Update: Legislation to Federalize Internet Security and Give Obama a Powerful Internet Czar May be Revealed Today
ByThis morning the Washington Post reported on the federalization of internet security and the creation of a white house cyber-security czar.
There’s not much new in the report, except that (1) the bill may be revealed today and (2) the bill’s proponents are putting forth a new rationale for the beauracratization of internet security standards: the threat that hackers, domestic or international, could seize control of utilities and traffic lights, a la the most recent Die Hard movie, if the federal government doesn’t decide what the best security standards are and mandate those standards.
(Our suspicion is that the protection of infrastructure rationale is getting steam not from the belief that there is a security crisis involving traditional utilities, but from reports that much of the Smart Grid technology the Democratic Congress voted to subsidize in the stimulus package is extremely vulnerable to attack. We support attractive upgrades to utility infrastructure like some of the features we hear discussed in Smart Grid reports, but only when the technology has matured to warrant investment; taxpayers shouldn’t pay for risky beta-testing and then have to pay to replace the system during the next stimulus. If utilities weren’t getting a federal taxpayer handout to make this a go, they’d wait and demand more from the technology developers.)
In one of our previous posts, we pointed out that we believe that efforts to federalize internet security is a bad idea because:
1. Government rule-making will be far too slow to ensure that the most innovative and effective strategies are adopted. By the time the government sets a security standard, you’ll see CBTs for the kiddies on how to penetrate and hack it to embarrassment.
2. Any government standards organization is likely to consist of public servants with good intentions and even better career ambitions, but without the real world experience of participants in the open, voluntary standards organizations they will be effectively replacing.
3. Government control will likely discourage out-of-the-box discursive thinking approaches to solving security issues. This is because security companies are not likely to encourage development of approaches that don’t meet the first criteria of marketability under a federalized scheme: consistency with the government-mandated regulation.
We also believe that creating an office in the White House with the power to shut down private networks invites political shenanigans, retaliation, and wrongdoing. We acknowledge that cyber-security is critically important and we think the military and law enforcement must be given the resources and the mandates to ramp up their response, but we think everyone should look very hard at how best to defend the net and find the best solution rather than merely accepting a solution Obama pushed on the campaign trail.
On that note, we’d like to appeal to good government liberals to look over the draft legislation when it is released and offer critical insight. We don’t agree with you on the proper role of government, but we don’t think we disagree about the threat misguided centralized government can pose to the internet. We know that not everyone who voted for Obama wanted to give him a blank check and a dictator’s throne. Throw away the Kool-Aid and join us in our efforts to keep the Internet free! (We’ll just have to agree to disagree on the rest of the country…)
** UPDATED at 10:25 **
According to the Senate Committee on Commerce, Science, and Transportation this legislation was introduced today. We’ve attached a .pdf of the official summary from the Committee site. When the bill is given a number and the full text becomes available via Thomas, we’ll post here.**
