I've changed my mind. America must never allow an Internet "kill switch". Here's why.

I've changed my mind. America must never allow an Internet "kill switch". Here's why.

Summary: America was founded on a system of checks and balances. Anything that provides this much power and explicitly removes the checks and balances can't be allowed to stand.

SHARE:
TOPICS: Security, Browser
175

It's been an interesting week. For us here in America, and for most Internet users worldwide, we got to see -- from the outside -- what it looks like when a country drops offline.

It ain't pretty.

In fact, it's shockingly disturbing. It was Egypt, of course, that went dark for a week. That country, like many in the Middle East, is in turmoil for reasons far greater than Internet access.

But when Egypt went off the grid, we got to see just how much we -- and by "we," I mean the entire world -- rely on our ability to connect to the Internet.

The Internet "kill switch" bill

That brings me to what the press has been calling the Internet "kill switch". There's a bill that's working its way through the sausage factory we call the United States Congress. It's officially called the "Protecting Cyberspace as a National Asset Act".

The reason the press and bloggers have been calling this bill the "kill switch" bill is because one purpose of this bill is to give the President what would effectively be cyberspace war powers, and as the discussion goes, allow him (or her) to shut down America's Internet, completely.

As a cyberwarfare adviser, I was originally a proponent of the idea of complete shutdown in times of extreme attack. I felt it might be necessary to completely shut out the attackers, and by turning everything off, an attack that might be spreading through botnets could be cut off at the neck.

Don't get me wrong. Botnet-based attacks are absolutely terrifying, and in their worst case scenario, they could cause America grievous harm.

But I no longer believe that shutting everything off is a good idea. After watching what went on with Egypt and spending a week thinking about the issue from both a policy perspective as well as from the perspective of national defense, it's become clear that a "kill switch" that can just shut everything off is a bad, bad idea.

There are a few of you out there who are sure to call me a "flip-flopper" because I changed my mind, but I reject that characterization completely. One way a scientist learns is through observation. Those observations become data reintroduced into whatever scientific model is currently being considered. To not integrate observations into the model is to be doctrinal, not scientific. That's fundamentalist -- as well as impractical.

I changed my mind because I got more information and, after integrating that information, came up with new conclusions based on more comprehensive data. That's not flip-flopping. That's thinking.

Why a "kill switch" is a bad idea

First, many of us would be completely cut off from the rest of the nation and from our families. More and more Americans communicate via the Internet and no longer use old-fashioned hard-wired phone lines. Many of us are mobile users or VoIP users, and all would be shut off.

More to the point, many online first responders would be cut off as well. It'd be as if we locked all our Marines inside a panic room. They wouldn't do us much good cut off from the battle. The same is true of our first responders in cyberspace. If we shut off the Internet, we'd lose many of the network engineers we'll need to fight back.

If we completely shut down the Internet, we also wouldn't be able to install patches and fixes, or distribute them across the country. Many of us work remotely from the servers we manage and even our secure VPNs would be shut down, locking us out of the servers we'd need to protect, repair, or decontaminate.

If we completely shut down the Internet, our system engineers, computer scientists, and security officials would not be able to collaborate -- even on secured connections -- to fight back or recover from an attack.

Once the Internet was shut down, switching everything on at once could well be far worse than the original attack. If all our systems came back online at once, the loads on all our networks and systems would be tremendous, we'd allow in floods of new attacks, and the aftershocks could be far worse than the original attack we were defending against.

As valid as all those arguments are, there's one more reason why a nationwide "kill switch" is a very bad idea.

It's this: the Internet kill switch mechanism itself would have to be coordinated, integrated, and linked. That, alone, introduces a critical new highly-vulnerable failure point that could be targeted by attackers and terrorists.

So, now that we're agreed that implementing a nationwide Internet "kill switch" is a bad idea, what about the "Protecting Cyberspace as a National Asset Act"?

Next: The good, bad, and creepy »

« Previous: Why the kill switch is a bad idea

Is the bill a bad thing?

Since the Protecting Cyberspace Act is the Internet "kill switch" bill, shouldn't it, itself, be killed?

The answer isn't as cut and dried as you might think. See, here's the thing. The Protecting Cyberspace Act doesn't exactly provide the President with a "kill switch".

In fact, a lot of what the bill provides for are a very good ideas. The bill sets out the concept that cyberspace is a strategic asset for the United States and needs to be protected like any other strategic asset. This is good.

The bill also acknowledges that we're likely to come under severe attack and need to have a way to respond. We also need to have a single point of authority to make sure we respond in a coordinated way, instead of having all of America's security forces working at cross-purposes. That single point of authority is the President. This makes sense.

Where some people get nervous is that the bill allows the President, in extreme circumstances, to jump in and take action, and possibly take control of private assets.

Say, for example, that a massive attack is coming through Verizon's network and Verizon isn't responding. Maybe the company is overwhelmed or maybe it doesn't see it as a high priority -- or maybe the company simply doesn't want to incur the expense of paying all its engineers to work massive overtime.

To be fair, this isn't the best example, because my experience has been that Verizon takes cyberthreats extremely seriously and is fully prepared to do battle. But let's just use this example anyway.

