Page 1 of 1

#1 US internet 'kill switch' proposed

Posted: Mon Jun 21, 2010 1:49 pm
by frigidmagi
SMH
US President Barack Obama would be granted powers to seize control of and even shut down the internet under a new bill that describes the global internet as a US "national asset".

Local lobby groups and academics have rounded on the plan, saying that, rather than combat terrorists, it would actually do them "the biggest favour ever" by terrorising the rest of the world, which is now heavily reliant on cyberspace.

The proposed legislation, introduced into the US Senate by independent senator Joe Lieberman, who is chairman of the US Homeland Security committee, seeks to grant the President broad emergency powers over the internet in times of national emergency.

Titled "Protecting Cyberspace as a National Asset Act", the bill stipulates any internet firms and providers must "immediately comply with any emergency measure or action developed" by a new section of the US Department of Homeland Security, dubbed the "National Centre for Cybersecurity and Communications".

Lobby group TechAmerica told ZDNet it worried that the bill would give the US "absolute power" over the internet and create "unintended consequences".

One of Australia's top communications experts, University of Sydney associate professor Bjorn Landfeldt, railed against the idea, saying shutting down the internet would "inflict an enormous damage on the entire world".

He said it would be like giving a single country "the right to poison the atmosphere, or poison the ocean".

"All our financial systems, all our security systems ... we're so reliant on the internet that if you shut it down there's a question of whether society will continue to operate normally anywhere in the Western world," Landfeldt said in a phone interview.

"By doing this they would do the terrorists the biggest favour ever because they would terrorise the rest of the world".

Landfeldt said the US would be the only country in the world with the ability to shut down the internet. He said such a move would be extremely difficult for the US to justify to other nations.

"Unfortunately, too much of the core of the internet resides in the US - let's put it this way, they cannot shut down machines in Australia, but they can completely isolate us and shut down certain core functions like the DNS ... they can render the internet fairly useless for the rest of the world," he said.

Senator Susan Collins, co-sponsor of the bill, has said: "We cannot afford to wait for a cyber-9/11."

Lieberman argued the bill was necessary to "preserve those networks and assets and our country and protect our people".

He said that, for all its allure, the internet could also be a "dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets".

US economic security, national security and public safety were now all at risk from new kinds of enemies, including "cyber warriors, cyber spies, cyber terrorists and cyber criminals".

Geordie Guy, spokesman for the online users' lobby group Electronic Frontiers Australia, said governments around the world seemed terrified of some unidentified risk that they believe the internet poses.

"The proposal is from Joe Lieberman, a repeat offender on rights versus regulation, in a bill called Protecting Cyberspace as a National Asset Act of 2010," he said.

"One wonders which nation Senator Lieberman considers the internet an asset of, and how proposing its destruction by presidential or homeland security order protects it.

"The internet is not a national asset of the United States, nor is it a media regulation problem of Australia. It is an international network used by millions upon millions of citizens and it needs to remain free and available."

Communications Minister Stephen Conroy did not respond to calls requesting comment.

Google, one of the world's biggest internet companies, declined to comment as it was not yet official US government policy.
Sadly this is only the 2nd dumbest thing that a government body in the US has talked about this weekend.

Still a kill switch? Why on earth would anyone want any government to have that kind of power. This is definitely one of those places the state should not go (another one being our bedrooms and living rooms). If you're worried about hackers stealing top secret government shit, don't put it on the internet! This is utterly unneeded, unnecessary and unwanted power grab.

Fuck you Lieberman, you're a hack!

#2

Posted: Mon Jun 21, 2010 7:17 pm
by Cynical Cat
I guess Lieberman feels the necessity of reinforcing his stupid douchebag rep. It's also hilariously unnecessary as anything really critical isn't hooked up to the internet. Except, you know, the parts of the economy that have to communicate with other parts of our society and would be crippled by this brain dead move.

