Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

So while there is no kill switch in the bill, it would establish two federal bodies to develop and enforce security standards for critical infrastructure systems, and it would clarify the government’s power in the event of a cyber emergency to give mandatory orders to the private operators of critical infrastructure systems.

It would, further, give the National Institute of Standards and Technology the ability, in conjunction with the private sector, to create security standards, which would then be imposed on federal agencies and private operators of critical infrastructure systems. This introduces the potential for mission creep.

Moreover, it is not yet known what those standards would be. Would they permit deep-packet sniffing, other methods of surveillance, or back doors? Who would have final say about the standards and their implementation and enforcement? Does the government possess the expertise to take on this task? If not, how will the relevant agencies acquire that expertise before the standards are developed?

When it comes to improving the online security environment in this country, everyone has work to do, including the federal government. Keeping up with patches and updates, regularly changing user names and passwords on critical systems, and choosing unique, complex passwords are just a few of the habits of good security that should be widespread but aren’t. Some parts of this bill—like section 301, which calls for withholding bonuses from senior agency officials whose agencies aren’t up to snuff—may be good steps toward implementing a functional and habitual security environment at the federal level. Other parts clearly need more consideration and debate.

That the information-security environment in this country and around the world needs work is clear. Whether this is the bill that is needed, or even whether the federal government should have a role in regulating private-sector information security, is less so.

Jonathan Zittrain is a professor of law and of computer science at Harvard University and cofounder of its Berkman Center for Internet & Society; Molly Sauter is a research assistant at the Berkman Center. Updates will appear at

8 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, Internet, Internet infrastructure, Internet censorship, egypt, libya

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me