On Sat, Aug 29, 2009 at 06:57, Scott Morris<swm@emanon.com> wrote:
I must have missed the phrasing that says "nobody else can make an independent decision regarding any security measure above and beyond the minimum standards"...
I'll go back and look for that.
Scott
Florian Weimer wrote:
* Scott Morris:
I'm trying really hard to find my "paranoia hat", and just to relieve some boredom I read the entire bill to try to figure out where this was all coming from....
"(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;"
Wouldn't this mean you're allowed to set emergency ACLs only if a cybersecurity emergency has been declared by the President?
The EFF summed up the problems with the bill's current text quite well I believe (without any tin-foil hats required): "The Cybersecurity Act is an example of the kind of dramatic proposal that doesn't address the real problems of security, and can actually make matters worse by weakening existing privacy safeguards – as opposed to simpler, practical measures that create real security by encouraging better computer hygiene." - http://www.eff.org/deeplinks/2009/04/cybersecurity-act $0.02 ~Chris -- Chris Grundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org