When two countries dismantle the Internet in three weeks, it’s tough not to turn the conversation on ourselves. In January, Egypt’s flailing autocratic regime ordered government-owned Internet service providers to pull the plug. The next month, Libya, embroiled in violent unrest, shut down the primary ISP, also state-owned. Now Syria shut down that country's access.
The turmoil abroad prompted some Americans to ask an uncomfortable question: Does the president have the right to shut down the Internet? The United Nations would say no, at least in light of their recent proclamation that Internet access is a human right. Google and US officials recently accused the Chinese government of interfering with its Gmail service for politicians and Chinese political activists—and this was little more than a year after the company accused Beijing of sponsoring politically motivated attacks against the search giant.
Given that this is a pressing global issue, the better question might not be if the president has the right to shut down the Internet, but whether he should.
Yes, say the majority of Americans. Back in October, months before protests began to sweep the Middle East, 61 percent of people polled by Unisys said the president should have the power to control, or even shut down, parts of the Internet in the event of an emergency. But how likely is such a catastrophe to befall the country—and how dire would a crisis have to be for Americans to really be okay with the government hitting the kill switch?
In fact, the president already has the right to take control of the Internet under section 706 of the Communications Act of 1934, which states that in wartime the president can close “any facility or station for wire communication.”
Though this act clearly precedes the Internet age, a 21st-century policy makeover has been a tough sell. Two years ago, Senate Committee on Commerce chairman Jay Rockefeller and Senator Olympia Snowe of Maine introduced a cybersecurity act that would have provided for the addition of a National Security Advisor reporting to the president.
“Nearly 90 percent of our nation’s networks are owned and operated by the private sector. Securing cyberspace must be a collaborative effort between our government and private sector,” read a March 2010 draft of the bill-in-progress.
The senators introduced the bill months after Melissa Hathaway, the then-acting cybersecurity chief at the National Security Council, published a 60-day review in which she called for private-public partnerships and oversight by a central White House office—not myriad Federal ones. That kind of collaboration meant using security software already on the market and sharing intelligence with “key private sector officials” in an effort to stem identity theft and attacks on the government’s own infrastructure.
The senators repeatedly insisted that the cybersecurity bill did not provide for a so-called kill switch allowing the president to pull the plug on the Internet, but it was tabled nonetheless amid outrage from civil liberties groups that questioned whether allowing the president to disconnect “critical” systems in the event of an emergency meant the government could effectively shutter private networks.
The bill was reborn in January, however, as the Cyber Security and American Cyber Competitiveness Act of 2011, legislation sponsored by eight senators, including Senate Majority leader Harry Reid, John Kerry, Dianne Feinstein, and Rockefeller. The proposed bill softens the Rockefeller-Snowe bill by emphasizing resiliency over any so-called kill switch.
Too Much Power?
“I can’t envision a case where national security would trump freedom of information, or where shutting down the Internet entirely would be necessary,” said Jillian York, who coordinates the OpenNet Initiative, a research project run by the Canadian consultancy SecDev Group and scholars at Harvard University and the University of Toronto.
York warns that the bill combines vague phrases such as “critical companies” with scant accountability. The bill, she argues, allows the government too much authority in shutting down websites without a court order, a scenario she likens to the Department of Homeland Security’s takeover of dozens of sites due to alleged copyright violations. In November alone, it seized more than 70 sites.
Moreover, adds Rebecca Jeschke, media relations director for the Electronic Frontier Foundation, an ill-defined bill has the potential to stifle freedom of speech, even if Internet access itself isn’t a right, per se.
“If there were a virus that could cause structural damage to the Internet or other physical resources, or risk the exposure of state secrets, then perhaps some traffic restrictions that would halt the spread of the virus would be appropriate,” she said. “But it should be as narrow as possible a restriction. In times of crisis, we need to able to debate the situation—it’s the American way, and protected by the Constitution. Nowadays, that debate happens online.”
Assessing the Threat
The problem with defending the Internet is that it wasn’t built with security in mind. The web as we know it was born in the ‘60s, when scientists adopted a new communications standard, dubbed packet switching. Unlike circuit switching, a protocol used in telephones that sends messages in full, packet switching splits information into nuggets that pass through access points more efficiently. Additionally, a plethora of access points means the network is protected by a built-in redundancy that allows the Internet to survive even if a section of it fails.
Of course, the structure of the Internet reflects a different set of priorities than thwarting failure in the first place. In fact, that’s a challenge that security experts have deemed impossible. The Internet is constantly under attack—albeit by thieves, not cyber terrorists—says Larry Clinton, president of the Internet Security Alliance, a cybersecurity lobbying group whose members include Symantec, VeriSign, and Verizon Wireless.
“It’s easy to do, it’s profitable, and your chances of getting caught are small,” Clinton said. “On the other hand, the perimeter we have to defend is virtually limitless.”
So it should be no surprise, then, that this underworld industry of online scams has mushroomed in the past few years. The number of unique threats rose to 286 million in 2010, with a 93-percent increase in web-based attacks from 2009, according to Symantec, which declined to comment for this story due to the sensitivity of its relationship with the goverment. During that same year, companies whose data was compromised lost $7.2 million each on average, up 7 percent from the previous year.
All told, Clinton estimates that solutions currently on the market, such as anti-malware software made by Symantec and other companies, block anywhere from 80 to 94 percent of cyber attacks. The remaining slice of attacks are mostly the work of well-organized and well-funded thieves.
The Cyber-Industrial Complex
If you ask some scholars, it’s organizations such as Clinton’s that exaggerated the potential for cyberterrorism in the first place. At the same time, legislators have exaggerated the threat of a cyber emergency, said Jerry Brito, a political science researcher at George Mason University. He warns that a cyber-industrial complex is emerging—helped, of course, by the same defense contractors who stand to benefit from tighter security policies.
Moreover, Brito said lawmakers tend to lump together myriad threats, from state-sponsored espionage such as Chinese attacks on Gmail, to the kind of security breach that took down Sony’s PlayStation Network.
“These are all very different types of threats and they should have different ways of dealing with them. We hear about the worst-case scenario where you have planes falling out of the sky. We haven’t seen that yet. It’s up to them to show us it’s likely. We don’t have a reason to believe it’s as doomsday as some folks seem to think.”
Ultimately, Brito argues that alarmist rhetoric about remote attacks on chemical plans and the like could lead to unnecessary regulation of the Internet, similar to how defense spending spiked in the run-up to the Iraq war amid breathless speculation about weapons of mass destruction.
If that’s the alternative to leaving the Internet untouched, it’s no wonder, then, that six in 10 Americans would rather see the president shut it down, said York of OpenNet. “I think people have become so concerned about national security that they’re willing to give up one of our most precious rights, the First Amendment.”
Fight or Flight
Ultimately, as fantastical as cyberterrorism may seem, going dark could be too simplistic a solution. After all, government officials could use the Internet to monitor the bad guys—not to mention, to compare notes.
“The current best practice when you discover you’ve been compromised by an advanced persistent threat is to look at it,” Clinton said. “You examine it. The same way when the FBI stumbles across a criminal or terrorist they don’t arrest them right away. They try to find out what else they’re doing.”
Image Credit: The Commentary 'Journal