fallacy of the slippery slope

[FreeUser]

What are you, some sort of Democratic partisan? The repeal of Glass-Steagall was signed into law by Bill Clinton.

What are you, a Republican partisan? A republican controlled congress introduced the legislation and passed it with a veto-proof majority. Of course Clinton signed the bill. To do otherwise was to ensure he suffered a humiliating veto, and paint him as the odd-one out in a time when most powerful lobbies, media organisations, and parties were hell-bent on deregulating everything.

That said, I blame the democrats just us much. Not for the current crisis, which was by and large a natural consequence of conservative "deregulate everything and let the market decide" thinking, but for not having the backbone to oppose this shit on principle even when it was in vogue, and for not pointing the finger more loudly at those responsible: Republicans and so-called "blue dog" democrats that have spent the last 20 years dismantling the regulatory structures put into place after the last depression, which were largely responsible for the economic stability we enjoyed throughout most of the 20th century, and for doing so in the wake of the Savings and Loan scandals which had already amply demonstrated exactly why the banking industry shouldn't be deregulated in this way.

There's plenty of bad governance on all sides, but this economic collapse was a direct result of the policies that stemmed from right-wing "get the government out of business" knee-jerk deregulation, of which the republican repeal of Glass-Steagall (with the "bipartisan" help of conservative blue-dog democrats-only-in-name and a centrist democratic president who, frankly, behaved more like a republican than most republicans after his health-care reform failed) was but one part of the problem.

And please don't start claiming this was driven by liberal requirements for fair-lending practices...there was never a mandate to lend to people who couldn't pay back their loans. That particular Republican talking point has been debunked more times than anyone can count. CDSes and exotics required debt to be underwritten, and it was pure profit motive for more debt, to sell more exotics, to line the pockets of greedy inside-traders with more money, that required more lending, far and away beyond anything required or encouraged by the US government. This was deregulated markets in action, "greed is good" in an environment of historically low interset rates kept low for political purposes by the Bush administration, leading to a very natural and predictable result.

Bill?

[RivenAleem]

Who is Bill, and how can he give this kind of power to the Feds?

Can't see the forest for the trees.

[B5_geek]

Umm, excuse me Government there is a secret I think you should know:

If your 'Critical infrastructure' is connected to a PUBLICLY accessible Internet, then you are doing something wrong.

Get some pepto.

[AnonymousClown]

ts the same argument used by those who stand against gay's right to marry: "if we let gays marry, then people will be marrying sheep! polygamy will be legal too!" bullshit. people understand that homosexual marriage is not bestiality or multiple wives

I had no problem with folks wanting to marry a sheep, cat, goat, or whatever - what they do behind closed doesn't affect me or my liberties.

the slippery slope implies that there is no rational thinking people in the room

It's no the people in the room I'm concerned about. It's the people making policy.

Border patrol. They are there to secure our borders from illegal immigrants and protect the borders from invaders, but yet, they're searching citizen's laptops for child porn. What has child porn have to do with securing our borders? Or drugs for that matter. A citizen sniffing a line of coke won't jeopardize our security or our freedom, but yet, the increased powers of the border guards has limited some of our freedom - Fourth Amendment.

Gun laws are on this continuous pendulum of restriction and liberation but the net effect over time has been more restrictions on law abiding citizens and our Second Amendment right is withering away . In the meantime, the criminals are shooting away without restriction.

Tax laws - IRS - the Mother of all slipper slopes. The income tax was put in place to pay for a war that has long been over and paid off and yet, the laws become ever more complex and violate our rights more every year.

No. The slippery slope argument exists because it's true. Sure there is a bit a hyperbole occasionally but it doesn't make it not true.

This is not about the power to "turn off the net"

[jonwil]

From reading TFA, this is about the government needing the power to take over critical infrastructure in the advent of a threat to Americas national security. So for example this allows them to take over control of (and security of) electronic control networks running things like the electricity grid if the spooks get wind of an immanent cyber attack.

Just like the feds used their power to shut down US airspace after 9/11, the feds need the power to take over, disconnect, shut down, secure or control computer systems and networks controlling critical infrastructure in the advent of a "Cyber 9/11" attack (a threat that is not just the stuff of movies like Die Hard 4.0)

Per the proposal, "Critical Infrastructure" does NOT mean Google or Facebook or Slashdot or whatever, it means things like power grids, gas plants, water systems, hospitals, emergency services, oil refineries etc.