Sen. Joseph Lieberman on Tuesday defended his proposal to grant the president far-reaching emergency powers to seize control of or shut down portions of the Internet.
It's vital that the president can "say to an electric company or to say to Verizon, in the national interest, 'There's an attack about to come, and I hereby order you to put a patch on this, or put your network down on this part, or stop accepting any incoming from country A,'" said Lieberman, an independent from Connecticut who caucuses with Democrats.
Lieberman's bill,, could force companies such as broadband providers, search engines, and software firms that the government selects to "immediately comply with any emergency measure or action" decreed by the Department of Homeland Security.
Because there are virtually no limits on the president's emergency power, which can be renewed indefinitely, the densely worded 197-page bill has encountered criticism from industry and civil liberties groups, which have worried about the ability to shut down parts of the Internet and raised concerns about "the potential for absolute power." (The sole limit is on warrantless wiretapping.)
But at a Senate hearing on Tuesday, the Obama administration pointedly stopped short of endorsing Lieberman's bill, called the Protecting Cyberspace as a National Asset Act (PCNAA).
Philip Reitinger, deputy undersecretary for the Department of Homeland Security, agreed that the executive branch "may need to take extraordinary measures" to respond to cyberthreats. But Reitinger said that "we believe it is preferable" to have a single organization--that is, an arm of the DHS--handle physical and Internet infrastructure rather than create a new office.
In addition, Reitinger said, the 1934 Communications Act already gives the president broad emergency power. "Congress and the administration should work together to identify any needed adjustments to the act, as opposed to developing overlapping legislation," he said.
Section 706 of that nearly century-old law says if there is a "threat of war," the president may seize control of any "facilities or stations for wire communication"--archaic wording that nevertheless would presumably sweep in broadband providers or Web sites. Anyone who disobeys can be imprisoned for a year.
The idea of an Internet "kill switch" that the president could flip is not new. A draft Senate proposal that CNETin August allowed the White House to "declare a cybersecurity emergency," and from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to "order the disconnection" of certain networks or Web sites.
Lieberman used the occasion of Tuesday's hearing before the committee he heads to argue that "this legislation is premised on a conclusion that there is need for governmental involvement."
He said a major reason to enact the PCNAA is to limit the liability of companies that take dramatic steps--perhaps a broadband provider cutting service to millions of its customers. Sometimes companies need to "do things in a normal business sense you'd be hesitant to do but national security requires you to do," Lieberman said. He added: "We protect them from that because the action the government is ordering them to take is in national security or economic interest."
If there's an "incident related to a cyber vulnerability" after the president has declared an emergency and the affected company has followed federal standards, plaintiffs' lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear, but the U.S. Treasury will pick up the private company's tab.
Under PCNAA, the federal government's power to force private companies to comply with emergency decrees would become sweepingly broad. Any company on a list created by Homeland Security that "relies on" the Internet, the telephone system, or any other component of the U.S. "information infrastructure" would be subject to command by a new National Center for Cybersecurity and Communications that would be created inside the department.