Sunday, June 27, 2010

Senators propose giving president "Internet stop switch" (Lieberman's PCNAA bill)

There has been a lot of scuttlebutt about the proposal in Congress to give the President an “Internet kill switch” lately, and some of this seems related to the bill S. 3480 introduced on June 10, 2010 by Independent Senator Joe Lieberman of Connecticut. That is the “Protecting Cyberspace as a National Asset Act of 2010”, or PCNAA, with govtrack link here. The Congressional Research Service apparently has not yet provided a summary there. But the critical language seems to appear in sections 248 and 249 of the bill.

Declan McCulagh had a commentary on CNET that day, “Senators propose giving president emergency Internet power” (and he doesn’t mean the old Washington Senators baseball team.) He starts bluntly, “A new U.S. Senate bill would grant the president far-reaching emergency powers to seize control of or even shut down portions of the Internet.” The link is here.

There was an earlier bill, S 773, introduced by Sen. Jay Rockefeller in April 2009, a “Cybersecurity Act of 2009”, which was said then to provide a “kill” mechanism, at least indirectly by proposing a security czar and giving him various authorities. But CNET writes that under PCNAA “Any company on a list created by Homeland Security that also "relies on" the Internet, the telephone system, or any other component of the U.S. "information infrastructure" would be subject to command by a new National Center for Cybersecurity and Communications (NCCC) that would be created inside Homeland Security.” There is a limit on the ability of the government to order Bushie-style (or Nixonian) warrantless wiretapping.

For entrepreneurs, especially small ones (not just “industrialists” like the Facebook CEO), such powers could be devastating. But the idea of such a bill raises a question about standards of responsibility in Internet use just as it could, at least, in automobile use. Should individuals be required to master Internet security or the ability to use anti-virus software properly? Or should at least small “commercial” businesses?

There are risks, that “enemies” can commandeer home users for destructive denial-of-service attacks, or to embed steganographic messages. But the real threats to a cyber breakdown probably come from possible compromise of hidden connections between critical infrastructure, like the power grid, and the Internet, nexus points normally not findable to people. (Some of this was covered in a CNN special last winter.) Vulnerability could increase in the future with the development of a “smart energy grid” as part of going green. Other possible threats could involve runaway transactions threatening the financial system, but these might not incorporate the home user much.

A “kill switch” could mean that the means of self-promotion that we have come to believe as essential to life (but they weren’t until about a decade ago) , could suddenly come to an end without warning, and the companies affected could have a hard time getting going again after an emergency.

Quick Note: I must have jinxed the Washington Nationals baseball team (aka "Senators") by naming my GLBT blog post about Baltimore gay pride on June 19 "Washington at Baltimore".  This time, Baltimore is the real city,

No comments: