A US court has given the government 30 days to come up with a decent reason not to disclose its plan for a so-called internet kill switch.
The Electronic Privacy Information Center (EPIC) has been trying to wrangle documents concerning the kill switch – officially known as Standard Operating Procedure 303 – from the tight grip of the Department of Homeland Security (DHS) since filing a Freedom of Information Act (FOIA) in July 2012.
Standard Operating Procedure 303 describes a shutdown and restoration process for wireless networks in the event of a national crisis that would prevent, among other things, the remote triggering of radio-activated explosives.
First, DHS said it couldn’t find any records on the kill switch.
Next, the agency managed to locate the protocol, but it redacted nearly all of it.
DHS argued that the protocol is exempt from public disclosure because it discloses “techniques and procedures for law enforcement investigations or prosecutions” or could “reasonably be expected to endanger the life or physical safety of any individual.”
In the case of disclosing SOP 303, the government argued that “any individual” means anybody anywhere near an unexploded bomb.
The United States District Court for the District of Columbia rejected the agency’s arguments.
In its memorandum, the court wrote that the government’s interpretation of the law was a teensy bit broad, given that it could apply to everybody on the planet:
Indeed, if the Government’s interpretation were to hold, there is no limiting principle to prevent "any individual" from expanding beyond the roughly 300 million inhabitants of the United States, as the Government proposes here, to the seven billion inhabitants of the earth in other cases.
The court ordered DHS to release the records in 30 days but left the door open for the agency to appeal the ruling, given what it said was the potential impact on national security of releasing the protocol.
Civil libertarians are understandably unnerved by the idea of an internet kill switch.
After all, where does a government draw the line with defensive measures? Would the US government shut down only the government systems affected by an attack – be they systems running the traffic lights, or perhaps electrical and/or other power grids, for example – or would it shut down the whole internet?
And as Sophos’s Chester Wisniewski argued in a podcast a couple of years ago, Chet Chat #49, if we’re under attack over the internet, and that attack is disrupting essential systems, turning off the whole darn thing wouldn’t disrupt the problem.
It would just keep us all from accessing those very systems.
And as far as internet censorship goes, the Arab Spring showed the world how governments can use law, technology and violence to control what gets posted on and disseminated through the internet, as the people of Egypt, Libya and Syria saw their access shut down.
In Tunisia, the government didn’t shut down the internet – rather, it compromised its citizens’ Facebook and other social media accounts.
Which is worse? To know that access has been cut off, or to have credentials intercepted so governments can secretly spy on us?
Unfortunately, it’s not an either/or situation. We have both. We’re living in a world where both the internet kill switch and government surveillance co-exist.
Or are we?
Unless DHS appeals the decision, we should know, in 30 days, how real this internet kill switch is.
Image of big red button courtesy of Shutterstock.
2 comments on “US Homeland Security must disclose ‘internet kill switch’, court rules”
This is a tough call. Waiting 30 days won’t make me feel any better. And it may be a useless step by the Government that will in fact do nothing, as most things are probably already set up. Who knows?
Exemption 7(F) of the Freedom of Information Act protects law enforcement information that “could reasonably be expected to endanger the life or physical safety of any individual.”
One court approved application of the exemption to a description in an FBI-laboratory report of a home-made machine gun, on grounds disclosure would create a possibility of law enforcement officers facing “individuals armed with home-made devices constructed from the expertise of other law enforcement people.” (LaRouche v. Webster, No. 75-6010, 1984 WL 1061, at *8 (S.D.N.Y. Oct. 23, 1984))
By contrast, protection was denied by the Court of Appeals for the Second Circuit in ACLU v. DOD, where the court held that “in order to justify withholding documents under exemption 7(F), an agency must identify at least one individual with reasonable specificity and establish that disclosure of the documents could reasonably be expected to endanger that individual.” (543 F.3d 59, 71 (2d Cir. 2008))