Obama Administration Seeks Legislation Transferring Partial Control of the Internet to the White House
ByCNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they’re at risk of a cyber-attack, “critical” computer networks from the Internet. To read more, about the proposed legislation, which effectively transfers authority in this area from the Department of Homeland Security to the White House, click here.
The legislation hasn’t even been introduced, yet, but we’d like to comment on the early rumors. It is true that the threat of attacks from cyber-terrorists and Chinese operatives is real and a concern for cyber-security is warranted, but this legislation threatens federal interference with the internet without doing anything to improve the security situation. The FBI has been transformed in the last few years to handle cyber-threats increasingly well and it would be unfortunate if this confuses or undermines that effort. On the liberty front, patriots everywhere should be concerned that this legislation may require political opponents and disfavored industries to face lost sales and debilitating net blackouts if uncooperative with Chairman O. On the political front, Republicans should be concerned that this is one more piece of legislation requiring otherwise libertarian tech giants in Silicone Valley and throughout the tech coast to snuggle up with the White House to avoid adverse regulation. There are potentially tens or hundreds of millions of dollars in contributions from potential political players in the Silican Valley and throughout the tech coast which Obama will try to capture for the Left during his first four years. Some players in the IT industry are hardly innocent in its efforts to leverage the strength of government in the industries internal battles, but further corrupting the industry by opening the door to further government involvement is not the kind of change America was demanding on November 8th.
As draft language is slowly leaked, we’ll learn more, but in the meantime, even some of the minor provisions in the legislation seem counter-productive or unnecessary. For instance, CNET reports:
“The bill may also subject both government and private sector networks to cybersecurity standards established by the National Institute of Standards and Technology. It may also provide for a professional licensing and certification program for cybersecurity professionals.”
We understand that the purported intention is to increase security, but one of the textbook problems with government-mandated standards is that they slow innovation by channeling energy and resources into compliance rather than innovation. The incentive to develop a better way is significantly reduced if the better way cannot be marketed, sold, or utilized because it is non-compliant with regulations. And let’s be clear, the process of rulemaking and top-down policy formulation is dominated by lobbyists, opportunists, and talentless bureaucrats of the worst degree. People who couldn’t engineer their way around a Radio Shack electronic hobbyist starter kit propose and push for whatever trendy buzzword solution they think will make them sound more competent to their colleagues. Once the worthless standards are adopted, it will take significant time, money, and influence to modify or amend them.
Another problem with top-down mandatory standardization is that it can mandate weakness throughout making the threat of exploitation systemic. Standardization can’t, and therefore doesn’t, acknowledge and consider unintended and unforeseen consequences… and in an arena that moves as fast as internet security, the potential to adequately plan for unexpected contingencies is impossible for any committee not gifted with a crystal ball and the ability to tell the future. That’s true no matter how bright or well-intentioned the committee or charismatic the President.
The private sector has done a remarkable job of searching for solutions that work and continues to develop and participate in private standards organizations. We think the private certifications community and individual “cert” programs by folks at CompTIA, CISCO, and EC-Council have been a great way to build a skilled IT workforce and has helped keep the security industry competitive. What great need is there for the government to enter into the cert marketplace and push these successful players out? Is this certification just for prospective government contractors or any computer nerd looking to trade his skill for a little lunch money? Is this just another tax on employment and when will these regulatory taxes stop?
The internet is one of the last vestiges of free society and defenders of free minds and free markets should read any such legislation with a careful and criticial eye.
