Cyber-Terrorism: E-WWIII? (5 of 8)

TOPIC 5: Kill Switch: Engage

This post will explore one proposed countermeasure to cyber-terrorism that implicates a broad array of legal and political constraints: Protecting Cyberspace as a National Asset Act of 2010. Better known as the ‘Kill Switch Bill,’ which would allow the President to disrupt the internet service of Americans in the event of a cyber-attack.

internet kill switch

In theory the bill describes a last resort action, in the event of an all-out cyber-attack (similar to the one on Estonia in 2007, discussed in previous posts), in which the power is vested in the President to order a shutdown of the “vital internet” as deemed necessary to protect classified information and our nation’s infrastructure from assailants.[1] Granted American society is vulnerable due to our dependence on a global network of interconnected computer networks which could be compromised in a cyber-attack.[2] However, any legislative attempts to defend against such an attack must still be strictly scrutinized given the medium which we are trying to protect is also the medium in which we spend the majority of our lives on.[3]

While the stated aims of the bill were “to modernize and strengthen the federal government’s ability to safeguard the nation from cyber attacks,” many believe that the act would, in effect, create a kill switch which would shut down the internet nationwide. The important, and polarizing, aspect of this bill is that the President and the President alone would have the power to shut down the internet, effectively doing away with any review by the Court or any other objective magistrate.[4] This bill represents yet another permutation of a 2009 Senate proposal which would have allowed the President the power to order disconnection of service.[5]

Issues with the Kill Switch Bill

The first issue with the bill in its current form flows from the meaning behind the vague terms like “vital internet” or “critical infrastructure.” In today’s society, where a wide cross-section of businesses exists solely in an online format, arguably all internet is vital. Furthermore, websites that are owned and operated by private organizations are subject to the parameters of the bill if they are deemed “critical” by the President. That means privately owned company may be added to the “critical” infrastructure list one moment, and ordered by Homeland Security to “immediately comply” with its directives the next.[6]

Proponents of bill contend that this term refers to critical infrastructure and governmental secrets which, if accessed, could lead to a break down in national security and emergency response systems. But no matter how specific the language in the bill is, the lack of judicial review stands as an unprecedented leap in presidential powers. Without the gate keeping function of the judiciary, once the act is passed it does not matter what congress had decided was “vital” because the discretion is left to the president to determine when and how the kill switch will function.

In order to combat these potential abuses, the American Civil Liberties Union (ACLU) made a push for amending the bill to describe exactly what the government would be able to do in emergency situations.[7] In a pointed letter directed to the two senators who proposed the bill, the ACLU suggested possible implications on Free Speech and the necessity for the bill to pass a strict scrutiny analysis.[8] “It is imperative that cybersecurity legislation not erode our rights.”

Central to this discussion on how the Kill Switch bill may affect free speech is the ever-present threat that the U.S. government would have the ability (whether authorized by the bill or not) to shut down the internet if the American people exhibited conduct which the government wished to silence. This was precisely the scene in 2011, when the Egyptian government shut off Internet access throughout the county in response to riots in Cairo against the Egyptian President Hosni Mubarak’s regime.[9] Although Senator Lieberman adamantly denied that the same scenario would be possible under the bill in America, the language of the bill is simply too vague and does not provide detailed guidelines as to when and how the bill would be implemented.[10]

Nevertheless, with the transition to almost entirely electronic records management, electronically stored data analysis, and the rise in cyber-warfare, comes a rise in potential espionage targets in the form of unauthorized access to matters concerning national security.[11] These targets are vastly more susceptible to harm by people without security clearances being that a user could access it without setting foot on government secured property and therefore bypassing security measures. Because of the inherent national security risks at hand, many believe that the mechanics of planting within a computer system a means of intelligence gathering are beyond the reach of the judiciary and lie squarely within the President’s control.[12] These proponents argue that even though today there are more sensitive areas of access than when Egan[13] was authored, the underlying analysis is still applicable: “the President, as Commander–in–Chief, has the right and the obligation, within the law, to protect the nation against potential threats.”[14]

In line with historical jurisprudence like Egan, proponents of the bill contend that under the 1934 Communications Act, the President should already have these powers in the face of any national emergency.[15] But with the introduction the cyber element in a cyber-based attack, comes the added shields of anonymity; thus a cyber-attack cannot conform to the traditional definitions of national emergency. These bills envision an all-out doomsday event that is akin to the aptly named Die hard 4: Live Free or Die Hard,[16] when in reality cyber-attacks are done in secret. Even when an intruder on a network is discovered it is almost impossible to 1) determine the extent to which the intruder has compromised a network and 2) who is behind the network. Thus the indicia of a traditional attack which would alert the President and the public that we are under attack will not be present in the cyber context.

