Wednesday, 11 July 2012 10:40

New Executive Order Grants The Department Of Homeland Security Extended Power To Control and Monitor the Internet

Written by

Reading time is around minutes.

The US Government has gone and done something that they have been trying to claim they would never do. They have put forward an Executive Order that outlines their ability to control communications in the event of an “emergency”. The new order has the interesting title of “Assignment of National Security and Emergency Preparedness Communications Functions”. You could say that the new Executive Order does assign functions to different offices in the government and also assigns duties to the rest of the country including “the private and nonprofit sectors, and the public”. If you read the new EO in its entirety (and we highly recommend you do) you will see that this is a precursor to the enablement of the US Government to require surveillance and control measures all across the internet. So it looks like the big content holders have managed to get their way all in the name of “National Security”.

The opening paragraph lays a lot of this out, but also skirts around the actual issue and the purpose of the new EO.

“The Federal Government must have the ability to communicate at all times and under all circumstances to carry out its most critical and time sensitive missions. Survivable, resilient, enduring, and effective communications, both domestic and international, are essential to enable the executive branch to communicate within itself and with: the legislative and judicial branches; State, local, territorial, and tribal governments; private sector entities; and the public, allies, and other nations. Such communications must be possible under all circumstances to ensure national security, effectively manage emergencies, and improve national resilience. The views of all levels of government, the private and nonprofit sectors, and the public must inform the development of national security and emergency preparedness (NS/EP) communications policies, programs, and capabilities.”

The rest of the EO is the details many of which are very broad in their scope and force requirements on public sector companies to inform the government of all their improvements, security features and network capabilities. It then commands them to enable and institute network prioritization features that will allow the US Government traffic to take priority, but it does not say when this would be enabled and but simply uses the wording “emerging threat, emergency or crisis” these are very open and we wonder how often communications will be “prioritized” due to an “emerging threat”.

We also found some subtle wording that allows the Department of Homeland Security to require access to all levels of Network Infrastructure; “incorporate, integrate, and ensure interoperability and the necessary combination of hardness, redundancy, mobility, connectivity, interoperability, restorability, and security to obtain, to the maximum extent practicable, the survivability of NS/EP communications defined in section 5.2(a) of this order under all circumstances, including conditions of crisis or emergency;

So DHS will now be able to dictate security to private entities. Unfortunately for the average consumer there is nothing to define “security” or to limit the powers that DHS has to implement this. The NS/EP (National Security/ Emergency Preparedness) network now includes all sectors of the internet and communications assets in the US so DHS will have license over that as well.

Now if you think that DHS will not… take liberties, with this and ask for extra monitoring hardware (you know DPI is very useful to help prevent threats) as well as extended capabilities to tap into existing communications to ensure they have a good “situational awareness” then you might not have been following the recent news at all.

This EO while lightly covered in the needs of National Security and Emergency Preparedness is an opening that the US Government has intentionally put in place to allow DHS, the FBI and others to take their already out of control surveillance to an even greater paranoid level. While we agree that there is a need to develop plans for a national security emergency and also to prepare for emergencies, this is not the answer. What we noticed is that there is very little in here about ensuring critical infrastructure services are secure, but there is a lot about making sure they can secure and prioritize traffic. To prioritize traffic efficiently you should identify; source, traffic type and destination. Does anyone want to bet on how those systems will be put to use when there is not an “emergency”?

The President has the authority to enact these types of orders without the need for any debate, so it is a way for the currently sitting president to implement policy with almost no recourse available to the Public. This new order is now law based on the President’s right to issue these which is granted by the US Congress. Like it or not it looks like the US Government no longer needs to worry about voting on the establishment of surveillance and control measures for the Internet in the US. It was all singed away by the President under the guise of National Security. No matter what you call this one it is a limitation on a technology that should remain free and open. The US government should be able to ensure communications between branches without the need to meddle in private sector and private citizen networks.

Discuss this in our Forum

Read 4735 times Last modified on Wednesday, 11 July 2012 10:59

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.