information technology

Introduced last summer, a bill affording President Obama executive power over private Internet companies in the event of a “national cyberemergency” is returning this year, albeit with a few tweaks. The CBS News article, “Renewed Push to Give Obama an Internet ‘Kill Switch,‘” insists that the bill should not cause Internet companies any alarm, citing government promises to limit the bill’s use to “crucial components of national infrastructure.” We must question, then, why it is the case that these promises aren’t built into the bill.

The revised version includes new language saying that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review.” Another addition expanded the definition of critical infrastructure to include “provider of information technology,” and a third authorized the submission of “classified” reports on security vulnerabilities.

For the layperson, information technology is “the use of technologies from computing, electronics, and telecommunications to process and distribute information in digital and other forms.” If it seems as though “provider of information technology” is applicable to literally any website you’ve ever been on, that’s because it is. And if the comprehensiveness of the list of those sites potentially subject to government intervention wasn’t enough, the legislation also includes clauses for government secrecy and unaccountability; that judicial review has gone by the wayside serves as a clear indication that this legislation is intended to envelop the private sector.

But last month’s rewrite that bans courts from reviewing executive branch decrees has given companies new reason to worry. “Judicial review is our main concern,” said Steve DelBianco, director of the NetChoice coalition, which includes eBay, Oracle, Verisign, and Yahoo as members. “A designation of critical information infrastructure brings with it huge obligations for upgrades and compliance.”

In some cases, DelBianco said, a company may have a “good-faith disagreement” with the government’s ruling and would want to seek court review. “The country we’re seeking to protect is a country that respects the right of any individual to have their day in court,” he said. “Yet this bill would deny that day in court to the owner of infrastructure.”

The government practice of ignoring private-sector rights is certainly common enough; it’s when one branch of government is liberated of any checks whatsoever, including those of other branches of government, that Americans have an even greater cause for concern. This is especially true when our patronizing representatives are considerably less-qualified, good intentions and all, to understand the ins-and-outs of Internet security than are major Internet corporations.

Other industry representatives say it’s not clear that lawyers and policy analysts who will inhabit Homeland Security’s 4.5 million square-foot headquarters in the southeast corner of the District of Columbia have the expertise to improve the security of servers and networks operated by companies like AT&T, Verizon, Microsoft, and Google. American companies already spend billions of dollars on computer security a year.

The article highlights the following restrictions, strapped across an otherwise a limitless pool of sites subject to executive overhaul:

Under the revised legislation, the definition of critical infrastructure has been tightened. DHS is only supposed to place a computer system (including a server, Web site, router, and so on) on the list if it meets three requirements. First, the disruption of the system could cause “severe economic consequences” or worse. Second, that the system “is a component of the national information infrastructure.” Third, that the “national information infrastructure is essential to the reliable operation of the system.”

That the definition has been meaningfully “tightened,” however, remains to be seen. A closer look at these requirements reveals as much:

1) The first requirement only stipulates that the disruption of the site might impact the economy (the word “severe” is open to unchecked executive interpretation, so we ought to disregard it altogether). Ironically, government intervention to a given website in a time of crisis is likely to involve shutting the site down (leading critics of the legislation to label it a government “kill switch”) — this most certainly qualifies as a “disruption.”

2) The Department of Defense defines the national information infrastructure (NII) as:

The nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. The national information infrastructure encompasses a wide range of equipment, including cameras, scanners, keyboards, facsimile machines, computers, switches, compact disks, video and audio tape, cable, wire, satellites, fiber-optic transmission lines, networks of all types, televisions, monitors, printers, and much more. …

A good rule of thumb: when your personal keyboard qualifies for the NII, then so does the technology being used to generate a website.

3) Combined with (2), the final requirement only necessitates that the website be in some way dependant on technology within the United States to operate (it doesn’t even require that the site be based in the U.S.).

How wide a net does this legislation cast? A website should be concerned if it meets the following criteria: it’s big, and it utilizes some technology in the U.S. (one or two websites come to mind). The article does, however, leave us with these words of comfort:

For their part, [bill sponsors] Lieberman and Collins say the president already has “nearly unchecked authority” to control Internet companies.

It’s unclear why the author bothered to qualify his statement with “nearly,” though the message itself is as clear as crystal: private Internet companies exist under the government’s thumb, and they can’t do anything about it.