In the event of a national emergency or act if war (via cyber-attack) by a foreign sovereignty, one would expect the government due their due diligence and confirm that it was in fact a cyber-attack before shutting down the “critical infrastructure” of the internet. However, without the objective arm of the judiciary (remember the bill does not require any type of checks or balance) the bill is tantamount to rubber stamping in a warrant situation and does not provide for a gatekeeping function that would ensure the Executive branch had done their due diligence before invoking the powers provided in the Act.

What’s even more troubling is that in order to justify the necessity of creating such a power within the Executive Branch, the Senators backing the bill have suggested that the future of American cyber-security should mirror that of China.[17] Comparing the bill to the lengths in which China controls its internet, is an alarming foray into what the slippery slope of passing such a bill would have in store for the future of America. China conducts pervasive filtering of political and conflict information, and substantial filtering of social media.[18] Moreover, this conduct isn’t done on a case-by-case basis, it is a systematic operation designed to control the flow of information—a direct contradiction to the aims of the First Amendment and the idea behind a free press. Considering the uncertain nature of cyber-attacks, the theoretical protections of the bill are substantially outweighed by the very real practical and constitutional concerns at issue.

egypt anonymous kill switch


[1] Declan McCullagh, Internet Kill Switch Bill will Return, CNET (Jan. 24, 2011), available at http://news.cnet.com/8301-31921_3-20029282-281.html. Senator Lieberman stated in defense of the bill, “[t]he Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets,” underscoring the necessity of being able to cut access in the event of an intrusion.

[2] Scott M. Ruggiero, Killing the Internet to Keep America Alive: the Myths and Realities of the Internet Kill Switch, 15 SMU Sci. & Tech. L. Rev. 241, Summer 2012.

[3] See infra note 77.

[4] McCullagh, supra note 70; see also Thompson, infra note 82, at 489 (discussing whether the locus of control should be removed from Congress and given to the Executive branch).

[5] Declan McCullagh, Senators Propose Granting President Emergency Internet Powers, CNET (June 10, 2010), available at http://news.cnet.com/8301-13578_3-10320096-38.html.

[6] Declan McCullagh, Internet Kill Switch Bill Gets a Makeover, CNET (Feb. 18, 2011), available at http://news.cnet.com/8301-31921_3-20033717-281.html.

[7] Chloe Albanesius, Senate ‘Internet Kill Switch’ Bill Moves Forward, PC Mag ( June 25, 2010), available at http://www.pcmag.com/article2/0,2817,2365709,00.asp.

[8] Open Letter from the ACLU to  Joseph
Lieberman, Susan
Collins
& Tom
Carper (June 23, 2010), available at  https://www.cdt.org/files/pdfs/20100624_joint_cybersec_letter.pdf

[9] Karson K. Thompson, Not Like an Egyptian: Cybersecurity and the Internet Kill Switch Debate, 90 Tex. L. Rev. 465, December 2011.

[10] Lawson, supra note 80 (claiming that the senators “will ensure that any legislation that moves in this Congress contains explicit language prohibiting the President from doing what President Mubarak did”).

[11] Kaplan v. Conyers, 2011-3207, 2013 WL 4417583 (Fed. Cir. Aug. 20, 2013).

[12] Id.

[13] Egan is the paradigm national security case which stands for the proposition that certain powers are inherent to the Presidency to protect the nation form potential foes. Dep’t of Navy v. Egan, 484 U.S. 518 (1988). (“Authority of the President to classify and control access to information bearing on national security, and to determine whether an individual is sufficiently trustworthy to occupy a position in the executive branch that will give him access to that type of information, flows primarily from the constitutional investment of power in the President to serve as Commander in Chief and exists apart from any explicit congressional grant”).

[14] Kaplan, WL 4417583 at 2013.

[15] McCullagh, supra note 70. The bill states that in wartime, or if a “state of public peril  disaster or other national emergency” exists, the president may “authorize the use or control of any…station or device.” Id.

[16] Live Free or Die Hard (20th Century Fox 2007). In the film, protagonist John McClain must take down an evil group of hackers who are waging a full on “Firesale” against the U.S. government in a 24 hour period….and they call him to make contact. Not exactly espionage type of behavior we have discussed thus far.

[17] Sean Lawson, Is America Really Building an Internet Kill Switch, Forbes (Feb, 2, 2011), available at  http://www.forbes.com/sites/firewall/2011/02/11/is-america-really-building-an-internet-kill-switch/.

[18] OpenNet Initiative (Aug. 9 2012), available at https://opennet.net/research/profiles/china.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: