The Electronic Privacy Information Center (EPIC) has been trying to wrangle documents concerning the kill switch – officially known as Standard Operating Procedure 303 – from the tight grip of the Department of Homeland Security (DHS) since filing a Freedom of Information Act (FOIA) in July 2012.
DHS created SOP 303 in the mid-2000s, and the protocol was approved in March 2006.
As EPIC describes it, SOP 303 is an “Emergency Wireless Protocol” that codifies a “unified voluntary process for the orderly shut-down and restoration of wireless services during critical emergencies such as the threat of radio-activated improvised explosive devices.”
The details have never been revealed to the public, but a federal appeals court has now asked the US government why it should be allowed to keep secret its plan to silence phone service during “critical emergencies”.
Details or no, the country has already seen the sort of effect a kill switch could have.
On 3 July 2011, a Bay Area Rapid Transit (BART) officer in San Francisco shot and killed a homeless man, Charles Hill, after Hill allegedly attacked him with a knife.
Citizens protested. The first protest, a week after the killing, disrupted service at several BART stations, though no one was hurt.
The second protest was aborted after BART turned off its Wi-Fi service: a move that stifled protests, just as civil libertarians had suggested could happen.
That wasn’t SOP 303 in action, because BART took the move on its own, with no help from wireless service providers.
But, as Ars Technica reports, telecoms have agreed to shutter service when SOP 303 is invoked.
DHS has been arguing for years that the protocol is exempt from public disclosure because it discloses “techniques and procedures for law enforcement investigations or prosecutions” or could “reasonably be expected to endanger the life or physical safety of any individual.”
In the case of disclosing SOP 303, the government argued that “any individual” means anybody, anywhere near an unexploded bomb.
That argument has been rejected as being overly broad, given that it could apply to everybody on the planet.
In February, the US Court of Appeals for the Federal Circuit sided with the government and ruled that the policy didn’t have to be disclosed under a FOIA request from EPIC.
EPIC persisted, arguing that the decision, “if left in place, would create an untethered ‘national security’ exemption” in FOIA law.
On Friday, the court ordered (PDF) the government to respond: a move that could point to the appellate court rehearing the case.
The idea of a kill switch is unnerving on many levels.
After all, where does a government draw the line with defensive measures?
Would the US government shut down only the government systems affected by an attack – be they systems running the traffic lights, or perhaps electrical and/or other power grids, for example – or would it shut down the whole internet?
And as Sophos’ Chester Wisniewski has pointed out in a podcast, Chet Chat #49, if we’re under attack over the internet, and that attack is disrupting essential systems, turning off the whole darn thing wouldn’t disrupt the problem.
It would just keep us all from accessing those same essential systems.
Writing for Slate, David Jacobs – EPIC’s consumer protection counsel – sums up the harm that could be brought about by the kill switch:
Even well-meaning communications shutdowns can have serious, unintended consequences for public safety. In crises, the networks used to send messages the government wants to stop are the same networks used to call 911, text family members, or receive emergency alerts. Not surprisingly, most public interest groups object to policies like SOP 303 that give the government unchecked power to cut off our communications.
How do we know that DHS is following the First Amendment or considering these important interests adequately? We don't.
Getting DHS to reveal details would be “an important development for government accountability and free speech,” Jacobs says, and the courts present us with “the best chance yet of understanding this secret protocol.”Follow @NakedSecurity