Internet 'kill switch' bill reintroduced as Egypt remains dark

Senate proposes deactivation law for cyberattacks on same day Mubarak regime cuts service to quell protests

On the heels of what's being described as the biggest electronic shutdown by a government, legislators in the U.S. are trying to reintroduce a bill that would give the President an Internet 'kill switch.'

More on Egypt: Anatomy of an Internet blackout

Last week, the Egyptian government deactivated virtually all of the country's Internet access and mobile phone networks in an attempt to stop the spread of protests to the governance of President Hosni Mubarak. On the same day that Egypt's Internet went dark, senators Joseph Lieberman and Susan Collins re-introduced a bill granting President Obama the authority to shut down the Internet within the United States in the event of a cyberattack.

The bill, an amendment to the Homeland Security Act of 2002, was initially introduced last year but was tabled in December after election of a new Republican-led House of Representatives.

Sen. Collins said the bill would not allow the President to deactivate the Internet in whole or in part during times of political unrest or protest - just during a "cyber emergency," according to Wired.com.

"My legislation would provide a mechanism for the government to work with the private sector in the event of a true cyber emergency," Collins said in an e-mailed response to Wired.com last week. "It would give our nation the best tools available to swiftly respond to a significant threat."

The bill is still undergoing review before it is formally re-introduced, according to Wired.com. But at the time of its initial introduction, it was opposed in an open letter by about 24 organizations concerned that it might lead to broader authority, including Internet censorship.

And a story on Network World's sister site PC World.com concludes that an Internet 'kill switch' in the U.S. would create more problems than it solves. Citing a report commissioned by the Organisation for Economic Cooperation and Development (OECD), taking out the Internet would disrupt citizens and the private sector when they might need the infrastructure the most - during times of cyber- or even military attack, or natural disaster.

And since most targets in a cyberwar or military conflict are private sector organizations responsible for "critical national infrastructure" — communications, energy, finance, food, health, transportation and water — the government depriving them of Internet communications would be even more detrimental, the report suggests.

The OECD report recommends creation of international computer emergency response teams that have a more holistic view of unfolding events than national agencies. This may help governments protect citizens as well as government assets, the report suggests.

"You have to look at the Internet as a form of the public network," says Tom Nolle, president of consultancy CIMI Corp. "If you look at the way the U.S. treats the telephone network, we prioritize calls and communications for public service emergency services and things like that. But I'm not aware of anything that gives the government the authority to cut off telephony."

Nolle says that even though the Internet could come under attack, a 'kill switch' is "inconsistent" with the way U.S. law enforcement treats the telephone network.

"I think it would be a bad policy," he said. "To make the Internet a conduit that is singled out, handled differently than the public switched telephone network is trampling over individual rights in a way that isn't consistent with the country's own policies with communications."

Some - indeed, many - also view the Internet as the new TV or radio network too. And in times of national emergency, the U.S. government can pre-empt programming to communicate alerts or directives over both mediums.

But Nolle says this is different than disabling the infrastructure in whole or in part.

"If the government wants to grab 90% of Internet capacity for national defense or for emergency services, and make it a prioritizing or a pre-emption, then I don't think there's a problem," he says. "There's only three or four major TV networks. If the government pre-empts time on four major networks, then you get to anybody who tunes to those networks. Are there only four major URLs?"

But the Internet is under attack regularly with distributed denial of service (DoS) hits, viruses and other malicious actions while the telephone network, even though it too could be disrupted, is not - at least not to the extent the Internet is. Nolle says it still should not be treated any differently than the PSTN.

"There has to be a set of rules - we have to give the government mechanisms to shut off anybody who initiates (a phone or Internet distributed DoS attack)," he says. "If any given address initiates X number of calls per minute, block it. But that's different than saying, 'You can't use the Internet.'"

"In general killing the ability to communicate in a time of emergency makes the emergency worse - good information is important in an emergency," says Scott Bradner, technical security officer at Harvard University and a longtime participant and contributor to the Internet Engineering Task Force.

Bradner believes the bill may not make much of a difference because the handful of service providers that deliver most of the Internet service in the U.S. "tend (to do what) the government asks even if there is no specific law" if it is deemed in the interest of national security.

"But if a cutoff means that a bank needs to take its ATMs off the net or a power company needs to take its generators off the net... it would not be a problem," he says.

Learn more about this topic

Anatomy of an Internet blackout

Egypt's 'Net blockage an 'Armageddon approach'

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies