User:CMTucker/Sandbox
The Internet Kill Switch is a subset of the topics addressed in the article Kill Switch, which deals with mechanical and electronic switching mechanisms in general. This article is about cybercrime countermeasures (link to Drew) and the concept of activating a single shut off mechanism for all Internet traffic. The theory behind a Kill Switch is creation of a single point of control for one authority or another to control in order to “shut down the internet to protect it” from unspecified assailants.
The prospect of Cyber Warfare, which has been of increasing concern since the early 2000s, has prompted the drafting of legislation by US officials. Worldwide, the potential implications of actually "killing" the Internet have prompted criticism of the idea in the United States. During the 2011 "Jasmine" revolution in Tunisia, Egypt, and Libya access to the Internet was denied in an effort to limit peer networking to facilitate organization. While the effects of shutting off information access are controversial, the topic of a Kill Switch does remain a topic that remains to be resolved. This article pertains to how a theoretical Internet Kill switch may affect the FCC and United States Telecommunication Policy, the laws as they are currently applied, and proposed legislation.
(PORTIONS MOVED FROM: http://en.wikipedia.org/wiki/Kill_switch Computer security policy)
History of an Internet Kill Switch in the United States
[edit]Telecommunications Act of 1996
[edit]Government regulatory control of information systems did not start with the "Internet Kill Switch" discussions on Cyber Security. It had already been under way for some time before the Telecommunications Act of 1996. Thus, by 1998, as the scope of the risk associated with these dependencies expanded to encompass not only converged government communications and information systems, but also the systems supporting national critical infrastructures, policy makers began to recognize the need for an integrated effort that coupled the capabilities of government and the private sector to mitigate these risks. “Cybersecurity”emerged as a distinct policy area. Presidential Decision Directive 63 (PDD-63), signed in May 1998, established a structure under White House leadership to coordinate the activities of designated lead departments and agencies, in partnership with their counterparts from the private sector, to “eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems.” [1]
Protecting Cyberspace as a National Asset Act of 2010
[edit]On June 19, 2010, Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010",[2] which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the Kill switch bill, would grant the President emergency powers over the Internet. Other parts of the bill focus on the establishment of an Office of Cyberspace Policy and on its missions, as well as on the coordination of cyberspace policy at the federal level.
If national security were to be severely threatened by a cyber attack, broadband providers, search engines, software firms and other major players in the Telecommunications/Computer/Internet industry could be required to immediately comply and implement any emergency measure taken;[3] for most of the month of June, media coverage of the bill insisted on this so-called 'Kill switch' provision, said to be included in the bill.[4]
Section 249 of the bill states that "the President may issue a declaration of a national cyber emergency to covered critical infrastructure," in which case a response plan is implemented.[5] This plan shall consist of "measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure". Said measures should "represent the least disruptive means feasible to the operations of the covered critical infrastructure" and "shall cease to have effect not later than 30 days after the date on which the President issued the declaration of a national cyber emergency" unless the President seeks to extend them, with the approval of the Director of the Office of Cyberspace Policy established by the bill.
Criticisms of the Lieberman Bill
[edit]John Stewart
[edit]Interviewed by Candy Crowley on CNN's State of the Union, Lieberman claimed "it is a fact cyber war is going in some sense right now", "a cyber attack on America [could] do as much or more damage [...] by incapacitating our banks, our communications, our finance, our transportation, as a conventional war attack".
"Right now, China, the government, can disconnect parts of its Internet in a case of war. We need to have that here, too," Senator Joe Lieberman, sponsor of the bill, said on Candy Crowley's State of the Union on CNN.[6]
This remark sparked another controversy, and led Comedy Central's Jon Stewart to make fun of Senator Lieberman for bringing up the example of China, which is notorious for its lack of regard for freedom of speech, on his satirical program The Daily Show with Jon Stewart.[7]
ACLU
[edit]The Americans for Civil Liberties Union took issue with the scope of the legislation in a letter to Senator Lieberman signed by several other civil liberty groups.[8] Particularly, they take issue how the authorities would classify what is Critical Communications Infrastructure (CCI) and what is not. They also took issue with Preserving Free Speech in Cybersecurity Emergencies.
At the heart of the issue is an auto-renew provision within the proposed legislation that would keep it going beyond thirty days. This group recommended that the legislation follows a strict First Amendment scrutiny test:
- (i) the action must further a compelling governmental interest;
- (ii) it must be narrowly tailored to advance that interest; and
- (iii) it must be the least restrictive means of achieving that interest.
