The blogosphere is alight with discussion over section 18 “Cybersecurity responsibilities and authority” of the draft Cybersecurity Act 2009. The key phrase that has multiple organizations in a dither is located on page 44 and states “…The President… (2) may declare a cybersecurity (sic) emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure system or network.” This leads some political pundits to speculate on the government intentions for a variety of reasons. There are however some key questions.
Does the President already have the authority to terminate Internet connectivity to government systems? The answer to this is an unequivocal maybe. Government as a traditional definition refers to all political levels from local through state on the way to federal. The President of the United States can easily shut down all federal systems by direction but The Tenth Amendment and various other legal protections would stop him from shutting down state systems by decree.
However, there are a variety of laws and regulations that localities receiving federal funds must abide by. As such the variety and panoply of rules, regulations, and laws that different levels of government must follow is beyond the scope of this simple blog post. There is a high likelihood that the President of The United States could in fact order and successfully shut down local and state government systems should he desire.
Does the President already have the authority to terminate Internet connectivity to critical infrastructure systems? Yes. The Homeland Security Act gave the President of the United States the power to take wide-ranging actions in protection of critical infrastructures. Codified in Presidential Decision Directive 63 (1998), Executive Order 13228 (2001), Executive Order 13231 (2001), Homeland Security Presidential Directive 7 (2003), The National Infrastructure Plan (2006), and I am sure even more laws. The new Cybersecurity Act 2009 does not give any more power to the President than he already has.
Though it could be argued that many of the laws refer to “advisory” or in “consult” with industry or private corporations there is a final reason why the President would have the power. The Federal Communication Commission can by whim shut down, or cause to cease functioning, any telecommunications device by law. I am not a lawyer and I am sure there are legal remedies to stop the Federal Communications Commission from acting I at this time will not delve into them.
With conspiracy theorists concerned that a willful abrogation of personal liberty and capability to communicate could be nullified by Presidential decree. With telecommunication and business advocates riled by the intrusion on commerce and possibility of extraordinary policing of the telecommunication infrastructure. There is a justified sense of distrust in the far and wide-ranging unitary executive powers held by the President of the United States.
I would make the case that these powers and the threat of their use has existed for at least the past three presidents and was rapidly escalated in the previous administration. The current administration is simply enjoying the spoils of poor oversight and a congress with a short vision horizon. The secondary and tertiary effects of policy were never considered in previous years. That does not make this particular act any less onerous with the language it includes, but it is not giving anything that already did not already exist.
1 comment for “Cybersecurity Act of 2009: A-tisket a-tasket all our eggs in one basket”