From Mother Jones:
The Cybersecurity Act of 2009 gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.
The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.
Here are the sections raising eyebrows:
SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.
(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.
(b) FUNCTIONS.—The Secretary of Commerce—
(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access; ...
SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President— ...
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network; ...