#3

Posted: Tue Jun 22, 2010 2:14 am
by Jason_Firewalker
I was unsure if Joe Lieberman could get his head any further up his own ass till I read this. It is more shooting the American people, hell the people of the world in the foot rather then fixing anything.

#4

Posted: Tue Jun 22, 2010 6:38 am
by The Minx
What is the point with this plan? They even go and say that it is a national asset, why would they want the power to kill it?

If this becomes law, watch as the rest of the world starts to build the infrastructure necessary to make the US presence on the internet expendable. And it will all be thanks to Lieberman.
Senator Susan Collins, co-sponsor of the bill, has said: "We cannot afford to wait for a cyber-9/11."
Cyber 9/11? What does this even mean? It doesn't make any sense.
He said that, for all its allure, the internet could also be a "dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets".

US economic security, national security and public safety were now all at risk from new kinds of enemies, including "cyber warriors, cyber spies, cyber terrorists and cyber criminals".
Either they have no idea of what they are talking about or they're just looking for the excuse to run roughshod over people. And they're still milking "9/11" for all its worth. :roll:

#5

Posted: Tue Jun 22, 2010 11:05 am
by Ace Pace
Lets go and do an interesting thought experiment. Labelled "what led to this law".
Cyber 9/11? What does this even mean? It doesn't make any sense.
Sure it does. It means an event upon the communications landscape in the U.S. that is just as meaningful.

Now what does that mean? Lets lay out the systems that are connected to the internet. Now, lets define internet, since the public sees it as one thing, while policy people see it as another.

The internet, as the U.S. gov sees it, is data pipes. It's the backhaul that enables things, and as such, is no different from telegraph lines, radio spectrum, etc. This is a strategic asset, upon which the U.S. relies for most of it's modern edges, be they economic or political/defense.

Now, back to whats on the internet. Lets start with the obvious economic ones.
Banks are online, all banks communicate through the internet. Some do it through dark fiber (backhaul that isn't connected to the greater internet), most do it through the internet. ATMs communicate with branch offices through the internet.
Hospital services are online. Hospitals exchange information with one another through the internet.
Industrial machines are connected to each other, through an intranet. These small LANs are usually connected to other industrial locations through a WAN, that is typically laid out over the internet.
Voice communication occurs over the same backhual that the rest of the internet goes through.
In many countries, and slowly in the U.S. essential services are provided through the internet. Estonia had it's medical services shut down as the hospital systems were attacked and shut down.

Defense and policy. One of the main tools of the goverment to communicate data, whether to citizens or to other nations, is the internet. In 2008, Russia also shut down the Georgian 'State department', leaving it incapable of receiving and transmitting communications to the rest of the world. Today, Israel provides many "citizen services" (as the government puts it) through the internet, such as taxs, bills, requests for official papers and so forth.
ATC(Air Traffic Control) systems communicate with each other over radio and such, but increasingly over fiber links. Some of them (for cost reasons) going over the same backhaul as the internet.

Shutting these down would severely hamper many aspects of modern life. Some of them, far more than 9\11 changed things (at the time) for the U.S.A. This is without going into defense!

The list of U.S. defense matters that are conducted over the internet is enormous, such as unsecured mail, video links (such as the famous UAV story), communications with contractors, you name it.

So, into reality. What does control over the internet mean? I, not having read the law, can't be sure. However, I imagine this includes having the ability to order ISPs to shut down some links. To implement coarse filtering. At will, to shut down or modify the root DNS servers.

How effective are such measures? Pretty effective at stopping attacks Georgia/Estonia style.
If you're worried about hackers stealing top secret government shit, don't put it on the internet!
This bill is not aimed at preventing the Chinese from stealing top secret government shit, which is not online. You can do plenty of damage without this.


Is the 'cure' in this case worse than the solution? No. Israel has suffered several mass scale DoSes without a problem by simply shutting down some links. The targeted services were unaffected. But don't let this stop the fucking hysteria over "shutting down the internet."

