In a New York Times editorial, former government cybersecurity czar Richard A. Clarke has called for the creation of customs checks on all data leaving and entering US cyberspace.
Clarke makes the call in relation to Chinese hackers stealing information and intellectual property from US firms.
“If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers.” Clarke writes.
“If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today’s wholesale theft of American corporate secrets.”
While Clarke may well be coming at this subject well intentioned, the fact that government has a long history of attempting to crackdown on internet freedom and control the web will mean his words are a cause of concern for many.
“Under Customs authority, the Department of Homeland Security could inspect what enters and exits the United States in cyberspace…” Clarke continues.
“And under the Intelligence Act, the president could issue a finding that would authorize agencies to scan Internet traffic outside the United States and seize sensitive files stolen from within our borders.”
We have seen with the recent attempts to pass legislation such as SOPA, PIPA, and ACTA, that the federal government is hell bent on skirting around legal oversight in order to seize more control over web content and communications.
While those particular bills have more of a focus on copyright protection, there is a huge move afoot to use the issue of cybersecurity as a means to crack down on the free internet.
The Obama administration is going all out to muster support in Congress for a bipartisan cybersecurity bill co-sponsored by Republican Senator Susan Collins and Independent Senator Joseph Lieberman and Democratic Senators Jay Rockefeller and Dianne Feinstein.
Critics contend that the bill contains several provisions that represent a sweeping power grab on behalf of the federal government.
A measure recently added to the bill by Collins and Lieberman, and supported by Obama, would empower the Department of Homeland Security to conduct “risk assessments” of private companies in sectors deemed critical to U.S. national and economic security, forcing them to comply with expensive mandates to secure their systems.
ISPs AT&T and Comcast have denounced the provision, declaring that federal oversight will stifle innovation.
“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at a recent hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”
As we have previously reported, the bill originally legislated for an Internet ‘kill switch’ that would allow the President to shut down parts of the Internet in an emergency.
There are a whole host of other cybersecurity bills in the works including a GOP bill, co-sponsored by John McCain known as The Secure IT Act, and a newly introduced GOP bill known as The Cyber Intelligence Sharing and Protection Act (CISPA), sponsored by Michigan Republican Mike Rogers.
All of the bills have the same vague wording and do not clearly define what a cybersecurity threat is. This has prompted groups such as The Electronic Freedom Foundation and The Center for Democracy and Technology to speak out about what they see as legislating for broad information sharing between private companies and the government for ill-defined purposes.
“The Rogers bill gives companies a free pass to monitor and collect communications and share that data with the government and other companies, so long as they do so for ‘cybersecurity purposes,’” the EFF said in a blog post. “Just invoking ‘cybersecurity threats’ is enough to grant companies immunity from nearly all civil and criminal liability, effectively creating an exemption from all existing law.”