The the Protecting Cyberspace as a National Asset Act 2010 (PCNAA) (S3480) Act, widely dubbed the ‘Internet Kill Switch Bill’, was introduced into the Senate this month by Senator Joseph Lieberman, Chairman of the US Homeland Security Committee.
Some of the supporters of the present Bill and analogous legislation proposed last year include Senator Susan Collins (R-ME), Senator Tom Carper (D-DE), Senator Olympia Snowe (R-ME) and Senator Jay Rockefeller (D-WV).
PCNAA has been characterised as the internet kill switch bill, as it allows the President to disable access to the entire internet, to ‘flip the switch’ so to speak in response to a national emergency. The public alarm over the Bill derives from the fact the US Government would be given the power to effectively block access to internet traffic from certain countries.
Civil libertarians and other organisations are concerned about the potential violations to freedom of speech, pointing to websites such as the wikileaks website, which has become popular for releasing videos which portray the American military in a negative light.
The Bill could be used for sinister means, eg to block internet traffic from Iceland to America during a time of war where information coming from Iceland’s wikileaks was ‘inconvenient’ in contradicting pro-war propaganda disseminated to Americans via mainstream media. Many commentators are skeptical about the emergence of this new ‘enemy’, the cyberterrorist, the Government is presenting to justify this radical proposal.
The internet has given users access to instantaneous news, images and videos in real time, in an unfiltered form, direct from the scene of an incident. If these vital sources of information are cut off, it would represent a massive loss. Access to information is a safeguard against tyranny. Without access to information the internet provides, users which be left reliant upon information from elite media interests which can be manipulated for all kinds of reasons. Critics of the legislation are concerned the Government being able to effectively seize control of the internet represents not just an assault on freedom of speech but also a roadblock to ecommerce.
The United States Constitution confers very broad powers upon the President to take whatever action he deems fit in defence of the national interest in response to threats to national security. More specifically, S706 of the Telecommunications Act 1934 shows that the US President has powers to shut off any telecommunications if he deems it necessary to preserve national security. Even though he cannot shut down a website, he already has the power to shut off wireless or wired internet access.
So what exactly does the PCNAA do? The legislation amends the Homeland Security Act 2002 and other legislation with the stated objective of enhancing the resiliency of the cyber and communications infrastructure of the United States. The Bill characterises cyberspace as a ‘national resource’ which has offended other nation states for implying US ownership of what should be seen as an international resource.
It requires owners of critical information infrastructure, a definition that derives from the US Patriot Act, to co-operate with the commands of the Director of the National Center for Cybersecurity and Communications (NCCC), a new office situated within the Department of Homeland Security (DHS). Information infrastructure providers are required to develop a risk assessment plan to mitigate their risks in the event of a Presidential declaration of a national cyberemergency.
The Director can order the owners and operators of critical infrastructure subject to the declaration to implement response plans, in addition to developing and co-ordinating emergency measures or actions necessary to preserve their operation, and mitigate or address any damage or disruption to infrastructure.
Lieberman claims that the Government needs the option to shut down portions of the internet should they come under attack. He has declared that a cyberwar is taking place, and the US economy, public safety and national security are vulnerable to new kinds of enemies, variously described as ” cyberwarriors, cyberspies, cyberterrorists and cybercriminals”.
Lieberman claims that all civilian infrastructure, including the internet that runs the electric grid, transportation and telecommunications is constantly being probed by nation states, terrorist groups and organised criminal gangs. He states that a cyberattack on America could do more damage than a conventional war by crippling the infrastructure of the finance, telecommunications and transportation sectors.
The legislation mandates that companies like broadband providers, search engines or software firms nominated by the Government must comply with any Government prescribed emergency decrees or measure and will be subject to fines and orders if they don’t comply. These measures could consist of implementing encryption or other kinds of physical security mechanisms. However none of the response plans explicitly require telecommunications providers to develop a ‘kill switch’, and the Director is prohibited from requiring an owner from using any specific mechanism.
There is a real question as to whether the President requires any more power. The President already has the constitutional power and a duty to protect Americans and direct the national response he or she thinks fit in the face of any national emergency that threatens the safety and security of the nation.
There is also concern about the vagueness of the legislation and what kind of situation would give rise to the President exercising power to declare a cybersecurity emergency relating to non-governmental computer networks, including what would be ‘necessary’ to respond adequately to such an emergency.
The legislation not only gives the President power to tell Government agencies what to do but also to direct the private sector, as the powers extend to non-governmental networks.
Those who have railed against the legislation, including communications specialists, are also troubled that the legislation could have unintended and unforeseen consequences. One of the troubling consequences is the damage that the US temporarily seizing control over the internet could inflict on the rest of the world. Because most of the core functions of the internet such as the DNS reside in the United States, the operation of the internet would be disrupted in other parts of the world, which would be effectively isolated. This electronic form of blockade could have catastrophic consequences for other countries. Other countries perceive the US labelling the internet as a national resource as misconceived and arrogant, as it should be seen as a global international network.
Human rights activists point out that these types of protocols were activated when the Iranian government shut down, restricted and filtered mobile phone and internet traffic when the population protested in response to the Iranian elections approximately a year ago.
Lieberman has frequently referred to the power China presently has to filter their incoming traffic to support the need for this power, politically speaking, not perhaps the best example to use to support the need for these powers.
If national security related installations are demonstrated to be vulnerable to internet cyberattacks, then surely securing those or providing the capacity to isolate them from the internet would be the more appropriate solution. Does one necessarily have to take down or ensure the US Government protects the entire internet to protect critical infrastructure elements?
Furthermore, if a kill switch approach is activated would that render the ‘kill switch’ itself a potential target vulnerable to some form of cyberattack, abuse or failure? The fact that a kill switch exists could, in and of itself, present a threat to the national security of the US.
The Bill consists of 197 pages. One of the provisions that hasn’t been subject to much discussion is the legal authorisation of surveillance of video and data traffic of persons deemed to be ‘persons of interest’ in the context of ’emergency measures’. This surveillance would of course occur by way of Presidential decree without any form of judicial oversight or court warrant.
The post September 11 environment has given us a glimpse of some of the disturbing erosions of civil liberties and violations of constitutional safeguards which have been justified in the interests of national security.
Whilst it is acknowledged that Google, Government Departments and intelligence agencies have experienced many intrusions into their systems, fending off attacks infiltrating their networks, there are other ways of plunging society into darkness than may occur through the activities of ‘cyberbandits’ or ‘cyberterrorists’.
Transparency, oversight and accountability are critical elements in the manner in which the new cadre of cybersecurity agencies will be allowed to operate, including but not limited to their information sharing activities with private organisations and any ‘legally authorised’ surveillance of citizens.
No related posts.