Monday, January 30, 2012

The Newest Internet Law to Worry About (Updated: Don't Worry) [Internet]

Source: http://gizmodo.com/5880499/the-newest-internet-law-to-worry-about-updated-relax

The Newest Internet Law to Worry About (Updated: Don't Worry)Following in the proud, wide, footsteps of SOPA and PIPA, the Senate is set to vote on another internet regulation bill this week—and the web is worrying already. Justified? Maybe. Unfortunately, the public isn't allowed to read it.

The Hill reports that the bill deals with private networks—say, Amazon's S3 or Apple's iCloud—in the event that they're compromised or under attack. Some in private IT security are fretting:

Bob Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks said the bill's language suggests DHS could seize control of systems owned by private firms and cloud providers.

"The provision that establishes covered critical infrastructure presumes to give DHS new authority, that in my mind is overly broad, subject to interpretation and frankly goes beyond the boundaries of the role of government," Dix said, calling some of the new authorities "very scary."

Homeland Security "seizing" parts of the internet sure does sound scary, but then again, people like Dix have a deep financial interest in legislation like this—the government doing his job for him means lost dollars. He doesn't want to be boxed out.

But for those of us without a moneyed stake in this, should we care? Of course. Congress has already displayed a historically slippery grasp on tech issues, and the willingness to clamp down online via dubious due process. And of course, any bill kept hidden from the public is a giant, waving red flag—legislation should never be in the shade.

I hit up Sen. Joe Lieberman's office—Chairman of the Senate Committee on Homeland Security—to answer some questions about how the bill works, but have yet to hear back. Sometime before the Senate votes on it would be ideal. [The Hill]

Photo via AP

Update: Leslie Phillips, Communications Director for the Senate Homeland Security and Governmental Affairs Committee, hit me up with some clarification. Basically, The Hill's reporting on the bill is overblown at best:

The only private networks that could be effected by this bill are the networks of the most critical infrastructure – the energy grid, the financial sector, water treatment systems for example – which, if attacked could cause mass death and catastrophic economic damage. Those networks are protected in numerous ways, as you will see from the attached documents.

Owners and operators of the most critical infrastructure would partner with dhs throughout the entire process of improving their security : they will participate with dhs in conducting risk assessments; they can appeal their designation as covered critical infrastructure; they will participate in the review and development of security standards and best practices; they will have a say in setting performance standards; they will be able to chose the security measures they want to implement; they are NOT required to have third parties assess their security plans and the federal government will have no super authority to step in and direct a network's security regime.

So no, the bill (which isn't even being voted on this week, as previously reported) won't grant governmental power to seize control of anything. All it asks is that, say, the companies responsible for maintaining America's electrical grid keep their house in order and Chinese hackers out. How they choose to do so is up to them. Read on for yourself below.

CCI Section 1-27-12 Version FINAL Clean