Three U.S. senators criticized for past legislation that would allow the president to potentially quarantine or shut down parts of the Internet during a major cyberattack have introduced a new bill that would put limits on that authority.
The Cybersecurity and Internet Freedom Act, introduced late Thursday, would explicitly deny the president or other U.S. officials “authority to shut down the Internet.” The legislation, similar in many ways to a controversial 2010 bill, comes after persistent criticism that the bill’s sponsors want to give the president a so-called Internet kill switch.
“We want to clear the air once and for all,” Senator Joe Lieberman, a Connecticut independent, said in a statement. “There is no so-called ‘kill switch’ in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the president. Furthermore, it is impossible to turn off the Internet in this country.”
In 2010, the bill’s sponsors — Lieberman, Maine Republican Susan Collins and Delaware Democrat Tom Carper — introduced a wide-ranging cybersecurity bill that would have defined emergency powers that the president could use, including shutting down parts of the Internet, when there’s an “ongoing or imminent” cyberattack on the nation’s critical infrastructure.
The new legislation has similar language, again allowing the president to take emergency measures to protect critical infrastructure. But the new bill adds language saying that the president, federal cybersecurity officials and other government employees do not have the authority to shut down the Internet.
The three senators, all members of the Senate Homeland Security and Governmental Affairs Committee, argued that the bill would limit broad powers the president has in the Communications Act of 1934 to take over or shut down wired and radio communications during war time. But critics said the bill, which failed to pass through Congress, would give the president broad and ambiguous authority.
Representatives of the Center for Democracy and Technology and the Computer and Communications Industry Association, two critics of the 2010 cybersecurity bill, weren’t immediately available for comment on the new legislation.
Some critics have continued say the 2010 bill had a kill switch provision, with comparisons to Internet shutdowns in Egypt and other Middle Eastern countries in recent weeks, even though the legislation did not authorize presidential power to shut down the entire Internet in the U.S.
The persistent kill-switch criticisms were distracting from a serious debate about cybersecurity measures the U.S. needs, Lieberman said.
“The so-called ‘internet kill switch’ debate has eclipsed discussion of actual, substantive provisions in this bill that would significantly improve the security of all Americans,” he said in a statement.
The new, 221-page bill mirrors parts of the 2010 bill. The new bill would require owners of critical infrastructure to fix cybervulnerabilties and would create a national center focused on preventing and responding to cyberattacks. The bill also would reform the cybersecurity rules for federal agencies, and it would establish a cybersecurity research and development program in the U.S. Department of Homeland Security.
New legislation is needed to protect U.S. networks, Collins said. Computer systems in Congress and the U.S. executive branch were attacked 1.8 billion times a month as of early 2010, she noted.
“The threat of a catastrophic cyber attack is real,” she said in a statement. “Attacks are happening now.”
Experts have questioned whether anyone has the ability to shut down the Internet in the U.S., but the bill makes it “crystal clear” that the president cannot take that action, Collins added.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.