A confluence of events in Tunisia and Egypt has bared the underside of the Internet, scaring some and emboldening others. As evidence, the US Congress has reinvigorated interest in Senate bill S.3480: Protecting Cyberspace as a National Asset Act of 2010.

Senate bill S.3480

I remember last June, when Senator Lieberman — along with cosponsors Senator Collins, and Senator Carper — introduced Senate bill S.3480. Right away, people were upset. To them, the legislation gave the president authority to shut down the Internet. That reaction quickly stagnated the bill.

Egypt’s move to shut down their portion of the Internet has renewed interest for and against the Lieberman-Collins-Carper bill. And, I started seeing mention of an Internet kill switch again. Curious now, I asked the senators how recent events affected their legislation:

The steps the Mubarak government took last week to shut down Internet communications in Egypt were, and are, totally wrong. His actions were clearly designed to limit internal criticisms of his government.

Our cyber security legislation is intended to protect the U.S. from external cyber attacks. Yet, some have suggested that our legislation would empower the President to deny U.S. citizens access to the Internet. Nothing could be further from the truth.

They continue:

We would never sign on to legislation that authorized the President, or anyone else, to shut down the Internet. Emergency or no, the exercise of such broad authority would be an affront to our Constitution.

The senators go on to explain their intent:

But our current laws do give us reason to be concerned. Most important, under current law, in the event of a cyber attack, the President’s authorities are broad and ambiguous–a recipe for encroachments on privacy and civil liberties.

For example, in the event of a war or threat of war, the Communications Act of 1934 authorizes the President to take over or shut down wire and radio communications providers. This law is a crude sledgehammer built for another time and technology. Our bill contains a number of protections to make sure that broad authority is not used.

Major provisions of bill

The senators then outlined the bill’s important details:

  • The emergency measures in our bill apply in a precise and targeted way only to our most critical infrastructure (as defined in section 1016e of the USA Patriot Act) — the networks and assets most essential to the functioning of society and the economy — to ensure they are protected from destruction.
  • Our legislation specifically says the President can only invoke the emergency authorities “if there is an ongoing or imminent” attack that would “cause national or regional catastrophic effects” by the disruption of the nation’s most critical infrastructure.
  • When invoking these authorities, the President must notify Congress, and the emergency measures cannot be continued beyond 120 days without congressional approval.
  • The legislation expressly forbids any action that would violate the First Amendment and also prohibits limiting Internet traffic, emails, and other forms of communication (except those between critical infrastructure providers) unless no other action would prevent a regional or national catastrophe.

The senators conclude with:

Our bill already contains protections to prevent the President from denying Americans access to the Internet – even as it provides ample authority to ensure that those most critical services that rely on the Internet are protected.

And, even though experts question whether anyone can technically ‘shut down’ the Internet in the United States, we will ensure that any legislation that moves in this Congress contains explicit language prohibiting the President from doing what President Mubarak did.

That is straight from the bill co-sponsors.

Complicated stuff

My mentor demanded that I read the bill. “It’s your ‘insert naughty word’ responsibility, since you’re writing about it,” he asserted. I complied and later told him, “Good thing you didn’t mention anything about understanding it!”

With subjects as complicated as this, there will be a variety of opinions. I have one. From my reading, most tech writers are eager to express theirs as well. Still, none of us are experts. And, for something this important, we need to ask those who are most qualified what they think.

Ask the experts

I blasted an email to several subject matter experts (SMEs) I have worked with, written about, and trust: What do you think about the legislation and the kill switch. More specifically:

  • Is something like an Internet kill switch possible?
  • What would it take to put in place?
  • Is it a good idea technically and will it do any good?

I was hoping to receive answers from everyone, but several were hampered by employer-dictated restrictions. That’s okay. Invincea’s Anup Ghosh, NoScript’s Giorgio Maone, and Arbor Network’s Jose Nazario offered the following insights:

Anup Ghosh

Is such a switch possible: First, it’s important for your readers to know that the Internet Kill Switch is not an actual switch or technical device. It is language written into one of the pieces of cyber security legislation that is winding through the Senate.

The original intent of giving the President authority to protect the U.S. and U.S. national security interests — such as critical infrastructure providers — against cyber security attack, while well intentioned, is fundamentally-flawed technical policy.

Implementing such a switch would be difficult technically. The Internet is a dynamic and distributed network implemented by a number of large service providers with many downstream smaller service providers.

Replication and redundancy was built into the network design from its original ARPANET origins in routing and naming to protect against single-failure modes in the Internet. The Internet simply routes around outages and disruptions.

But, none of this is really relevant because the intent is really to give the President “authority” to direct the service providers and potentially the military (US CYBERCOM) to take down Internet connectivity in the event of cyber attack.

What would it take to put it in place: Putting an Internet kill switch into practice is not a technical issue. It’s really about giving the President the authority and then getting all service providers to agree to null route Internet requests. So, it takes authority and cooperation to implement an Internet kill switch.
Is it a good idea technically and will it do any good: It is a poor idea on technical, policy, and potentially legal grounds. I don’t see any upside to including this authority.

From a technical perspective, there is more damage that will be caused by disconnecting or shutting down the Internet than good. So many services now ride the Internet backbone including the power grid, industrial control, telecom, transportation, banking, military command & control, and of course all manner of business communications and logistics.