#6

Posted: Tue Jun 22, 2010 1:53 pm
by B4UTRUST
The Minx wrote:Cyber 9/11? What does this even mean? It doesn't make any sense.
Ever see the 4th Die Hard movie? While I will flat out state that that movie is so far removed from realism it's not even funny, that's the type of cyber 9-11 they're worried about. A total breakdown of communications across the grid.

For the past 4 years DHS has been involved in US network penetration testing along with branches of the military and government as well as numerous IT, communications, transportation and financial companies and groups to test US preparedness to a foreign cyber attack. The DHS has released their reports of their findings on the ability of the digital infrastructure to respond to, repel, and address post attack damages. There is no pass or fail ratings on these tests. There is no grading, there is no A or F. It's simply reports of their findings. And in the last 3 years we have improved every year. However, it has still come down to the same basic conclusion. The US digital infrastructure is not prepared to handle a concentrated large scale cyber attack against us.

The Department of Defense has SIPRnet and JWICS systems that exist in parallel to the civilian internet systems. And those usually manage to stay relatively complete though they have been penetrated and broken at times during these tests. That's the good news. Our military systems are equipped and able to deal with this type of threat. Our govenment agencies such as the FBI, CIA and NSA are likewise fairly able to survive and restore communications. However, the same cannot be said for just about anything on the civilian side of the board. Banks, ATC, the stock market, company systems, phone systems, electrical companies and grid controls, police, fire, medical, etc are not nearly as prepared to handle this sort of attack.

If you recall about 11 years ago the world was afraid that the Y2k bug would hit us and reduce us all back to the stone age. That everything that ran on a computer would shut down and not come back up and that the world as we knew it would come to an end. It turned out to be a whole hell of a lot of worry all for nothing. But that is the general fear that politicians who don't understand the details and the reality of the situation believe. The reality is not nearly as apocalyptic as all that but the reality is that if we were to be hit by such a large scale attack on our systems it would fuck the country for a bit. There is a good chance that planes may crash, that the stock market may crash, that your bank and financial institutions may lose data and all your money, represented as 1s and 0s may disappear for a while until they can restore their systems and load backups. Your phones may not work because the wireless system may be taken down. Happens all the time in the south during hurricane season. You get a hurricane three states away and next thing you know your cell coverage drops to nill for a week until everything comes back up and clears out. Your landlines may or may not work based on the systems Ma Bell is able to keep up and running. Of course you and every other person would be trying to get through to someone else so the lines would be jammed up even if they are working. You'd lose your internet access. You'd may lose power. The hospital may lose your records if they're stored in a digital format. If they're paper, you're alright. I'd give it good odds that in some cities and areas there would be rioting and looting if things were down for more than a few days. But then again in places like LA they may start looting as soon as the lights go out. Who knows. The military and national guard would be up and running more likely than not as would most major critical government agencies. Police, Fire and Rescue would be based on how much of their systems are tied into the internet such as communications and response systems. 911, radio dispatch, etc. Of course any and all computer systems they get up and running are all dependent on power and backup generators. Same with hospitals. Most of those are fairly well equipped for power outages though. A lot of the world may lose access to Google and Yahoo. And worst of all, everyone would probably lose access to LibArc for awhile.

It could be bad in the short term, definitely. So I can see the use of the ability to cut the U.S.' connection to the rest of the world temporarily to prevent further damage and probably take out a good chunk of the attacking force's internet capabilities at the same time. I can understand the want for it. However, my concern would be the time it would take to execute this and wondering if it may end up that by the time we get this done the damage has already been dealt. Closing the barn door after the horse has bolted so to speak. But it would provide us time to restore our systems without having to worry about another cyber-attack hitting us while we're rebuilding.

