After Egypt shut down their Internet service, the US Senate in their infinite wisdom decided to take up Joe Lieberman’s Protecting Cyberspace as a National Asset Act of 2010 a.k.a. the Internet kill switch bill. There is a great deal of concern over the bill, but the one thing that the legislation does not contain is an Internet kill switch. In fact, national cyber security guidelines are going to be developed with the private sector. The so called Internet kill switch started as a right wing talking point that has seeped into the national discussion.
Sec. 249 of the legislation covers the president’s powers in the event of a cyber emergency, “The President may issue a declaration of a national cyber emergency to covered critical infrastructure. Any declaration under this section shall specify the covered critical infrastructure subject to the national cyber emergency.” This could be interpreted as vague and ominous, but a look at the actual authority granted to the president provides some answers.
In Sec. 249 (3) the president’s authority is spelled out as, “If the President issues a declaration under paragraph (1), the Director shall—(A) immediately direct the owners and operators of covered critical infrastructure subject to the declaration under paragraph (1) to implement response plans required under section 248(b)(2)(C);” develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate he consequences of the potential disruption, of covered critical infrastructure; ”(C) ensure that emergency measures or actions directed under this section represent the least disruptive means feasible to the operations of the covered critical infrastructure;”(D) subject to subsection (f), direct actions by other Federal agencies to respond to the national cyber emergency;”(E) coordinate with officials of State and local governments, international partners of the United States, and private owners and operators of covered critical infrastructure specified in the declaration to respond to the national cyber emergency. ”(F) initiate a process under section 248 to address the cyber vulnerability that may be exploited by the national cyber emergency; and”(G) provide voluntary technical assistance, if requested, under section 242(f)(1)(S).”
Obama does have the authority to declare a cyber emergency, but the private sector is allowed to come up with and implement their own solutions to the emergency, “f the Director determines that a proposed security measure, or any combination thereof, submitted by the owner or operator of covered critical infrastructure in accordance with the process established under section 14 248(b)(2) addresses the cyber vulnerability associated with the national cyber emergency that is the subject the owner or operator may comply with paragraph (1) of this subsection by implementing the proposed security measure, or combination thereof, approved by the Director under the process established under section 248. Before submission of a proposed security measure, or combination thereof, and during the pendency of any review by the Director under the process established under section 248, the owner or operator of covered critical infrastructure shall remain in compliance with any emergency measure or action developed by the Director under this section during the pendency of any declaration by the President under subsection (a)(1) or an extension under subsection (b)(2), until such time as the Director has approved an alternative proposed security measure, or combination thereof, under this paragraph.”
The intent of the legislation is to set up a coordinated national response system in the event of a mass cyber attack. There is a not negative power associated with the legislation. What the bill is trying to do is keep the Internet, and everything that depends on the Internet up and running in the event of an attack. There is no shutting off of the Internet or kill switch mentioned anywhere in the bill.
As Talking Points Memo pointed out the legislation requires the director of National Center for Cybersecurity and Communications to do three things in the event of a national emergency, “(A) immediately direct the owners and operators of covered critical infrastructure subject to the declaration under paragraph (1) to implement response plans required under section 248(b)(2)(C); B) develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure; (C) ensure that emergency measures or actions directed under this section represent the least disruptive means feasible to the operations of the covered critical infrastructure.”
According to TPM, “The director is prohibited from requiring any provider from using a specific response, The owners and operators of covered critical infrastructure shall have flexibility to implement any security measure, or combination thereof, to satisfy the security performance requirements described in subparagraph (A) and the Director may not disapprove under this section any proposed security measures, or combination thereof, based on the presence or absence of any particular security measure if the proposed security measures, or combination thereof, satisfy the security performance requirements established by the Director under this section.”
As long as the private sector comes up with suitable solution to the problem, the government can’t tell them what to do to combat the attack. There is no kill switch. This legislation does not give the federal government to cut off the Internet. This is a myth put out there by the right in order to spread fear and make Obama look like the dictator that they imagine him to be. After the Bush years demonstrated how well-meaning legislation can be twisted into an attempt to take away rights, I understand the skepticism and concerns that some people may have, but I would advise everyone to read the bill before they buy into the fear campaign.
Here is the dirty little secret that the fear mongers aren’t telling you. The president has always had the power to shut down the Internet, or any other communications system since 1934. The president’s powers were then expanded by the Republicans with both the Patriot Act, and the Homeland Security Act of 2002. The same Republicans who demanded and got more power for the president to control the Internet after 9/11 are now spreading fear about an Obama Internet kill switch.
The timing of Senate’s decision to take up this bill was absolutely horrible, and the Party of No is going to use every excuse, real or imagined to defeat it, so be prepared for a full on fear campaign. In my opinion, Americans should be more concerned about a mass cyber attack and our inability to respond to it in a comprehensive and coordinated way, than an imaginary Internet kill switch.
Image from Gear Live