In other words, our economy and critical infrastructure is so dependent on the Internet, that it’s actually an “economy kill switch.” This is the very reason why we need protection against cyber security threats in the first place.

An Internet kill switch would be a self-imposed Denial of Service. If an adversary could trigger a Presidential decision to implement, it would be a much more effective weapon than most-imaginable cyber attacks.

Giorgio Maone

Is such a switch possible: If by “switch” we mean some sort of regulation which binds ISPs to suspend Internet routing when asked by the government. It is obviously quite possible.

Such an Orwellian law might go as far to mandate some sort of disconnection relay, remotely controlled by the President’s office. A bunch of phone calls to ISP CEOs would be just as effective.

What would it take to put it in place: As I said, just a law and all the ISPs of a country (including universities, which often have their own infrastructures) agreeing to comply. A global (international) “switch” is more complicated, being more a political than technical issue.

Furthermore, I suspect in most “civilized” countries, shutting down Facebook and Twitter would be enough of an “Internet kill switch” for most people. What ridiculous times we’re living…

Is it a good idea technically and will it do any good: If its aim is protecting people from terrorists, it would be a total fail. There are several secretive alternative communication channels available to relatively small and organized groups.

Unfortunately, I believe the only real use of such a “device” would be against people. For example, trying to control and sedate a popular revolt, like the ones we’re currently witnessing in Middle East. So, it is an awful idea, anti-democratic and against free speech.

Jose Nazario

Is such a switch possible: In one sense, yes. It’s just a technical issue. You can drop routes or shut down routers etc. In a different sense, it’s quite difficult:

  • Who has the legal authority to compel providers to act?
  • How many international points do we have?
  • How do we ensure it’s a satisfactory blackout?

I’m not sure answers to those questions — or even the legal authority (hence the bills being proposed in Congress) — exist.

What would it take to put it in place: At a minimum the following are needed:

  • Legal action to pass laws to grant someone in the government such authority.
  • Identify all of the ISPs who provide international access to US subscribers, and ensure they are legally bound to follow such orders.
  • Identify what routes would get pulled or blocked to provide such a “kill switch”.

Routes and ISPs are fluid, to the point of changing throughout the day. By the time you had an inventory; it would be out of date.

Is it a good idea technically and will it do any good: Technically, I would say it’s probably a disaster. The US is a major hub for international transit traffic. Shutting down routes and elements of the infrastructure, for example, Latin American gateways at the NAP of the Americas or various root DNS servers within the U.S has major consequences.

Are we willing to live with that? The damage to American businesses with global customers — Google, Facebook, Microsoft, Symantec, and specially Verisign (think about their RSA trust chain that could get broken) — will cause massive collateral damage.

As for “would it do any good”, I guess it depends on what you’re trying to stop. If you’re trying to stop a worm attacking the government or critical infrastructure, probably no good could get done without massive collateral damage.

If you’re trying to stop information from flowing, say an insurgent force is coordinating within America via the net, again, probably not: Enough other means to get to the net exist. If you just want the power to shut a specific set of circuits down (think US-KR back in July ’09’s attacks), then it could do some good to have that power and that insight.

Final thoughts

There you have it. What the bill co-sponsors think and what several IT experts think. I just had a thought. Where did the term, “Internet kill switch,” come from? It is not mentioned in the bill. And, experts are saying an actual switch where everything goes dark is difficult at best to set up. Hmm.

I would like to thank Senator Lieberman, Senator Collins, and Senator Carper for their help. Also, thanks to Dr. Ghosh, Mr. Maone, and Dr. Nazario for allowing me to borrow from their expertise.

Update: Cormac Herley, another important SME in my world, with the blessing of Microsoft was able to answer my questions on his blog site, my thanks to him as well.
Update (09 Feb 2011): Rick Moy of NSS Labs just returned from Europe and rushed his answers to me. Here is what he had to say:
Is such a switch possible: Much harder than it was in Egypt. They have only 4 ISPs, whereas in the US we had at one time over 5,000. So from a volume perspective, it would be a massive undertaking.
What would it take to put it in place: The technology behind the Internet was originally created by DARPA to ensure strategic command could still launch missiles if one node of the network was taken out. This type of resiliency is ‘baked in’. I think there would be ways to hard-crash certain systems, but bringing them back up properly later would be a different story.

It would probably take engineering, planning, and years to devise anything that didn’t resemble ‘pulling the power plug’. Even so, coordination would be a disaster. Further more, one would have to design security into the system. So the ‘kill switch’ didn’t become the next best way for criminals or political groups to hold us hostage or interrupt commerce.

Is it a good idea technically and will it do any good: I have ethical problems with the idea of putting a kill switch for something like the Internet into the hands of government officials. The Internet is many things now; not least of which is a medium for free speech, a positive part of our society.

Shouldn’t we rather find better ways of protecting us from specific threats? Carriers and ISPs have had the ability to filter malware from our pipes for a while, not perfectly, but there have been solutions. They’ve mostly opted out til now for various reasons. Maybe that should change? Or provide instructions and guidance to those who wish to take themselves off the net in such instances? Feels like there’s a lot of core issues to deal with here.