#7

Posted: Tue Jun 22, 2010 4:06 pm
by The Minx
Of course cyber attacks are a real threat to a modern economy. But given a major attack where large sections of the internet are at risk of being shut down, I'm not sure what an "internet kill switch" would do to make things better. It looks sort of like setting your own house on fire to chase out the arsonist.

And again, can't other countries simply set up redundant systems to keep their own networks going in case the US pulls the plug?

#8

Posted: Tue Jun 22, 2010 4:16 pm
by B4UTRUST
A lot of places in Europe and Asia have the higher end technology to help run parts of the Internet. The Internet would not collapse just because the US went offline. It would go on. It would just have a large section of blackouts until things could be rerouted. And then a lot of sites and services would be down until it came back online.

#9

Posted: Tue Jun 22, 2010 4:45 pm
by The Minx
Not surprising, since the net was designed with multiple redundancy. The whole point was that the whole would go on even if parts of it were shut down. :)

Yea, so I'm guessing that they'll be expanding these capabilities if this passes.

#10

Posted: Tue Jun 22, 2010 10:37 pm
by Ace Pace
The Minx wrote:Of course cyber attacks are a real threat to a modern economy. But given a major attack where large sections of the internet are at risk of being shut down, I'm not sure what an "internet kill switch" would do to make things better. It looks sort of like setting your own house on fire to chase out the arsonist.

And again, can't other countries simply set up redundant systems to keep their own networks going in case the US pulls the plug?
Again, we're not talking about an internet kill switch. We're talking about the ability of the government to modify infrastructure rapidly. For example, shutting down specific transatlantic links. Or filtering away entire IP ranges (for pure internet stuff). Think.

#11

Posted: Wed Jun 23, 2010 12:50 am
by The Minx
Ace Pace wrote:Again, we're not talking about an internet kill switch. We're talking about the ability of the government to modify infrastructure rapidly. For example, shutting down specific transatlantic links. Or filtering away entire IP ranges (for pure internet stuff). Think.
That's not what I gather from the article which not only specifies "kill switch" in the title, but either says or suggests as much at several points. Do you have additional information about what the bill says? :???:

Not that granting the government the kind of power you suggest sits well with me either.

#12

Posted: Wed Jun 23, 2010 2:57 pm
by Ace Pace
The Minx wrote:
Ace Pace wrote:Again, we're not talking about an internet kill switch. We're talking about the ability of the government to modify infrastructure rapidly. For example, shutting down specific transatlantic links. Or filtering away entire IP ranges (for pure internet stuff). Think.
That's not what I gather from the article which not only specifies "kill switch" in the title, but either says or suggests as much at several points. Do you have additional information about what the bill says? :???:

Not that granting the government the kind of power you suggest sits well with me either.
The government already has the power to shut down air, land and sea transportation. It can take over the radio waves in an emergency. All these things are sane and understandable in some situations.

No, unfortunately I've been piled up at my glorious day job and have yet to go over the bill itself.

#13

Posted: Thu Jun 24, 2010 12:22 pm
by fgalkin
Stolen from SDN
It's no secret that Senator Joe Lieberman (I-CT) isn't the most popular guy in the Senate, or that his rather conservative positions on national security have left many people suspicious of his motives when it comes to national security legislation. So it should have come as no surprise when CNET chief political correspondent Declan McCullagh wrote that Lieberman intended to give the President the power of an "Internet kill switch" in the event of a national emergency -- and sparked an uproar.

But, surprising it was -- especially to Lieberman and his staff on the Senate Committee on Homeland Security and Government Affairs. They argued that, in fact, the bill limited the powers already invested in the President to shut down telecommunications providers. Leslie Phillips, the communications director for the committee, said, "The very purpose of this legislation is to replace the sledgehammer of the 1934 Communications Act with a scalpel." So, who is right?

