Act to Strengthen Cybersecurity Actually Threatens Business and Freedoms

Sometimes it’s hard to know whether Congress does the things it does to protect us or to make it appear that they are protecting us while actually doing nothing or, worse, hurting us. Given this lack of clarity, it is no small wonder that these legislators consistently garner abysmal approval ratings from the American public.

The latest bit of foolishness circulating in the Senate is the Cybersecurity Act of 2009. Introduced in April 2009, this bill is “designed to address our nation's vulnerabilities to cyber crime, global cyber espionage, and cyber attacks,” according to OpenCongress.org. “It would establish a new Cybersecurity Advisory Panel within the White House and streamline the cybersecurity effort through all levels of government.”

Sounds good so far, but wait, there’s more. OpenCongress.org notes that the bill also “calls on the Department of Commerce to establish and maintain a clearinghouse on information related to cybersecurity threat and vulnerability information to public and private infrastructure deemed ‘critical’ by the President. The Secretary of Commerce would be given access to this information ‘without regard to any provision of law, regulation, rule, or policy restricting such access’ (italics mine).”

The bill would give the President new authority to “declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network." The bill does not, however, define what constitutes an emergency, leaving it to the judgment of the President and/or the Secretary of Commerce.

In other words, the President or Secretary would have the authority to partially or totally shut down the Internet, and no law or judge or senator or congressperson could stop them. Does this still sound like a good idea, or is it abuse of power waiting to happen?

Now I make no secret of the fact that I believe the Obama administration has been a naïve, grossly ineffective and morally compromised enterprise, but I really don’t want ANY President—Washington, Jefferson, Lincoln, Roosevelt, Reagan, Bush (either one)—to have that kind of power over the very engines of our commerce. Needless to say, we don’t want to give that much clout to some politically appointed bureaucrat either. Just picture a scenario under which one of these legislatively enabled demigods decides to whack the insurance industry because someone paid too many bonuses to executives. Too extreme? Well, maybe they could just cripple insurance commerce for certain companies who didn’t fork over the proper political donations.

The point is that we can’t trust absolute power not to corrupt absolutely. Further, there is really no need to give the federal government—not exactly the poster child for running effective businesses—the unrestrained right to turn the faucets of commerce on and off for any reason they deem proper. If there really is a national cybersecurity emergency, we can all figure out that law enforcement—still working within our system of checks and balances—may have to become involved and may even have to take draconian measures to halt damage.

Most of us would have no problem with legislation that would provide funding for cybersecurity research, and the best defenses for federal systems. That’s what this bill really needs to be about. To simply create a pair of cyber-dictators and think that this will solve our problems is scary in a way that shouldn’t even enter the American consciousness.

From here this looks like a needless and shameless power grab on the part of politicians whose appetite for power knows no limits. This bill as it stands is a danger to commerce, to a healthy business climate, and even to public privacy (Big Brother really will be watching you). It must be radically changed, or soundly defeated.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

For reprint and licensing requests for this article, click here.
Security risk Policy adminstration Data security
MORE FROM DIGITAL INSURANCE