Shutting Down American Cyberspace

Should citizens be concerned with legislation that allows an Internet "kill switch"?

While the revolts which have occurred in Tunisia and Egypt against historically oppressive regimes involve different issues, there is no question that the impetus for both was technologically driven.  Facebook and Twitter have been integral components in not only organizing and coordinating large-scale demonstrations, but also in providing critical, real-time updates to anti-government forces.  The Egyptian government has responded to this reality:  as of 5:20 AM Thursday morning, Egypt shut down nearly all Internet and mobile phone access.  As of Saturday, mobile phone access had been partially restored.  Question: could a similar blackout be imposed in the U.S. as the result of a "national emergency"?

Last June, a bill entitled "Protecting Cyberspace as a National Asset Act of 2010" (S. 3480) was introduced in the Senate by Chairman of the Senate Homeland Security and Governmental Affairs Committee, Joseph Lieberman (I-CN), and Ranking Member, Susan Collins, (R-ME). Among other things, the bill would authorize the creation of a cyberspace policy office in the White House, as well as a cyber-security center run by the Department of Homeland Security.  Perhaps the most controversial provision in the legislation is the one which grants the president the power to "authorize emergency measures to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited, or about to be exploited."

Perhaps sensing the public firestorm which might accompany such a bill, a "Myth vs. Reality" page was placed on the Homeland Security and Governmental Affairs website.  It states that the "threat of a catastrophic cyber attack is real," and that such an attack "is not a matter of 'if,' but 'when.'"  According to the Senate’s Sergeant at Arms, computer systems of the executive branch agencies and the Congress are now under cyber attack "an average of 1.8 BILLION times per month" and that "malicious cyber activity occurs on a daily basis, on an unprecedented scale, and with extraordinary sophistication."

Critics of the bill have said such legislation gives the president a "kill switch" to shut down the entire Internet.  Yet according to the website, the president already has such power.  In testimony before a Senate committee on June 15, 2010, the Department of Homeland Security cited Section 706 of the Communications Act of 1934, which "provides nearly unchecked authority to the President to 'cause the closing of any facility or station for wire communication' and 'authorize the use of control of any such facility or station' by the Federal government.  Exercise of the authority requires no advance notification to Congress and can be authorized if the President proclaims that “a state or threat of war” exists.  The authority can be exercised for up to six months after the 'state or threat of war' has expired."

The site goes on to ostensibly debunk several other myths.  For example, the president cannot "take over the entire Internet," "conduct electronic surveillance and monitor private networks, any more than is currently allowed under the Wiretap Act, the Electronic Communications Privacy Act, or the Foreign Intelligence Surveillance Act." Nor would it give the president the power to "regulate the Internet," or "circumvent or set aside international standards" for IT products or services.  Yet the bill would allow the president to make "risk-based security performance requirements" and "order emergency measures for our nation’s most critical infrastructure," including "telecommunications networks, electric grid, financial system, and other components of critical infrastructure."

S. 3480 was passed in committee, but that was as far as it got before the 111th Congress adjourned.  According to CNN, a "revised version" of the bill will make a return this year, including an ominous provision unmentioned by the HSGA website: "the federal government's designation of vital Internet or other computer systems 'shall not be subject to judicial review'" (italics mine).  Incredibly, any company objecting to restrictions placed on it during an emergency would still be permitted to appeal--to DHS Secretary Janet Napolitano, whose decision would be final.

Steve DelBianco, director of the Net Choice coalition, which includes eBay, Oracle, Verisign, and Yahoo as members, was concerned that a lack of judicial review over what he characterized as "good faith disagreements" between the government and Internet service providers was a cause for alarm.  "The country we're seeking to protect is a country that respects the right of any individual to have their day in court," said DelBianco. "Yet this bill would deny that day in court to the owner of infrastructure."  Berin Szoka, an analyst at the free-market TechFreedom think tank, was even more direct.  "Blocking judicial review of this key question essentially says that the rule of law goes out the window if and when a major crisis occurs."

Yet a spokesman for the Senate Homeland Security Committee claimed such a reading of the bill was false. "The Committee's original bill, as introduced, had no review of any sort. After discussions with stakeholders, the Senator added a provision for agency review of one section of the bill only--and that is on the designation of what constitutes critical infrastructure. So, there is more review in the final bill than there was originally," she added.

What constitutes "critical infrastructure?"  According to the HSGA website, critical infrastructure is defined as "specific systems or assets whose disruption would cause a national or regional catastrophe."  The definition of "national catastrophe?" "Mass casualties with an extraordinary number of fatalities; severe economic consequences; mass evacuations of prolonged duration; or severe degradation of national security capabilities, including intelligence and defense functions."

The bill expressly prohibits DHS Secretary Napolitano from defining critical infrastructure “based solely on activities protected by the first amendment of the United States Constitution,”  adding that such a prohibition also prevents "the identification of specific websites for censorship."

Perhaps, but the idea of making Ms. Napolitano the sole arbiter of anything is extraordinarily troubling.  From her contention that the "system worked" when a fellow passenger foiled the attempted destruction of a jetliner by a Muslim terrorist on Christmas of 2009, to her focus on “right-wing extremism," including "groups opposed to abortion and immigration" as expressed in a 2009 DHS intelligence assessment, Ms. Napolitano has demonstrated a remarkable lack of level-headedness.  Even more importantly, the idea that an unelected government official can exercise what amounts to executive privilege superseding judicial review should itself be subject to judicial review.

How do you shut down the Internet in an entire country? “People have talked about a ‘kill switch,' but that is not realistic,” said Jim Cowie, founder and chief technology officer of Renesys Corp., a company that analyzes how the Internet is performing worldwide.  “What is most likely is that somebody in the government gives a phone call to a small number of people and says, ‘Turn it off.’ And then one engineer at each service provider logs into the equipment and changes the configuration of how traffic should flow.”  According to Cowie, larger Internet service providers who sell service to smaller providers have access codes which allow for sending and receiving transmissions (traffic flow).  Block the codes and transmission stops, as it did in Egypt, where by Friday evening, Renesys reported, "93% (of the ISPs) were offline."

Cowie claims a similar shutdown would be next to impossible in the United States because, unlike Egypt, our system is far larger and more diversified.  “You’d have to make far too many phone calls, and most of those people would ignore you,” he explained.

Given the Obama administration's successful seizures of banks, insurance and car companies and the student loan program, along with its intentions to bypass Congress via executive orders with respect to the Environmental Protection Agency, the idea that most people would "ignore" a fiat issued by this government during an ostensible national emergency is hardly reassuring.  Nor can Americans expect a mainstream media largely supportive of this administration to question what--exactly--constitutes a national emergency.  Does America need protection from a coordinated cyber attack?  Most definitely.  But shutting down vast swathes of American communications absent a court order has a very "Egyptian-like" quality to it.  Aren't we a freer nation than Egypt?

Most Americans probably think so.  The Obama administration, demonstrably comfortable with a "never let a crisis go to waste mentality"?  Your guess is as good as mine.

Arnold Ahlert is a contributing columnist to the politically conservative website,