New bill could create Internet kill switch in US

by John Anderson

Artwork Courtesy of Staff Artist Omar Rodriguez

President Barack Obama sits in a bunker deep under the White House, his entire cabinet gathered around him at a circular “situation” table. The lights are dim; a cloud of smoke hangs in the air as numerous officials attempt to steady their nerves.

Secretary of Defense Robert Gates is the first to speak. “Sir, they’ve hacked Facebook and Twitter. We have to act, they must be stopped.” The president takes a deep drag of his cigarette, grinds it out, exhales. “Do it. Shut down the Internet.”

Egyptian President Hosni Mubarak made this Internet doomsday scenario a reality two weeks ago in Egypt, shutting off the Internet as thousands took to the streets protesting his regime. Here in the U.S., senators from the Homeland Security and Governmental Affairs Committee are reintroducing a bill that pundits claim will give Obama his own Internet shutdown capability.

Senate Bill S. 3480, the Protecting Cyberspace as a National Asset Act of 2010, was introduced last year as a measure to protect the American way of life by safeguarding the Internet, but it stalled just after leaving committee. Senators Joe Lieberman and Susan Collins are now bringing it back, intending to “protect the U.S. from external cyber attacks.

“Sounds like a good idea. However, the dangerously ambiguous language embedded in this bill, along with its immunity from judicial review, gives it the power to hamper free speech and commerce. It also approaches Internet-related catastrophes like a neural surgeon operating with a machete. Ambiguous language in legislation, you say? How novel. Indeed, the bill is littered with vaguely defined, but important terms. S. 3480 repeatedly references the importance of protecting “critical infrastructure.”

It defines such infrastructure as given in 1016(e) of the USA Patriot Act. Oh goody, another bit of insanely popular and well thought-out legislation. A brief glance at the aforementioned act reveals critical infrastructure as “systems and assets, whether physical or virtual,” that “would have a debilitating impact on security,” if lost. Well, that’s not vague at all.

One can appreciate the need for using relatively nebulous language in legislation. Laws must be able to account for unforeseen developments, such as technology or the general whims of our elected officials. Many of our laws are based on the implicit powers granted government by our constitution.

The U.S. has a long history of granting implicit power to government, which is not a problem. All branches of government take liberties with the constitution, sometimes sparking infernos of debate, which are healthy for our society. Fortunately, those powers are subject to judicial review, which helps prevent any single branch from gaining an excess of authority.

Yet, S. 3480 gives the Office of Cyberspace Policy the authority to define critical infrastructure as whatever it wants, and expressly forbids judicial review of those definitions. If the OCP determines critical infrastructure to mean all non-governmental mobile-broadband, DSL, and cable Internet service providers, that definition can stand unchallenged. If the OCP decides your laptop is part of critical national infrastructure, they can seize that too.

As long as DHS and Obama decide taking your laptop for 120 days is minimally disruptive and will help safeguard the nation, the Supreme Court will not help you. While no Internet kill switch language exists in the bill, the ambiguity and lack of judicial oversight leaves the door wide open to such a possibility.

Some experts doubt the wisdom of approaching an attack on our information systems with a lockdown military mindset. The Department of Homeland Security has already shown how capable it is in responding to catastrophes. Let’s be frank, the Federal Emergency Management Agency’s “delayed” response to Hurricane Katrina doesn’t exactly inspire confidence in its ability to alleviate pain and save lives. Perhaps entrusting DHS with the responsibility of creating and implementing a national cyber emergency response is not the best course of action.

Peter Sommer and Ian Brown, in a report for “Global Future Shocks.” found that because targets of cyber attacks will be mostly civilian, “a purely military approach to cybsecurity defense is limited.” They instead advocate “governmental-civil contingencies,” which is just as confusing as reading the bill. The meat of their proposal is to facilitate government and industry working together to solve a common problem. By training experts and educating the community, we can reduce the impact of a massive sustained attack on American information networks without allowing the government to seize control with its Internet incineration initiative.

The bill finds some redemption in this sense. There are several clauses encouraging private-public cooperation, empowering industry leaders to help come up with ideas that will help safeguard our precious time sink. If we can have an emphasis placed on improving security, add judicial review  and introduce some explicit language to prevent civil rights abuses, we will be able to stop worrying about Obama’s Internet murder button.

—John Anderson is an international security and conflict resolution junior.

—The views expressed in this column do not necessarily reflect the opinion of The Daily Aztec.

Print Friendly, PDF & Email