Senate Panel Approves Cybersecurity Bill 269
GovTechGuy writes "A Senate Committee approved a bill that would give the president an emergency 'kill switch' over the Internet, but added some restrictions to the bill. The president may no longer simply assert that the threat remains indefinitely, he must now seek Congressional approval after 120 days. Still, privacy advocates are concerned about the government's ability to shut down private networks. Sen. Susan Collins (R-Maine) 'said she was disappointed to read reports that the bill gives the White House a "kill switch" for the Internet, an authority she says the president already has under a little-known clause in the Communications Act passed one month after the December 1941 attack on Pearl Harbor by the Japanese. ... Collins [argued] the new bill actually circumscribes the president's existing authority and puts controls on its use.'"
A pox! (Score:1, Insightful)
Damn you Americans and your self-important exceptionalism.
Wait... (Score:4, Insightful)
Wait a minute, is this the USA or North Korea I'm living in?
Joe Lieberman (Score:4, Insightful)
Joe Lieberman is a republican mole in the Democratic party. This much should be obvious from everything that he has done so far, his stance on the health insurance is a good example.
Remember, he is the guy who wants to spend about 187 million to upgrade the Secret Service systems/hardware (pork belly spending obviously), and now he is the guy who came up with this 'Cybersecurity Bill'.
Obviously this has nothing to do with any cybersecurity, the politicians will approve it, whether republicans or democrats, so that they have a way to kill dissenting opinions and news that the Internet allows to spread around. One of the arguments Lieberman gave for this is that China can do it so USA should also be able to. Does USA want to follow China in terms of treating the dissent, the freedom of press, the freedom in general? I guess now, that everything else is made in China this is just the next logical step - import their governing principles as well (at this point it doesn't seem that much needs to be imported anyway).
Re:not likely to happen (Score:5, Insightful)
Say what? I think you are mistaken. Certainly, nothing in the Constitution seems to give the President that power.
Although, of course, the government simply ignores the Constitution all the time.
Re:not likely to happen (Score:4, Insightful)
For most people, it's the possibility part that bothers them.
Removing knee-jerk reactions and looking at this objectively, I can understand why the government would need the power to do this...but with all the public attention they've been giving to "cybersecurity" lately, I can completely understand why this makes people very nervous.
Of course, the most common argument (one which I agree with) is why are mission critical systems accessable from the "normal" Internet in the first place? Why aren't they built on an entirely seperate network that sees zero interaction with the "public" Internet, like something akin to a CCTV system?
Re:Can someone explain? (Score:5, Insightful)
I don't see how anybody in America will be able to use the internet to get news or communicate with other Americans in a time of emergency if this should ever go into effect.
Re:not likely to happen (Score:3, Insightful)
The President also has the power to suspend the Constitution, something that has never happened though several wars. Things would have to get very dire before either of these events would be triggered.
So it's OK then?
Re:habeus corpus (Score:5, Insightful)
The power to suspend habeas corpus is stated in Article I of the Constitution, which mean that Congress, not the President, has that authority. Lincoln simply ignored the ruling.
http://en.wikipedia.org/wiki/Ex_parte_Merryman [wikipedia.org]
Re:not likely to happen (Score:2, Insightful)
120 days seems too long (Score:3, Insightful)
It seems to me that 120 days before needing approval from Congress is about 113 days too long. Maybe 118 days too long. Assuming the President had a valid reason to use this power, it's reasonable to think that Congress would approve similarly. The internet is pretty fricking important, and it's hard to imagine it going away for four months.
Also, of course, shutting down the major pipes won't make the internet disappear, it will just send it back to the Dark Ages of the early 1990s, when people manually connected their computers together and the routing software took care of the rest. Maybe IRC would see a comeback.
Re:Good idea in theory... (Score:5, Insightful)
Much like the old guys at the Whitehouse I think you've been watching too many Hollywood movies. The destructive power of this kill switch is ironically the only thing dangerous enough to warrant even having a kill switch. Even if there was some kind of "super virus" that was taking out routing on the internet, shutting the internet seems about as effective as killing the patient to save their leg.
I'm really yet to read any scenario that makes sense where having this would be useful. I can think of many cases where the government could happily abuse it for political reasons - particularly if they had the power to shutdown political opposition in order to "protect the public from terrorism."
Re:Good idea in theory... (Score:1, Insightful)
But most likely it will be a "highly-destructive fast-spreading virus" that attacks Windows and you want to shut down the Internet for everybody?