A review of the 1934 Telecommunications Act (as amended in 1996) does indicate that the President has broad powers to simply shut off any and all regulated telecommunications if he deems it necessary for national security. Section 706 of the Act, entitled "War Emergency -- Powers of the President" says:

(c) Upon proclamation by the President that there exists war or a threat of war, or a state of public peril or disaster or other national emergency, or in order to preserve the neutrality of the United States, the President, if he deems it necessary in the interest of national security or defense, may suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations within the jurisdiction of the United States as prescribed by the Commission, and may cause the closing of any station for radio communication, or any device capable of emitting electromagnetic radiations between 10 kilocycles and 100,000 megacycles, which is suitable for use as a navigational aid beyond five miles, and the removal therefrom of its apparatus and equipment, or he may authorize the use or control of any such station or device and/or its apparatus and equipment, by any department of the Government under such regulations as he may prescribe upon Communications Act of 1934 just compensation to the owners. The authority granted to the President, under this subsection, to cause the closing of any station or device and the removal therefrom of its apparatus and equipment, or to authorize the use or control of any station or device and/or its apparatus and equipment, may be exercised in the Canal Zone.

(d) Upon proclamation by the President that there exists a state or threat of war involving the United States, the President, if he deems it necessary in the interest of the national security and defense, may, during a period ending not later than six months after the termination of such state or threat of war and not later than such earlier date as the Congress by concurrent resolution may designate, (1) suspend or amend the rules and regulations applicable to any or all facilities or stations for wire communication within the jurisdiction of the United States as prescribed by the Commission, (2) cause the closing of any facility or station for wire communication and the removal therefrom of its apparatus and equipment, or (3) authorize the use or control of any such facility or station and its apparatus and equipment by any department of the Government under such regulations as he may prescribe, upon just compensation to the owners.

In other words, as Phillips told us, the President already has an Internet kill switch: he can't shut off a website, but he can shut off any and all wireless or wired Internet access.

Lieberman's Protecting Cyberspace as a National Asset Act of 2010 (S. 3480) is, thankfully, somewhat more complex than that. It requires that owners of critical infrastructure, a definition that dates to the PATRIOT Act, work with the newly created director of the National Center for Cybersecurity and Communications within the Department of Homeland Security, to develop a risk assessment and a plan to mitigate their risks in the case of a national cyber emergency. If an emergency is declared, that director will:

(A) immediately direct the owners and operators of covered critical infrastructure subject to the declaration under paragraph (1) to implement response plans required under section 248(b)(2)(C);

(B) develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure;

(C) ensure that emergency measures or actions directed under this section represent the least disruptive means feasible to the operations of the covered critical infrastructure

None of those response plans expressly require that telecommunications providers develop a kill switch; in fact, the director is prohibited from requiring an critical infrastructure owner or operators from using any specific mechanism.

The owners and operators of covered critical infrastructure shall have flexibility to implement any security measure, or combination thereof, to satisfy the security performance requirements described in subparagraph (A) and the Director may not disapprove under this section any proposed security measures, or combination thereof, based on the presence or absence of any particular security measure if the proposed security measures, or combination thereof, satisfy the security performance requirements established by the Director under this section.

Phillips reiterated this point with TPMDC: "There is not a 'kill switch.'" When asked what measures might be envisioned by the legislation, she said, "A software patch, or a way to deny traffic from a certain country. All these measures were be developed with the private sector, not imposed on it."

In addition to the measures that allow companies to come up with their own ways to mitigate the risks to their companies (and customers) from cyber attacks, and the requirement that they use the least disruptive means possible and attempt to mitigate larger impacts, the legislation also only allows the President to impose the state of emergency for 30 days, with a potential extension of 30 days. Under current law, he is allowed to shut down any and all telecommunications infrastructure for as long as he likes.

McCullagh said, in his initial analysis, that "The legislation announced Thursday says that companies such as broadband providers, search engines, or software firms that the government selects 'shall immediately comply with any emergency measure or action developed' by the Department of Homeland Security." That is slightly misleading, as owners and operators of critical infrastructure have already been identified by the Department of Homeland Security as part of the PATRIOT Act and the 2002 Homeland Security Act.

