Proposed Internet Kill Switch

Steve-Hostirian · Post #1 (**permalink**) 06-18-2010, 10:23 AM

Just read about the proposed kill switch and am looking for everyone's opinion at HD.

Quote:

WASHINGTON (CBS4/CNET) ―

The days of freedom on the Internet, even during a time of national crisis, may be coming to an under a new U.S. Senate bill. The legislation would grant the president emergency powers to seize control of or even shut down portions of the Internet during times of national emergency.

It's been dubbed as an Internet "kill switch" the president could flip. However, the idea behind it is not new. A draft Senate proposal that CNET obtained in August allowed the White House to "declare a cybersecurity emergency," and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to "order the disconnection" of certain networks or Web sites.

The legislation announced Thursday says that companies such as broadband providers, search engines, or software firms that the government selects "shall immediately comply with any emergency measure or action developed" by the Department of Homeland Security. Anyone failing to comply would be fined.

That emergency authority would allow the federal government to "preserve those networks and assets and our country and protect our people," Joe Lieberman, the primary sponsor of the measure and the chairman of the Homeland Security committee, told reporters on Thursday. Lieberman is an independent senator from Connecticut who caucuses with the Democrats.

Lieberman's bill is formally titled the Protecting Cyberspace as a National Asset Act, or PCNAA. Under PCNAA, the federal government's power to force private companies to comply with emergency decrees would become unusually broad.

Any company on a list created by Homeland Security that also "relies on" the Internet, the telephone system, or any other component of the U.S. "information infrastructure" would be subject to command by a new National Center for Cybersecurity and Communications (NCCC) that would be created inside Homeland Security.

The only obvious limitation on the NCCC's emergency power is one paragraph in the Lieberman bill that appears to have grown out of the Bush-era flap over warrantless wiretapping. That limitation says that the NCCC cannot order broadband providers or other companies to "conduct surveillance" of Americans unless it's otherwise legally authorized.

Lieberman said Thursday that enactment of his bill needed to be a top congressional priority. "For all of its 'user-friendly' allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets," he said. "Our economic security, national security and public safety are now all at risk from new kinds of enemies--cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals."

Lieberman's proposal would form a powerful and extensive new Homeland Security bureaucracy around the NCCC, including "no less" than two deputy directors, and liaison officers to the Defense Department, Justice Department, Commerce Department, and the Director of National Intelligence. (How much the NCCC director's duties would overlap with those of the existing assistant secretary for infrastructure protection is not clear.)

The NCCC also would be granted the power to monitor the "security status" of private sector Web sites, broadband providers, and other Internet components. Lieberman's legislation requires the NCCC to provide "situational awareness of the security status" of the portions of the Internet that are inside the United States -- and also those portions in other countries that, if disrupted, could cause significant harm.

Selected private companies would be required to participate in "information sharing" with the Feds. They must "certify in writing to the director" of the NCCC whether they have "developed and implemented" federally approved security measures, which could be anything from encryption to physical security mechanisms, or programming techniques that have been "approved by the director." The NCCC director can "issue an order" in cases of noncompliance.

To sweeten the deal for industry groups, Lieberman has included a tantalizing offer absent from earlier drafts: immunity from civil lawsuits. If a software company's programming error costs customers billions, or a broadband provider intentionally cuts off its customers in response to a federal command, neither would be liable.

If there's an "incident related to a cyber vulnerability" after the president has declared an emergency and the affected company has followed federal standards, plaintiffs' lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear, but the U.S. Treasury will even pick up the private company's tab.

Artashes · Post #2 (**permalink**) 06-18-2010, 11:22 AM

I am wondering about the jurisdiction. Certainly such orders will not be respected anywhere outside the USA with a simple "you are not the boss of me" attitude.

If this passes, might this cause a lot of companies seek refuge in data centers outside of the United States for their home servers, if they do not want to fall under the shut down policy and have their website disconnect as a result?

Blue · Post #3 (**permalink**) 06-18-2010, 12:16 PM

I would hope so Art.
I would also hope that other countries would have the fortitude not to align with the US on such measures.

If US House and Senate members want to sign on to this kind of invasion of privacy and protection of corporate interests then more power to them.

Hopefully if such a bill were to pass then free thinking people in the US would turn out en masse to replace those who voted for it.

Either way, political opportunists like Leiberman use bills like this in the guise of national security to secure their bonifides with the right wing.

csn-uk · Post #4 (**permalink**) 06-18-2010, 12:40 PM

Personally I see such acts as a Politian's way to control something they cannot fathom a grasp on, more specifically the software that empowers business as well as other organisations and the security emplace to protect it.

Simply being able to blanket companies and or individuals with fines or similar defined punishments first won't solve the issue mainly due to both the size of the internet and lack of traceability even for such bodies as the various secret service agencies if said individual was found and secondly enough evidence gathered.

That aside from the scale of the internet, the security of any given system at any given point in time is questionable. From a programming background I can guarantee there is a way to crack every system, the question really in this day and age is how hard can you make such a task.

Commonly encryption is used as an example of this, in terms of military or similar grade encryption with computers capable of 10k/s computations could take into the tens of millions of millions of years to check all possible answers. However with the size of such keys required for these types of encryption mean that we as humans are unable to memorise such a large string, as a result our passwords are a weak point for a lot of systems.

An example in short could be, what happens if a Banks manger unexpectedly resets his password and locks the system? how does such a bank regain access to their system?

From a hosting stand point id agree as above it would simply turn against the US in terms of many of their hosting providers moving into Europe where such a threat of closure of extended or permanent periods is not looming overhead

HostMantis · Post #5 (**permalink**) 06-18-2010, 12:43 PM

This is a bad idea, plain and simple.

CGIwire · Post #6 (**permalink**) 06-19-2010, 10:57 AM

I see it as the US trying to control which can't be controlled! And like art said, people will just move to off-shore DC's. Very silly of them to try and pass this act in my opinion!

Steve-Hostirian · Post #7 (**permalink**) 06-21-2010, 09:13 AM

Even in times of war, businesses need to continue conducting business - to support the war effort. So many businesses now rely on online apps and processes that killing the Internet here would cripple our economy from within.

DKing · Post #8 (**permalink**) 06-24-2010, 11:42 PM

What exactly are they trying to accomplish with this? Seems like a silly bill formed by people who don't understand how the web works.

webfly · Post #9 (**permalink**) 06-26-2010, 11:46 PM

I can't imagine what they are thinking. This is the World Wide Web not the United States Web. They have no right and it's a terrible idea in so many ways.

Zagor · Post #10 (**permalink**) 06-27-2010, 07:41 AM

The government has too much power anyway. I think this is the last drop people should take. Personal freedoms are getting narrower in the name of national safety, which, BTW is the safety of people which liberties are stripped by such propositions.