WASHINGTON, May 27, 2011 - House Subcommittee members received answers long on ideas but short on specifics when they probed Obama administration officials during a hearing Wednesday on the President's cybersecurity review.
The House Judiciary Committee Subcommittee on Intellectual Property, Competition, and the Internet explored the ramifications of the Obama administration’s Cyberspace Policy Review in an oversight hearing that featured two witness panels representing federal and private interests.
The first panel of witnesses testified that the proposed measures would clarify any existing Department of Homeland Security and Department of Justice authority regarding information sharing. The proposed measures would help keep consumers informed of what happens with their data in the case of a software system security breach. Additionally, the proposed measures would potentially grant immunity from civil liability to private sector entities that share information with government law enforcement agencies.
Rep. Mel Watt (D-NC) expressed concern, however, that the proposal might allow government encroachment on personal privacy if corporate software systems that contain personal data were compromised. Members also voiced concern that the proposal might limit private sector cybersecurity capabilities and preempt stronger state laws already in place.
“Despite the fact that the Federal sector grabs the headlines, in many respects it really is the private sector that stands on the front lines of cybersecurity,” said Subcommittee Chairman Rep. Bob Goodlatte (R-VA) in his opening statement.
Subcommittee members and private sector witnesses echoed a desire to avoid the creation of what has been referred to by critics as a government controlled Internet "kill switch.” The term references the method by which Egyptian government authorities shut down that nation's Internet access in an attempt to control political unrest during uprisings earlier this year.
While legislators unsuccessfully introduced a measure earlier this year that would have authorized the shutdown of critical computer systems by the President in the event of a national cyber emergency, no such recommendation was included in the instant proposal.
Subcommittee members also expressed skepticism at the panel’s inability to give specifics to several questions, such as defining terms like ‘critical infrastructure’ and ‘critical information infrastructure.’ It was also not clear which large industries should be excluded from the measures.
Also, it was not clear to members which agency in the Executive Branch had final authority if the newly proposed measures were made into law.
“We have three government agencies testifying, but who’s really in charge of this?” asked Rep. Mel Watt (D-NC). “Who’s running the show?”
“The proposal [the administration] put forward reflects a whole of government approach,” replied James Baker, Associate Deputy Attorney General of the Department of Justice. “The Department of Justice will work to get the right people in front of you.”
Additionally, the new measures would not only clarify existing DOJ and DHS authority, but it would expand authority to prosecute cyber crime in the same manner as organized crime.
“Increasingly, cyber crimes are committed by groups who are organized, “said Baker. “We think we can use RICO to go after those people those people.”
Officially known as the Racketeer Influenced and Corrupt Organization Act, RICO is a United States federal law that allows for the prosecution and penalization for acts committed as part of an organized crime syndicate.
“They are well-organized, they are a threat to the country, and they are effective,” said Baker.