Reaction from Lieberman
[edit]After this proposal became controversial, in large part due to concerns that it granted too much power to the President and threatened freedom of speech, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks",[9] and Senator Lieberman contended that the bill did not seek to make a 'Kill switch' option available ("the President will never take over -- the government should never take over the Internet"),[10] but instead insisted that serious steps had to be taken in order to counter a potential mass scale cyber attack.
Legal Issues Regarding an Internet Kill Switch
[edit]At issue is whether or not the President needs to have this power at all, since in the Communications Act of 1934 the President is allowed certain powers:[11]
“Upon proclamation by the President that there exists war or a threat of war, or a state of public peril or disaster or other national emergency, or in order to preserve the neutrality of the United States, the President, if he deems it necessary in the interest of national security or defense, may suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations within the jurisdiction of the United States”
The Telecommunications Act of 1996 and subsequent amendments allowed for the vertical integration of telecommunications carriers into the data and information markets which were left unregulated in the legislation. Previously these carriers did not compete in the same regulatory space, but with the reclassification of data and information services the Act favored competition. This competition exploded once enacted, and was responsible for creating an estimated 7,800 plus ISPs.[12]
Implementation Issues
[edit]There are several issues that may prevent a system to be established in the United States. The Telecommunications Act of 1996 deregulated the telecommunications market and allowed for the growth of data carrier services. Since the FCC does not require registration of a company as an Internet Service Provider (ISP), there are only estimates available. As of April 2011, there are over 7,800 ISPs estimated to be operating in the United States. This makes implementation of a kill switch that much more difficult: Each company would have to voluntarily comply. There is no law that gives the United States authority over an ISP unless court ordered.
A court order is not necessarily the solution either. Even if an Internet Service Provider is forced by court order, the attack may have already taken place and the prophylactic methods too late in implementing. There are over thousands of ISPs and since they don’t have to register, there is no known way of contacting them in time and forcing the ISP to comply.
The regulations that the United States uses to regulate the information and data industry may have inadvertently made a true “Internet Kill Switch” impossible. The deregulation allowed for a building of a patch-work system (ISPs, Internet Backbone) that is extremely complex and not fully known.
In the United States, there are strong citizen and business protection systems. There is redress of grievances allowed to the courts or administrative authority. There is also the need for a court order for the government to shut off services. In addition to these fairly large roadblocks, there are human rights groups such as the Americans for Civil Liberties Union, Amnesty International, and others. All of these reasons make implementing the Internet Kill Switch difficult.
Key Policy Issues
[edit]The key policy issue is whether or not the United States government has the right constitutionally to restrict or cut off access to the Internet. The powers granted to the presidency starting with the Communications Act of 1934 seem to be adequate in dealing with this threat, and is one of the major criticisms of legislation determined to regulate this question. The next most important question is whether or not the United States even need this legislation or it would chip away at individual liberties. The trade offs are apparent-if the government can control information online then it can limit access to information online. One of the biggest problems with the theory is what to classify as Critical Communications Infrastructure and what to leave out.
Policy makers have to take into account the cost of shutting down the Internet, if it is even possible. The loss of the network for even a day could cost billions of dollars in lost revenue. The National Cybersecurity Center was set up to deal with these questions, to research threats and design and recommend prophylactic methods.
In many ways, the integration of networked Computer Mediated Communication systems into our business and personal lives means that the potential threat is increasing along with the potential problem of protecting a wide-class of products. Utility systems can be monitored and controlled remotely, whereas it used to be a physical person. So the issue of what an Internet Kill Switch could affect is growing exponentially.
The 2009 White House Assessment [13] stated that there needed to be more work done on this issue and the Cyber Security Center was created to handle security issues. It is not known at this point if the Center has a policy regarding asserting control of the national networks.
References
[edit]- ^ [1], Obama Administration Cyber Assessment.
- ^ [2] Protecting Cyberspace as a National Asset Act of 2010]
- ^ [3]Senator Lieberman Proposes Cyber Security Act.
- ^ [4] CNet Article.
- ^ [5]Proposed Response Plan.
- ^ [6] Transcripts of CNN's State of the Union with Sen. Joe Lieberman
- ^ [7]John Steward looks at Kids' Junk,
- ^ [8], ACLU letter to congress.
- ^ [9]informationweek.com, June 24, 2010. Retrieved on June 25, 2010.
- ^ [10]CNN.com, June 20, 2010. Retrieved on June 24, 2010.
- ^ [11]Section 706 (c) of the Communications Act of 1934.
- ^ [12]Office of Technology and Electronic Commerce, United States Government.
- ^ [13]Obama Administration Cyberspace Policy Review.