Hacker News new | past | comments | ask | show | jobs | submit login
Cybersecurity Act of 2009 to allow warrantless searches of all personal email (washingtonexaminer.com)
22 points by miked on April 10, 2009 | hide | past | favorite | 10 comments



The Internet Storm Center has a somewhat more even-handed breakdown of the proposed legislation: http://isc.sans.org/diary.html?storyid=6124

The “shut down the Internet” part can be found in S.773 §18 (2): (http://www.opencongress.org/bill/111-s773/text?version=is...)

> [The President] may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network […]

So we're talking about emergency airgapping federal/military networks, and whatever other domestic sections of the backbone are deemed “critical infrastructure.” It's quite an extreme measure, but there's no implication of claiming the power to turn off the lights for everyone around the world (or even in the US).


The President might define "critical infrastructure" as being the entire Internet- and many other countries route a large portion of their Internet traffic through the US- so a shutdown in the US would certainly slow down, if not shutdown, much of the rest of the world.


It's that "critical infrastructure" bit which concerns me. It just seems way too open to scope creep. Who gets to declare what is critical?


I don't see anything about searching personal email here. Is the original arcticle inaccurate?


You know, as much as I dislike any attack against civil liberties in general, attacks like this don't bother me as much as, say, unreasonable seizure or firearm confiscation.

A quote comes to mind: "The Net interprets censorship as damage and routes around it." John Gilmore (EFF)

In my mind, news like what is described in the post will only spur greater attempts an anonymity, encryption, darknets, etc. They fight and hamper us, we hack around it.


The thing is, greater anonymity via encryption etc. is not easy to use for the general public. Sure, you can hack around it but not everyone is a hacker. And of course, darknets etc. won't get around the Permission to Shut Down The Internet bit.


If it becomes a big enough issue, people will write software and protocols that are as easy to use as the rest of the internet. As an example take https: since it was decided that sending credit cards in cleartext was unacceptable, browsers updated to seamlessly use it. The end user sees nothing except an extra character in their URL, but the technology is entirely different.

To extend it to this case, we might see email clients that default to dealing with the messy business of darknets, etc., while providing essentially the same user interface.


Unless a future step is to require every computer to be registered with the authorities, or go through some central ISP gateway in order to access the New Internet, which gives authorities greater control. Who knows where this kind of stuff can lead.


"The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."


I can forsee situations where it might become complicated. For instance, a bunch of 'critical' hardware is in a datacenter somewhere and you are also in that datacenter. A cybersecutiy emergency happens and to protect this.. whatever it may be, the datacenter or parts of it get airgapped.

And your stuff becomes unaccessible, be it a corporate website, your own personal server, whatever. And there's not much you can do to remedy it either.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: