Bill giving president power over Internet in cyber emergency to return

emergency power. On the other hand, as Lieberman and Collins have highlighted before, some companies, including Microsoft, Verizon, and EMC Corporation, have said positive things about the initial version of the bill.

Last month’s rewrite that bans courts from reviewing executive branch decrees has given companies new reason to worry, however. “Judicial review is our main concern,” said Steve DelBianco, director of the NetChoice coalition, which includes eBay, Oracle, Verisign, and Yahoo as members. “A designation of critical information infrastructure brings with it huge obligations for upgrades and compliance.”

In some cases, DelBianco said, a company may have a “good-faith disagreement” with the government’s ruling and would want to seek court review.

“The country we’re seeking to protect is a country that respects the right of any individual to have their day in court,” he said. “Yet this bill would deny that day in court to the owner of infrastructure.”

Other industry representatives say it is not clear that lawyers and policy analysts who will inhabit Homeland Security’s 4.5 million square-foot headquarters in the southeast corner of the District of Columbia have the expertise to improve the security of servers and networks operated by companies like AT&T, Verizon, Microsoft, and Google. American companies already spend billions of dollars on computer security a year.

CNET News writes that the revised Lieberman-Collins bill, dubbed the Protecting Cyberspace as a National Asset Act, works this way: Homeland Security will “establish and maintain a list of systems or assets that constitute covered critical infrastructure” and that will be subject to emergency decrees (the term “kill switch” does not appear in the legislation).

Under the revised legislation, the definition of critical infrastructure has been tightened. DHS is only supposed to place a computer system (including a server, Web site, router, and so on) on the list if it meets three requirements. First, the disruption of the system could cause “severe economic consequences” or worse. Second, that the system “is a component of the national information infrastructure.” Third, that the “national information infrastructure is essential to the reliable operation of the system.”

At last week’s event, Milhorn, the Senate aide, used the example of computers at a nuclear power plant or the Hoover Dam but acknowledged that “the legislation does not foreclose additional requirements, or additional additions to the list.”

A company that objects to being subject to the emergency regulations is permitted to appeal to DHS secretary Janet Napolitano. Her decision is final, though, and courts are explicitly prohibited from reviewing it.

President Obama would then have the power to “issue a declaration of a national cyberemergency.” What that entails is a little unclear, including whether DHS could pry user information out of Internet companies that it would not normally be entitled to obtain without a court order. One section says they can disclose certain types of noncommunications data if “specifically authorized by law,” but a presidential decree may suffice.

“No amount of tightening of what constitutes ‘critical infrastructure’ will prevent abuse without meaningful judicial review,” says Berin Szoka, an analyst at the free-market TechFreedom think tank and editor of The Next Digital Decade book. “Blocking judicial review of this key question essentially says that the rule of law goes out the window if and when a major crisis occurs.”

For their part, Lieberman and Collins say the president already has “nearly unchecked authority” to control Internet companies. A 1934 law (PDF) creating the Federal Communications Commission says that in wartime, or if a “state of public peril or disaster or other national emergency” exists, the president may “authorize the use or control of any…station or device.”

In congressional testimony (PDF) last year, DHS Deputy Undersecretary Philip Reitinger stopped short of endorsing the Lieberman-Collins bill. The 1934 law already addresses “presidential emergency authorities, and Congress and the administration should work together to identify any needed adjustments to the act,” he said, “as opposed to developing overlapping legislation.”