Monday, March 14, 2011

Obama's Internet Kill Switch

From TechCrunch.com:

The complete Internet shutdown this week in Libya involved a new way to turn off web access for an entire country. Earlier this year, the total Internet blockade in Egypt backfired and emboldened the protesters. China is well known for blocking Internet services, but it’s not just China. Of course, having the government turn off the Internet could never happen in the United States. We couldn’t condemn the action in other countries while at the same time plan it here. No one would even suggest such a thing, right?

Wrong. The topic came up last June when Senators Joseph Lieberman, Susan Collins and Thomas Carper introduced the controversial “Protecting Cyberspace as a National Asset Act of 2010?. One vague provision in the bill gave the president the power to “authorize emergency measures to protect the nation’s most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited.” It became known as the Internet “kill switch” bill even though the words ‘kill’ and ‘switch’ are not found in the bill...

The legislation was re-branded and revised as the “Cybersecurity and Internet Freedom Act of 2011.” Note the clever use of the phrase Internet Freedom for a bill that gives the government power over privately owned computer systems. Ironically, it was re-introduced on the same day as the Egyptian shutdown, when President Obama was called on “the Egyptian government to reverse the actions that they’ve taken to interfere with access to the Internet.”

Lieberman changed his approach:

“We want to clear the air once and for all. As someone said recently, the term ‘kill switch” has become the ‘death panels’ of the cybersecurity debate. There is no so-called ‘kill switch’ in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the president. Furthermore, it is impossible to turn off the Internet in this country.”

The new bill says “neither the president, the Director of the National Center for Cybersecurity and Coummunications, or any officer or employee of the United States Government shall have the authority to shut down the Internet.” But, it does give the Department of Homeland Security the power to issue decrees to privately owned companies in a cyber emergency.

Surprisingly, the president has the power to shutdown the Internet already. This authority originated well before the Internet existed, in the Communications Act of 1934 that created the FCC. Section 706 gives the president authority, in a state or threat of war, to “cause the closing of any facility or station for wire communication” with no advance warning.

“A station for wire communication” may not sound like the routers that power the Internet. But the Department of Homeland Security has cited the 1934 Act as one of the powers the president would rely on if the nation was under a cyberattack.

Why does our government even need the power to block the Internet? One of the justifications for the bill, that’s even written into the legislation, is the fact that the computer systems of the government are probed or attacked an average of 1.8 billion times a month. Most of these involved attacks infiltrating government workers copies of Adobe Acrobat or Microsoft Office. Or, phishing attacks with malicious email attachments, hardly a reason to justify even a partial Internet shutdown.

Collins argues the president needs the power to shut down “critical infrastructure” during a serious cyberattack. As an example, the sponsors say if a cyberthreat was detected, the president should be able to instantly shut down any infrastructure connected to “the system that controls the floodgates to the Hoover dam.” On the surface, it sounds reasonable. You wouldn’t want 10 trillion gallons of water to cause havoc.

But, I checked the Hoover Dam website. I couldn’t find a way to control the floodgates and I’d be surprised if that control was connected to the public Internet. [Update: The agency in charge of the Hoover Dam says it is not connected to the Internet and has several physical and technological safeguards to prevent the floodgates from opening.] And even if a hacker could control it, the government should be able to cut off the connection without this legislation.

Lieberman says the bill is needed because “the Internet can be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets.” Yes, the Internet can be a dangerous place. It’s also essential to the freedom of its citizens and nation’s commerce. And, it’s pretty good at self-policing. In the case of the private banks, the banks themselves know more about protecting customers accounts than then government.

John Dvorak says the senators supporting the legislation “aren’t Internet experts trying to protect the Net from damage. They, to be frank, are clueless about the Internet...”

In Search Of The Internet Kill Switch
Jon Orlin
Mar 6, 2011
http://techcrunch.com/2011/03/06/in-search-of-the-internet-kill-switch

No comments: