Senator Susan Collins (R-ME) says she plans to re-introduce legislation
that would grant the President broad authority over swaths of Internet
infrastructure to confront a “cyber emergency.” The re-emergence of
this legislation, coinciding with the five-day Internet blackout across
Egypt, has come under criticism this week.
Egypt’s Internet shutdown has raised concerns about that happening in
the U.S. more easily if the “Protecting Cyberspace as a National Asset
Act” is enacted. Some say the legislation gives our government an
“Internet kill switch,” but the bills’ backers dispute
CCIA has repeatedly pointed out hat the Internet is an unmatched tool for free expression, communications, access to information, and economic growth. Unfortunately, governments such as Egypt and those in approximately 40 other nations have employed tools to censor, filter, and block Internet content and communications.
When governments censor the Internet, whether it is for political, economic, or other reasons, the net impact is that free expression is stifled and the economic consequences are severe. The Organization for Economic Cooperation and Development reported that Egypt’s blocking Internet services cost the country an estimated $90 million, and would have been greater if not for the country’s low Internet penetration.
CCIA has repeatedly called for U.S. engagement to confront Internet censorship in testimony before Congressional committees. Last year we praised Secretary of State Clinton’s speech calling for Internet freedom to be a diplomatic priority for the United States. However, as we advocate for freedom abroad, we will have little credibility if we don’t set an example for that freedom with our own policies.
Unfortunately, the “Protecting Cyberspace as a National Asset Act” is a step against these broader diplomatic, human rights and trade goals. This legislation would empower the President to declare when there is a cyber emergency, designate which entities are “critical infrastructure”, and demand those entities to comply with government emergency actions. Supporters point to the fact that this power is narrower than those already authorized by Section 706 of the Federal Communications Act; however, this legislation does nothing to curb the President’s Section 706 authority. If that is the case, the portions of the legislation that have been dubbed an “Internet kill switch” are at best redundant.
As CCIA has noted in the context of the ongoing debate over another problematic bill, the expansion of the Communications Assistance for Law Enforcement Act (CALEA), mandates on providers of Internet infrastructure are threats to Internet freedom. Also, building in capabilities to effectively allow the President to shut down or overtake critical Internet infrastructure is actually likely to make that critical infrastructure less secure. Backdoors, override functions, and the like create built-in vulnerabilities that hackers and others can take advantage of.
Like Senators Collins, CCIA believes that cybersecurity is a pressing national issue that needs to be addressed by legislation that sets out a comprehensive strategic approach that will allow the government to adeptly respond to cyber attacks and safeguard the American people. Creating a National Center for Cybersecurity Communications (NCCC) to advise the President on cybersecurity issues is a reasonable step in accomplishing this goal.
However, the authority provided under the bill to order private operators of Internet infrastructure to comply with Presidential directives goes too far. This authority would not be contingent on Congressional approval, nor would it be subject to judicial review. Additionally, the language of the legislation is ambiguous and leaves far too much power to the President to decide when and on whom to extend the reach of the law.
Arguments that this law would enable an Egypt-like government shutdown of the Internet are overblown. The bill specifically forbids the government from shutting down the Internet to silence political dissent. But CCIA is concerned other governments may not strive for that goal when they copy this policy and this unchecked power opens the door for future abuse by governments, or other international bodies trying to control the Internet. Legislators should think of their responsibility to set an example for other nations on Internet freedom and re-think the unchecked authority this legislation allows. They should create a comprehensive cybersecurity policy that both protects vital American interests and remains consistent with the principals and ideals put forth in Secretary Clinton’s speech on global Internet freedom.