Sunday, January 30, 2011

Internet ‘Kill Switch’ Legislation Back in Play

From David Kravets at Wired's Threat Level Blog,

The resurgence of the so-called “kill switch” legislation came the same day Egyptians faced an internet blackout designed to counter massive demonstrations in that country.

The bill, which has bipartisan support, is being floated by Sen. Susan Collins, the Republican ranking member on the Homeland Security and Governmental Affairs Committee. The proposed legislation, which Collins said would not give the president the same power Egypt’s Hosni Mubarak is exercising to quell dissent, sailed through the Homeland Security Committee in December but expired with the new Congress weeks later.

The bill is designed to protect against “significant” cyber threats before they cause damage, Collins said.

“My legislation would provide a mechanism for the government to work with the private sector in the event of a true cyber emergency,” Collins said in an e-mail Friday. “It would give our nation the best tools available to swiftly respond to a significant threat.”

The timing of when the legislation would be re-introduced was not immediately clear, as kinks to it are being worked out.

An aide to the Homeland Security committee described the bill as one that does not mandate the shuttering of the entire internet. Instead, it would authorize the president to demand turning off access to so-called “critical infrastructure” where necessary.

An example, the aide said, would require infrastructure connected to “the system that controls the floodgates to the Hoover dam” to cut its connection to the net if the government detected an imminent cyber attack.

What’s unclear, however, is how the government would have any idea when a cyber attack was imminent or why the operator wouldn’t shutter itself if it detected a looming attack.

About two dozen groups, including the American Civil Liberties Union, the American Library Association, Electronic Frontier Foundation and Center for Democracy & Technology, were skeptical enough to file an open letter opposing the idea. They are concerned that the measure, if it became law, might be used to censor the internet.

“It is imperative that cyber-security legislation not erode our rights,” (.pdf) the groups wrote last year to Congress.

A congressional white paper (.pdf) on the measure said the proposal prohibits the government from targeting websites for censorship “based solely on activities protected by the First Amendment of the United States Constitution.”

Oddly, that’s exactly the same language in the Patriot Act used to test whether the government can wiretap or investigate a person based on their political beliefs or statements.

A couple thoughts on this bill:

- what are the implications for our digital privacy? in order to detect cyber threats is intrusive monitoring of the internet required?
- and why the *#$! would the hoover dam need to be connected to the Internet?


Andrew Glass said...

This seems like an extremely poorly thought out idea. This bill begs the question if internet security experts were even consulted...

In many cases when a bill passes that limits our freedoms in some way, the current pattern is that some political actor will work to make the bill stronger and the risks to privacy more severe. The Patriot Act is a perfect example of this, and in light of the recent events in Egypt, Americans should be fearful of handing over internet control to the government. I think that the federal government usually has the best interests of Americans in mind, however I think that this bill is extremely misguided and legislators should spend time speaking with security consultants in order to understand the potential risks. They are politicians, not computer scientists and have limited understanding of the power of the internet.

Also, if there was a way to just "turn off" essential infrastructure that relied on the internet, wouldn't this "off switch" be a prime target for internet hackers? This is risk enough to axe the whole idea.

And it doesn't make much sense for the Hoover Dam to be connected to the internet, haha.

-Andrew Glass

Jen said...

I had the same thoughts on the “off” switch idea. We would assume that anyone targeting the Internet in an attack is at least a relatively capable human being. By the government setting up systems where we can “protect ourselves” from these attacks, they are in effect creating target points for these attackers. A person that makes a living out of launching attacks on the Internet can most likely outsmart a Government created buffer, especially one that centralizes all important aspects of our infrastructure. This is essentially just creating a high profile temptation. Also, while it was possible for Egypt to do this, our access to the Internet is not necessarily a public venture. While I think it is a very real fear that terrorists or hackers target our “critical infrastructure” I don’t think creating a separate threat to privacy really addresses that issue.