Senate cybersecurity bill mirrors Russian Internet agenda
Language within the embattled Cybersecurity Act of 2012 parallels that of a proposal made by Russia and China to the U.N. in 2011, which argued for international regulation of the Internet to fight cybercrime.
In September 2011, Russia, China, Tajikistan and Uzbekistan urged U.N. Secretary General Ban Ki-moon to lead discussion on the “International Code of Conduct for Information Security.”
The proposal called for international cooperation on defeating cybercrime and political dissension, as well as a truce in the use of cyberweapons.
States that agreed to the code would also agree to “bolster bilateral, regional and international cooperation, promote the United Nations’ important role in formulation of international norms, peaceful settlement of international disputes, and improvement of international cooperation in the field of information security, and enhance coordination among relevant international organizations.”
The proposal — hailed by the Chinese government as “the first relatively comprehensive and systematic document in the world … to formulate international rules to standardize information and cyberspace behavior” — was created in anticipation of an international telecommunications conference to be held in December 2012 in Dubai, the World Conference on International Telecommunications (WCIT-12).
It was heavily criticized by U.S. policymakers, however, as political cover for internal crackdown of political dissidents.
It also prompted a House committee to pass a resolution led by California Republican Rep. Mary Bono Mack opposing the notion of international regulation of the Internet. Florida Republican Sen. Marco Rubio introduced a similar measure in the Senate at the end of June.
While Bono Mack’s resolution has at least been placed on the House calendar, Rubio’s resolution has yet to be taken up for consideration by the Senate Committee on Foreign Relations.
Ironically, similar language to the Russian and Chinese proposal can be found in Section 603 of the Cybersecurity Act of 2012, which is sponsored by independent Sen. Joe Lieberman and cosponsored by Republican Sen. Susan Collins and Democratic Sens. Dianne Feinstein, John D. Rockefeller IV and Sheldon Whitehouse.
The bill states that the “Secretary of State, in consultation with other federal agencies, should develop and lead Federal Government efforts to engage with other countries to advance the cyberspace objectives of the United States, including efforts to bolster an international framework of cyber norms, governance and deterrence.”
And like the Russian and Chinese proposal to the ITU, the bill calls for “engagement with foreign countries on a bilateral basis and through relevant regional and multilateral fora” in order to develop “effective solutions to international cyberspace threats.”
“It is in the interest of the United States to encourage the development of effective frameworks for international cooperation to combat cyberthreats, and the development of foreign government capabilities to combat cyberthreats,” said the bill.
Threats to U.S. networks include hacktivists, organized and state-sponsored crime, terrorists and states.
The bill would make the advancement cyberspace objectives an “integral part of the conduct of United States foreign relations and diplomacy.” Issues would include “governance, standards, cybersecurity, cybercrime, international security, human rights, and the free flow of information.”
Currently, the Internet is loosely governed through a voluntary multi-stakeholder process by international non-profit organizations — such as Internet Corporation for Assigned Numbers and Names (ICANN), World Wide Web Consortium (W3C), and Internet Society — that agree upon and set standards for things like code, cybersecurity, domain names and more.
The U.S. currently supports the voluntary multi-stakeholder model. While governments play a role in cybersecurity, the burden is largely upon private companies to defend their own networks. Current debate over the Cybersecurity Act of 2012 is centered around the kind of a role the government should play in combating cyberthreats.
Under the new bill, the United States would look to “build consensus on principles and standards of conduct that protect computer systems and users that rely on them, prevent and punish acts of cybercrime, and promote the free flow of information.”
“A comprehensive national cyberspace strategy must include tools for addressing threats to computer systems and acts of cybercrime from sources and by persons outside the United States,” said the bill.
The federal government is already using social networks and other online communication tools to monitor crime. Privacy advocates complain that the bill, as with the other cyberbills on the table, does little in the way of protecting privacy.
The Electronic Frontier Foundation (EFF), a San Francisco-based digital civil liberties group, criticized the legislation back in March for its vague language and broad countermeasures, which could lead to further digital surveillance of Internet users.
Further debate over proposed amendments to the bill is taking place this week.