What the bill would allow the President to do would be to take action if Verizon wasn't willing to do so. Most likely, that would involve sending in technical experts to help resolve the problem. It might involve sending in the Army Corps of Engineers to build out emergency infrastructure. Or -- and here's where it gets a little scary -- it might allow them to shut down a server or portion of a network if it's been unacceptably compromised.

This, too, is good. If America is attacked, we need to be able to respond. If we're attacked online, it's good to know that our commercial vendors would be backed up by government resources.

Go ahead and criticize Congress all you want. But don't bitch about government competence in cybersecurity. I've met and worked with a large number of U.S. government cybersecurity experts, both in the FBI and other agencies -- and these folks are among the smartest dudes I've ever encountered. They give the best of the best at Google or Microsoft a run for their money.

Anyway, let's get back to this bill. The bill -- as it stands now -- is written in such a way as to limit powers and to restrict when they can be used. Much of the bill is actually quite good.

The creepy Big Brother part

Much of it is good, but not all. There's a very weird clause in Section 254(c), Part 4 called Final Appeal. This section is the section where commercial vendors get to argue the government's decision -- both in terms of remuneration of expenses and actions to be taken.

This section has the following sentence, and it's a doozy: "A final decision in any appeal under this subsection shall be a final agency action that shall not be subject to judicial review."

Shall. Not. Be. Subject. To. Judicial. Review. That ain't good. Nope, not at all. Everything should be subject to judicial review.

The problem isn't that the bill grants exceptional powers to the President. That's why we have a President.

The problem isn't that the bill allows the government to intercede in the middle of a cyberbattle. National defense is one of the main reasons we want and need government.

No, the problem is that the bill allows for exceptional powers and government intervention -- and then explicitly prevents judicial review.

That's where it starts to get downright creepy.

So let's wrap this up.

The idea of an overall "kill switch" is bad because a centrally-coordinated "kill switch" could increase vulnerability and turning everything off would prevent us from developing a coordinated response.

Much of what's in the "Protecting Cyberspace as a National Asset Act" is actually a good idea and can help protect our national interests.

But, when judicial review is thrown out the window in this bill, then the whole thing becomes suspect. I have to recommend it go back to committee and that clause (and anything remotely like it) be removed.

America was founded on a system of checks and balances. Anything that provides this much power and explicitly removes the checks and balances can't be allowed to stand.

Topics: Security, Browser

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

175 comments
Log in or register to join the discussion
  • RE: I've changed my mind. America must never allow an Internet

    [i]No, the problem is that the bill allows for exceptional powers and government intervention ? and then explicitly prevents judicial review.[/i]

    I'm OK with this. It's like Good Samaritan law. In a cyber attack like the one this article contemplates, I don't want government engineers' bosses pulling punches because of fear of judges using 20-20 hindsight.






    :)
    none none
    • ... and doesn't work.... and it totally dumb

      I think he missed 'doesn't work and is totally dumb'.<br><br>It confuses geographic with network topology.<br><br>If you look at the logs for a server hit by a DISTRIBUTED denial of service attack, the hits come from any compromised machines, and most of them are in the USA. <br><br>If you look at where the password crackers are hitting from, they're random spammer cracked email servers.... again often in the USA.<br><br>The idea that Chinese script kiddies nicely launch a denial of service attack from China, and that Russian Script Kiddies launch their attack from Russia, and that Romanian script kiddies launch their attacks from Romania.... well it's just not real.<br><br>So you give a President the power to kill the US internet, as if that fixes more than it breaks. <br><br>Egypt cut the net, because Egypt has Internet Censorship, because Mubarak's secret police keep tight reign on the people. They cut it, now it's up again, but closely monitored and people are being arrested for protesting against him online. The technology makes it easier to identify his opponents.<br><br>If anything you need to learn the dangers of putting a tool of mass surveillance in the hands of a dictator. Because it's a lot easier to get a dictator into power than to eject him.
      guihombre
    • wtf...who is America to do this. Internet is not jut 'America's Asset'Us ip

      @none none
      GlobalT
      • RE: I've changed my mind. America must never allow an Internet

        @Arun Dammalapati - If the bill tried to legislate anything about the Internet outside the USA, then you would be absolutely correct. America has no right to do that.

        However, America does have the right to control its borders. Defense of our borders is one of the only legitimate responsibilities of the federal government.

        Egyptians have the right to control their borders. In the Egyptian system of government, it was decided to stop Internet traffic. I am in no way suggesting that this was a "right" or "good" thing to do. The Egyptian people might want to change their system of government. That is their business.
        pwatson
      • RE: I've changed my mind. America must never allow an Internet

        @Arun Dammalapati Put down the "I hate America" kool aid here for a minute. NO one is saying America gets to dictate what countries can and can't have internet - that's wrong. What America can dictate is if America can have internet. THAT is what this piece is about. Got it?
        athynz
      • RE: I've changed my mind. America must never allow an Internet

        @Arun Dammalapati
        Nope, you are wrong. Author never said Internet is America's Asset. But as an American I feel We should protect our borders whether it is physical or cyber.
        Ram U
    • Do you also believe...

