Essentially, this section calls for the eventual phasing in of a federal replacement of the current DNS (Domain Naming System). Currently, the DNS is administered by ICANN, the Internet Corporation for Assigned Names and Numbers. In order to understand the implications of a change in control, it is important to understand what exactly the DNS does.SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM.
(a) IN GENERAL.—Within 3 years after the date of enactment of this Act, the Assistant Secretary of Commerce for Communications and Information shall develop a strategy to implement a secure domain name addressing system. The Assistant Secretary shall publish notice of the system requirements in the Federal Register together with an implementation schedule for Federal agencies and information systems or networks designated by the President, or the President’s designee, as critical infrastructure information systems or networks.
b) COMPLIANCE REQUIRED.—The President shall ensure that each Federal agency and each such system or network implements the secure domain name addressing system in accordance with the schedule published by the Assistant Secretary.
The DNS is a hierarchical system that allows for translation between human-meaningful phrases and computer code. It's the system that translates icanhascheezburger.com into 72.233.69.8, to allow the computer to understand what exactly it is looking for. In order to make these mappings consistent, however, there needs to be a unique bijection between the two - only one web site per name. This is what the ICANN currently does. ICANN oversees the domain registration and allocation process in a fair, balanced manner. This is the power that the government is currently seeking - the ability to control domain registration.
This power holds much potential for government abuse, though. We've already seen the abuse of the Terrorist Watch List for political benefit, with police departments adding protesting activists to the List for merely protesting, and children as young as 7 being placed on the List. Effectively, the government would hold veto power over anyone wishing to publish on the internet, and pull the plug if it disagrees with the message. Even though the current administration says it has no plans to use the power thusly, putting such powers in the hands of government in the first place is a dangerous undertaking. Especially if the power granted would have little effect on the cause the act is trying to promote.
The DNS only controls attempts to connect to other computers via what most people consider regular methods. Attempts that use only IP addresses to connect to servers, i.e. most hackers, would be completely unaffected by the changeover in power. In effect, the government seizure would hinder honest citizens while having no effect on the criminal class the Act is trying to protect against.
A combination of 2 further sections, Sections 18 and 23, holds even further chilling possiblities for abuse.
SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY
The President—
. . .
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network
. . .
(6) may order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national securitySEC. 23. DEFINITIONS.
(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS.—
The term ‘‘Federal government and United States critical infrastructure in formation systems and networks’’ includes—
(B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.
Section 18 gives the President the ability to declare a cybersecurity emergy, shutting down "Federal government and United States critical infrastructure in formation systems and networks". These are then defined in 23 to be pretty much whatever the President wants it to be. The President, therefore, can shut down whatever communication systems he/she decides to in the name of cybersecurity, which also has been helpfully left up to the President to decide when a cybersecurity crisis is occuring. This simply cannot stand. The government can not be in the business of deciding which voices get heard and which do not on the Internet. Even though there is little history of the Internet, the Internet has been established as a public forum, open to anyone to post. If the government controls whoever gets to post there, inroads will be made to erode the openness of the Internet, and eventually the government will be able to usurp one of the greatest tools free speech has seen in a long, long time.
Hmm. I wonder if a mandatory domain name addressing system infringes on the right to remain anonymous. In the cases we've looked at in class on the subject (Talley v. California and McIntyre v. Ohio Elections Comm'n), the higher courts found in favor of the right to anonymity. Anonymous handbills were a major reason why we became the nation we are today! I can see where some would take issue with the comparison between handbills and internet use, because a hacker could really damage someone else directly through the computer. But you make the point that hackers wouldn't really be affected by the Cybersecurity Act. I agree with you that the government shouldn't have access to or authority over what we do on the internet (otherwise I would probably be on that watch list for writing this).
ReplyDelete