Re:not likely to happen (Score:4, Insightful)
They do, for the most part, and for most of the agencies (DOD, FBI, CIA, DHS, etc...). They have redundant network capabilities served both by wired and wireless means (micro-wave and satellite transmission capabilities). The "business" apps at those agencies do not necessarily have a private network. The terminals that serve you the internet at a great many of these agencies also have access to these other applications that interact with the "shadow" networks. Also, the same network providers that provide you and me with our "pipe" (AT&T, Verizon, Quest, etc...) also provide the "pipes" to the other, "shadow" networks. Should the systems at those installations become targets for malicious assault, then it could shut down entire sectors of the economy. The NASDAQ is one such "highly available" system that could be harmed, even though they have their own network. The financial networks that carry SWIFT, Cirrus, Visa, and ATM transactions would be susceptible even though they are on private networks. I'm not sure how turning "off" the internet will help. Wouldn't removing access to the internet have the same effect as a DDOS attack? The outcomes are the same aren't they (i.e. loss of connectivity)? The real goal of cyber attack is either one or both of the following:
Gain Access
Deny Access
If I were a cyber-assassin bent on disabling large networks for the purpose of disrupting an economy, I now would have two tactics available to me. I could launch my DDOS against a financial network or sufficiently large commercial target and hope to disrupt their capabilities. The other tactic would be to launch the assault and wait for the "kill" switch to be engaged. The outcome in both of those scenarios is favorable to the attacker.
Re:Good idea in theory... (Score:3, Insightful)
Much like the old guys at the Whitehouse I think you've been watching too many Hollywood movies.
This [wikipedia.org] was not a Hollywood movie. I will agree that the scenarios where this could be abused far outnumber the number of scenarios where this bill would be useful. However, it is impossible to prove that there exists no scenario where this power would be necessary.
Even if there was some kind of "super virus" that was taking out routing on the internet, shutting the internet seems about as effective as killing the patient to save their leg.
An analogy to counter yours would be the treatment of heartworms in dogs. If you take appropriate preventative measures there shouldn't be a problem. However if you fail at that, the treatment for heartworms is a small dosage of arsenic.
I can think of many cases where the government could happily abuse it for political reasons - particularly if they had the power to shutdown political opposition in order to "protect the public from terrorism."
And here I agree with you. As I pointed out in the OP, Japan for many years (not sure if they're still doing it) used the nebulous term "emergency" to circumvent spending limits in their constitution. The goal of my post was to point out a way the bill could be crafted that would help ensure that it wasn't abused.
That said, I have little faith that the congresscritters wouldn't leave a loophole open for them to use this power politically. Hell, the bill itself is a political game by Liberman to tout how he's tough on terror. Even without loopholes, I doubt the government would have the integrity to follow its own laws. However, that does not mean that some central coordination of ISPs in the case of a real emergency couldn't help stop the threat.
I disagree. (Score:3, Insightful)
The passing of this bill will be the end of the internet and the end of all free speech on the internet. The US government will be able to determine what is or isn't dangerous enough to shut off the internet. In my honest opinion it's just ridiculous to give something as important as the internet BACK to the government. They had the internet and gave it to corporations and this is what lead to the internet as we know it, and now they want to go back to how it was?
No virus, no worm, is so much of a threat that we'd have to shut off the internet. And to shut off the internet is probably even worse than any of the danger any worm could cause. I suppose they want to rush this bill through because of the wikileaks situation because I don't understand why it's being rushed without any debate or obvious need for it. What is the reason for this?
Re:not likely to happen (Score:4, Insightful)
Since you understand why the government would need the power to do this can you explain it to me? If a company is compromised, either the company or the the upstream provider could yank it offline. In most cases the upstream also has an upstream, all the way to the backbone connections.
Wouldn't it be better for the administration to simply communicate with the backbone providers? If the backbone is compromised, they should have their own kill switches - or else the governmnet can't order them to do anything anyway. I don't see what this adds, the ability is already in here.
If the administration calls up a backbone and says there is a cyberattack going on and you need to shut things down, let's think about what this means. The administrative arm of the governmnet knows something is happening and the backbone has NO IDEA? That's not possible. The backbone would learn via SANS or CERT or whatever else just like the backbone would, and if the gov knows before the backbone there is serious mismanagement going on.
Shutting it down would become a goal for the terrorists. Let's MAKE THEM TURN OFF THEIR OWN INTERNET. It worked with the WTC attacks, they hate our freedoms so we took them away ourselves. This will be no different. To turn it up to 11, anyone who is for this law is helping terrorists and qualifies for treason.
Re:Wait... (Score:5, Insightful)
I suggest you actually read the law.
The Communications act already give the president permission to do this. It was passed right after WWII started.
Do you think you could send a telegram to Japan or Germany in 1943?
Nope.
The really rampant fear that people seem to have is just mind numbing at times. Yep go ahead and please debate this but do not use such silly chicken little fears in the debate!
All that can do is make anyone questioning this bill to look like a nut job.
Instead of this boarder line pathological fear let us all reason.
Why should we pass this law?
What benefits will it have.
What risks are involved.
How can we prevent abuses while keeping the benefits there are any?
No president will use this law lightly because it would be stupid. This would be at the same level as declaring martial law.
Besides if the government would never use this to silence opposition or debate.
They would use bot nets to make classic DOS attacks on sites that couldn't be traced or some other tactic that would be more subtle and wouldn't disrupt commerce and the smooth running of the internet.
To use the big red switch would be clumsy inefficient, and just stupid. Please if the government was going to be that evil don't you think they would be as smart and effective at being evil as some random poster on Slashdot?
Why the internet? (Score:4, Insightful)
Why would they only shut down the internet? They aren't talking about shutting off radio, telephone, or TV. It's only the internet because the internet is the last free speech zone left in this world. To shut down the internet for any reason is to kill free speech, I cannot think of any logical reason where shutting down the internet makes sense.