      @none none
      ...that police actions should not be subject to judicial review? After all, how can the cops effectively fight crime when judges are allowed to second guess them?
      John L. Ries
      • RE: I've changed my mind. America must never allow an Internet

        @John L. Ries
        Great analogy . . . I agree!
        zatynski@...
    • Think longer term to see this is a bad idea...

      @none none Our government has been taking away our freedoms, one-by-one for the past decade. In many ways, we are halfway to full-on oppression, already. Giving the government an Internet kill switch is not intended as a thwart for cyber war. It is for controlling our own citizens, plain and simple. They are afraid people will get fed up with the increasing levels of oppression one day and take them out of power. They want the Internet kill switch for the same reason Egypt and China have it - to control their own people. We are quickly becoming one of the worst democracies in the world thanks to our corrupt, power-crazed government. This would be one more step down that road.
      BillDem
      • Amen!

        @BillDem
        Those who think that America is free or that the leaders of America have their citizens' welfare at heart should wean themselves off the propaganda that they were served in public school.
        sissy sue
      • RE: I've changed my mind. America must never allow an Internet

        @BillDem
        This is why I can tell people I hate the current as well as last administrations equally. Though people will disagree I feel that our country has been in jeopardy since Bob Dole and Bill Clinton were candidates, and the results we are now experiencing can possibly be linked to the N.W.O. or even Bildabergers. Call me crazy, but all the promises espoused during the Obama campaign have not been realized and that wrongs such as the Patriot Act from former President Bush have only been expanded on by current legislation involving the "Kill Switch" and Net Neutrality Acts. Now go ahead everybody yell and scream at me, but neither the GOP or Dems seem to care for your or my freedoms anymore.
        partman1969@...
      • RE: I've changed my mind. America must never allow an Internet

        @BillDem I totally agree to this. If they limit our access to the Internet it will be easier to 'control' the people and shut us off from informing others of the actions of the government.
        bettyjo@...
      • RE: I've changed my mind. America must never allow an Internet

        @BillDem I AGREE WITH @BillDem, our Liberal Democrats would like nothing more than to take away all of our freedoms. We can let them do that. Period....
        iamhokester@...
      • Agree with most of your post, but our rights started being taken away

        many decades ago, and before the FDR presidency, when progressives started realizing that, socializing much of our infrastructure could be a way to give more control to government over its citizens.
        adornoe
    • RE: I've changed my mind. America must never allow an Internet

      You cannot have an internet kill switch. Because if you did, you would also kill all kinds of industry. Banks would not be able to commicate with each other. Miltary, and other areas would not be able to comminicate.

      What we should be doing is creating free or low-cost antivirus software to make sure people have them on their computers to prevent attacks. We should also be beefing up edge routers that connect to other countries to better protect ourselves, or them too...
      ajapierce
      • RE: I've changed my mind. America must never allow an Internet

        @ajapierce ... Low cost and even excellent, free av-ware is already available. But it could be improved.

        Same for the routers I think, but I'm mostly ignorant of that sort of technology.
        twaynesdomain-22354355019875063839220739305988
      • RE: I've changed my mind. America must never allow an Internet

        @ajapirce That is also part of the reason they want a "kill switch". Do you think the stock market crash would have been so bad if we had a "kill switch"? Personally I hate the idea of big brother looking over my shoulder. And I'm wondering if the Internet would fall under the 1st Amendment?
        I strongly agree with you as far AV software and "beefing up edge routers that connect to other countries" are concerned.
        jharber72
      • Security is the question!!!!

        I understand the bill, coming from the military perspective, it about prevention and protection. From my understanding, and I don't have any reference to this back this up, but I also don't see people learning, understanding, or taking precautions for their network systems. I am sure high end business, but not the small business, which is the key to our country. Maybe we should put forth efforts into hiring Security Experts, this would also gain some employment...Any thoughts?
        Vetgeek@...
    • After 106 posts and we still havent herd what Loverock Davidson

      has to say. We'd be lost without his usual input. :-)
      Over and Out
    • RE: I've changed my mind. America must never allow an Internet

      @none none Lieberman's Cybersecurity and Internet Freedom Act 2011 (and no doubt, any Republican bill as well) is the most treacherous bill ever introduced in Congress. It represents the demise of the USA's technology sector and ushers in Big Brother. If ever the Mark of the Beast became real, this represents the technology to implement it. Every red blooded American (conservative & liberal alike) needs to read the following indepth analysis of the bill. This article breaks the bill down into understandable points, covers the treacherous authorities given to the Director of the new Cybersecurity Agency proposed as well as the POTUS's authorities. The implications of the bill are also broken down with quotes directly from the bill to support them. Contact information for Senators & Representatives is also given. We need to create such a groundswell of discontent that the media will be forced to cover it.

      http://shortlittlerebel.wordpress.com/2011/08/04/an-in-depth-analysis-of-liebermans-cybersecurity-bill-2011-giving-birth-to-big-brother/
      Short Little Rebel