On Thu, Jul 7, 2011 at 3:32 PM, Senator Kirsten Gillibrand Senator@gillibrand.senate.gov wrote:
July 7, 2011
Dear Brian,
Thank you for writing to me with regard to legislation that would give the federal government the authority to turn off portions of the internet in the event of a major cybersecurity incident. I understand your concerns.
In the 21st Century, access to the internet has become an indispensible communication tool and a forum for vigorous public discourse. We have seen the power of the internet leveraged to promote democracy and topple repressive regimes in North Africa. While the internet has become a great tool for good, it has also provided new opportunities for criminals to exploit individuals, disrupt commerce and attack governments. For that reason, Congress and the Administration are working on various proposals to better protect the United States against cyberattacks and cybercrime. This is necessary if we are going to be vigilant against existing and emerging online threats and ensure a coordinated and coherent U.S. approach to cybersecurity. In addition, I have sponsored legislation to foster greater international cyber cooperation and ensure that the United States is working with other governments to address the threats emanating from overseas.
Any legislation that is considered by Congress to address cybersecurity must maintain a balance between security and individual rights. I will fully evaluate all legislation as it comes to the Senate floor for consideration to ensure that it strikes the right balance, and work with my colleagues to fully protect the rights of all Americans.
Thank you again for writing to express your concerns, and I hope that you keep in touch with my office regarding future legislation. For more information on this and other important issues, please visit my website at http://gillibrand.senate.gov and sign up for my e-newsletter.
Sincerely yours,
Kirsten Gillibrand United States Senator
Senator Gillibrand:
Speaking as a computer scientist, issues of individual rights need not come into play. Basic computer security procedures are lax for two reasons:
- human ignorance
- human laziness
Consider the recent spree of computer break-ins by children: Anonymous, LulSec and others. Each attack has followed vectors well known for at least a decade. The administrators of those machines were, and remain, incompetent. Sony Entertainment ran a web-server daemon several years out of date, with well known and responsibly published flaws. These were exploited by children, crippling the PS3 console online play for weeks. SQL Injections into web application code are well known and chronic problems. Sites confirmed or suspected to have been attacked by children using such injections:
- the Washington Post job website
- Oracle’s MySQL website
- Sony Ericsson’s website
- Wordpress.org and its flagship product, Wordpress
The list goes on; I’m sure you’re aware of the basic flaws in many State and Federal websites. Such attacks are a result of, as mentioned before, human laziness and or ignorance. No law can address these root causes, unless being stupid is to be made illegal. Enforceable standards of security for computational, government assets are a solution, not extensions to the power of law enforcement to react after a breach has been made. In my lifetime the balance of security and individual rights has too often gone toward security, toward an intolerable overreach, an inept authoritarianism. I want to live freely. I want to live with basic human dignity afforded by my natural rights. Even if it’s done with the best of intention—of which I have no doubt—arbitrary control of the means of communication by our government negates these things, makes all of us beholden, of extent unknown except in hindsight, to a faceless authority, neither elected or removable.
Nearly ten years ago two towers crumbled into dust and flames and a few thousand people died. We went to war, twice, and spilled such blood that, were we able to revive our dead, we might drown them in a pool of it ten times over. After billions spent stripping rights and dignities, reorganizing and expanding the State security apparatus, a handful of Navy SEALs killed an old, despicable man in his bedroom: eight more pints for the pool. Such evident strength of will, such monetary and technological prowess. Meanwhile, water lines burst and are not repaired: budgetary concerns; less than the cost of one tenth of a specially configured helicopter. Tap water flows in rusty and filled with sediments, enough to cause illness. How does a death in Pakistan make me secure of body if I have no water to drink? How does the power to muzzle the primary communication medium of our age give me more of the basic materials to live a life of dignity?
I am yet a young man. Please, I should like to inherit the country I was promised as a child and not an inept authoritarianism which declares its greatness even as basic, vital infrastructure crumbles into the dirt.
— Brian L. Troutwine
-
troutwine posted this