Although the full list of pieces of critical infrastructure isn't available for download for obvious reasons, the membership of the Critical Infrastructure Partnership Advisory Council -- which is designed to give those owner-operators a chance to work closely with DHS when they are developing their regulations and assessing the ways to best protect critical infrastructure -- is publicly available. And, if gives a pretty comprehensive look at what, exactly, DHS considers "critical infrastructure."

There are 17 sector committees -- everything from chemical companies to nuclear facilities and shipping companies to dam operators. There is also one committee for communications infrastructure and another for information technology. The Communications Committee and Information Technology Committee have some overlap in terms of membership, but the exclusively consist of Internet infrastructure providers, telecommunications companies, some hardware companies and software companies that work in the security area. They do not include search engines, news web sites or anything of the kind -- sorry, folks, the government just doesn't consider you "critical" enough.

Phillips told TPMDC, "This language was developed with the companies who would be affected by it... The Senator [Lieberman] discussed the bill with privacy experts, civil liberties experts, companies affected by it, the Administration and the House." She expressed a certain level of shock about the backlash, pointing us to the committee's statements of support, which includes quotes from McAfee and Symantec executives (both members of the DHS Information Technology Committee); from the Center for Democracy and Technology -- which gave a quote seemingly not in support of the bill to CNET; and from the regulation-hating U.S. Chamber of Commerce.

On the one hand, yes, it does appear that this gives the government power over marginally more companies than it has now: there are critical infrastructure owners and operators not covered by the 1934 law that would be required to come up with a plan to respond to cyber attacks that meets certain standards set by the government. On the other hand, the Emergency Broadcast System, which requires that all television and radio stations interrupt their programming with a loud buzzing noise and carry the emergency message from the government might become a thing of the past if owners and operators could find better (and less disruptive) ways to alert Americans that there is an emergency. And, regardless, the President would only have 30 days to impose the state of emergency with little oversight, and the companies would be required to be as minimally disruptive to the rest of us as possible in the emergency plans they develop.

The "kill switch," though, won't be coming to the underside of the President's desk anytime soon, though. In fact, Lieberman's people seem to be correct: their bill actually just takes it away. The bill, by the way, faces a committee mark-up on Wednesday.
Have a very nice day.
-fgslkin

#14

Posted: Fri Jun 25, 2010 4:14 pm
by The Minx
Well, this looks like a horse of a different color. :mrgreen:

It's good that it turned out to be alarmism, though I may change my mind pretty quickly if it turns out that the scalpel is more likely to be abused than the sledgehammer. Sorry if I seem cynical, but I just don't trust the powers that be anymore not to abuse the tools that they give themselves. On that note:
Ace Pace wrote:The government already has the power to shut down air, land and sea transportation. It can take over the radio waves in an emergency. All these things are sane and understandable in some situations.
That may be, but the less ability they have to misuse such power the better, and control of the internet is a rather different from control of physical communications or radio.

#15

Posted: Sat Jun 26, 2010 12:32 am
by Ace Pace
The Minx wrote:
That may be, but the less ability they have to misuse such power the better, and control of the internet is a rather different from control of physical communications or radio.
The Internet != the internet lines, fibers, etc. But I repeat myself. The internet, in the end, is nothing more than backhaul lines and some heavy duty routers. No different from any other method of communication that the government has legitimate control over.

#16

Posted: Sat Jun 26, 2010 1:06 pm
by The Minx
Ace Pace wrote:The Internet != the internet lines, fibers, etc. But I repeat myself. The internet, in the end, is nothing more than backhaul lines and some heavy duty routers. No different from any other method of communication that the government has legitimate control over.
That's not really what I meant. But legitimacy is one thing, trust is something else entirely. Notwithstanding that my natural reaction is to question claims of legitimacy whenever they arise.

(PS: Your third sentence seems to contradict the first :???:)