The federal Cybersecurity legislation that was proposed earlier this year is back on the docket. The text about the President shutting down networks has been reworded and it sounds less silly now. They want the power to identify stuff that is too sensitive to be connected to the Internet, or possibly too overrun with malware, and disconnect it. Whether they should have the power to do that to private sector networks is certainly a subject for debate, but now that we know what they are talking about at least we can debate it.

I personally think its still too vague. It could be interpreted to mean that if you are a private company and you haven't installed the patch for the latest Windows vulnerability the "Internet Police" can come and pull the plug on your whole operation. Who actually makes these calls? What are the limits of this power? Are these decisions subject to review? Is this really the right way to resolve security problems on the Internet?

Unfortunately the section about mandatory licensing of Computer Security professionals is still there. As I say in the thread attached to the bill, that section has graft written all over it.

As for that thread, I'm linking OpenCongress, a website built by the PFF and the Sunlight Foundation which I've never used before. OpenCongress lets you read, research, and comment on legislation. Its got some nice features and interface. If they can manage to keep the discussion civil this will turn into a very powerful tool. However, there are still some bugs they need to work out, including the fact that you can't login using Safari!