A civil war situation? even if there were a civil war we'd need open communication just to know whats going on and whos winning. Who exactly benefits if theres no communication? The citizens certainly wont. And I'm talking the ordinary citizens here not the slashdot types who are sophisticated enough to figure out how to communicate by radio or other devices. Shutting down the internet hurts individuals who get all their news, all their information and do all their communications on the internet.
Honestly most of us would rather take a virus than shut down our computer.
That would put our country into complete chaos. (Score:3, Insightful)
This is like the talk of martial law and plans to build camps. Shutting down the internet will trigger so much chaos that there would be riots in the streets. To shut off the internet for MONTHS would create more chaos than 911, more chaos than Katrina, it would be like a blackout that lasts for a month where the majority of young people wont know how to communicate with their friends and family. They wont know how to get their news. They'll be confused and will accept news from random sources.
Also theres no talk about shutting off the TV, or the phone or government censored access points for information. This idea seems political and I doubt Google, Microsoft or any internet company thinks this is a good idea. This is going to lead to something bad.
If you care, maybe set up UUCP? (Score:2, Insightful)
If you care about information continuing to flow if/when the TCP/IP networks are shut down, maybe you should look into setting yourself up as a UUCP node and making peering arrangements? Remember how UUCP mail and news worked? It was a bit like telephone-based bit torrent. It was completely decentralized. As long as you could set up a phone connection with your nearest peers, the data would flow.
Re:Wait... (Score:4, Insightful)
Re:A pox! (Score:2, Insightful)
Re:Joe Lieberman (Score:1, Insightful)
Your argument begs the question. Republicans do not have a monopoly on intrusive, Orwellian, draconian laws limiting privacy and speech. Sure, Bush was an extreme example, but so far Obama hasn't been much better.
In fact, the real conservatives (and Republicans these days are conservative like the Pope is protestant) are just as outraged as the liberals.
Conservatives are all about individual freedom, and letting people make their own decisions for good or ill, and especially keeping federal power to a minimum. This bill is about as far from conservative as it is possible to get.
To be fair, it's about as far from liberal as it is possible to get too, which is why I don't agree with a one-dimensional scale in politics.
Re:Wait... (Score:1, Insightful)
Re:Wait... (Score:3, Insightful)
The really rampant fear that people seem to have is just mind numbing at times. Yep go ahead and please debate this but do not use such silly chicken little fears in the debate!
That's right, because there is just no precedent that the Federal government would ever chase a thread of legitimacy into outright oppression. They would never declare a common weed to be an illegal substance, and then spend billions of dollars every year to incarcerate otherwise innocent citizens. There is no way that this silliness would extend to giving police the power to shakedown and search people without a warrant, protection against such being explicitly declared in the Constitution.
Nope. You're right. Fearing our great father, who art in Washington, is just paranoia.
Re:not likely to happen (Score:3, Insightful)
The only way the power of the Presidency is abused is if we tell ourselves "Well this President wont abuse it.", and "Well, its just for a little while.", and "It's for their own good.". As soon as we recognize it's never OK for any President, or any Congress to overstep its authority for any reason, then we retain the power the Founders intended us to have.
Re:Joe Lieberman (Score:4, Insightful)
I'm a Republican, and I really can't stand the guy. Remember, this is the same Joe Lieberman who has supported in the past activities that involved censorship of specific media (music albums, etc.).
I'm currently reading the bill as was linked from this comment [slashdot.org], and it reads as though it were crafted by Symantec, McAfee, Sophos, and all the other "security" vendors who would very much like to be granted a fantastic revenue stream required by law to line their pockets (aside: I suspect it was crafted by them or by lobbyists for their industry)! What I mean specifically can be best explained by reading a small snippet of S. 3480:
This is on page 49 of the PDF. There's 10 pages of recommendations about acquiring "tools" to achieve specific goals--in other words, purchasing the required devices from recommended vendors. The entire bill if it survives as it is written is nothing other than a government-issued directive to dump a significant amount of taxpayer money into various security firms in effort to protect national resources. Though, what worries me is that there appears to be mandates for federal oversight of private systems to ensure that they're following best practices. Coming from the same government that has used the password "password" to protect critical systems, I can only fear that such a mandate would be much more harmful than any sort of purported "cyberattack."
If you read the FAQ [senate.gov] the Senate has posted relating to the bill it is clear that no one on the panel has any understanding of what "security" really is. Worse, while the FAQ claims that this bill restricts the powers given to the President under the Communications Act of 1934, I can't help but read into S. 3480 that it is going to involve so much government oversight that we might be swamped simply trying to implement all of the requirements. I hope I'm wrong; I am not a Congress critter, so it's feasible this language might be directed exclusively toward Federal networks.
The Slashdot summary appears to be incorrect. It appears that the time limit placed upon such measures is 30 days. However, I can't help but think that it can be extended indefinitely. From the bill:
I really hope that doesn't imply such an action could be extended indefinitely, but the way I'm reading it sort of suggests that if the President or the director of the office this bill creates d