Guest blog: Musings on Obama’s ‘kill-switch for the internet’

"Guest blogger Carole Theriault, a senior security consultant at Sophos, ruminates on the big red switch that President Obama might want installed in the Oval Office. Over to you Carole…"
Carole Theriault
Proposed US legislation, now approved by the US Senate committee, has been making headlines this month.

Bill S.3480, also known as the Protecting Cyberspace as a National Asset Act (PCNAA), includes looking at measures to counter a massive cyber attack. If you don’t know what I am talking about, this term might help: “Kill switch for the internet.”

This term conjures up an idea that President Obama will have this huge button on his desk that he can flick on a whim, and the Senate committee are scrambling to thwart the image at impressive speed.

The bill includes other proposals, all of which are purported to “modernize the government’s ability to safeguard the nation’s cyber networks from attack and will establish a public/private partnership to set national cyber security priorities and improve national cyber security defenses.”

[You can read more about the Act on the Senate’s website]

Today, the US relies on a bill created in 1934. Section 706 of the 1934 Communication Act gives the US President a virtual carte blanche to close “any facility or station for wire communication” if the President proclaims war, or threat of war. The authority can be exercised for 6 months after the threat has expired.

So, the story goes that this old legislation grants way too much power, and this newer, shinier bill is bringing that into check.

According to the Senate Committee for Homeland and Governmental affairs:

"It is not a matter of 'if' an attack will happen; rather it is a matter of 'when.' Just this March, the Senate's Sergeant at Arms reported that the computer systems of the Executive Branch agencies and the Congress are now under cyber attack an average of 1.8 BILLION times per month... And, as intelligence officials have warned, malicious cyber activity occurs on a daily basis, on an unprecedented scale, and with extraordinary sophistication. As the former Director of National Intelligence Michael McConnell testified in February, 'If we went to war today, in a cyber war, we would lose.'"

So, do we have a right to be annoyed and panicked by a new bill? I haven’t read all the bits and pieces published around this bill, but I dipped my toe in the bill’s waters, and superficially, it makes sense. Of course we need to revamp the Communications Act Bill. Bluntly, times have changed. Of course the US wants to ensure they are safe from some colossal cyber threat that impact their main communication.

Stop button
But, there is a whiff of trying to control the internet. According to the world internet usage statistics, about 1 in 3 people alive today have access to the web. The internet is not under any central governance. It is inherently resilient, thanks to greater geographical spread, clustering of servers, and mirroring of information.

If there were an attack that was deemed a “cyber national emergency,” what happens then? Presumably those 13 organisations that host the root domain servers – effectively the internet’s spine – would be involved and have instructions on how to proceed. What about ISPs and search engines like Google, Bing and Yahoo? Would they all be forced to comply with new regulations?

The thing is, what makes the internet so amazingly beautiful to me is has no central governance or owner, but it works. The concept that we can access a wealth of information from a few keystrokes is really mind-blowing. Anyone can give to it and anyone can take from it. It is called sharing. This global virtual community is the closest thing we have to the concept of world peace, and I guess what I don’t like is the US legislators using fear and doubt to convince the public that this is all a great idea.

Revamping a law that has been around since 1934 makes sense. Doing so under the guise of if we don’t do this, we are doomed so trust us is wrong. I do hope that the proposal is reviewed in detail by many experts who will not gain from it. And I hope their judgments are listened to carefully by those in the senate.

Who knows, maybe they might even publish their thoughts online for us all to see.