Internet 'Kill' Switch: Balancing Security And Freedom
Why it's important to have controls in place before deploying such a powerful tool
Security and freedom often seem at cross purposes, and that hasn't been any clearer this week than in Egypt where virtually all public communications have been cut off in an attempt to quell an internal uprising. There are good reasons to have an Internet "kill switch" -- reasons that are security-related and have nothing to do with sustaining government control, like stopping the spread of a particularly nasty virus until a remedy can be discovered. Even in the case of an attack either internally by a minority or externally by a foreign power, eliminating services like the Internet or GPS could save lives and protect the legitimate government. But if the tools were misused to protect an illegitimate government or to directly harm the people, then it would be a bad thing.
The question being asked is whether a tool that can be used powerfully for good or evil should be allowed to exist. If the answer is no, then virtually all tools -- from hammers to nuclear energy -- should be eliminated. This suggests the focus on the tool is foolish; the focus should be in on the protections surrounding tools.
More Security Insights
- The Power of Cloud: Driving Business Model Innovation
- Digital Transformation: Creating new business models where digital meets physical
- Strategy: How Cybercriminals Choose Their Targets and Tactics
- Strategy: Cybersecurity on the Offense
- Mobile DevOps: Achieving continuous delivery with multiple front ends and complex backends in Banking, Financial Services, and Insurance
- How Cloud Facilitates an Agile Contact Center
This speaks to arguments pro and con about gun purchase and even the exploration of alternative energy sources. But particularly with security tools, which mostly all have a dark side, controls should be in place before they are allowed -- not the other way around. With the Internet kill switch, a discussion of whether there should or should not be one is moot. The benefits of having one are simply too great against what is clearly an increasing risk. However, if the discussion is to have merit, then it needs to change to the protections over such a switch to make sure it isn't used as it was in Iran -- and maybe in Egypt -- against the people it was envisioned to protect.
But this isn't easy because excessive control would likely eliminate its usefulness in its intended purpose, while inadequate controls won't provide the necessary protection. This suggests that the final decision to use such a tool should reside outside of elected government and with a small number of people who would not benefit personally from the misuse of the tool, couldn't be bribed or coerced to act improperly, but could still act quickly enough to stop a real threat. Such an entity might have to be created because existing law enforcement doesn't have the needed independence. While the Supreme Court in the U.S. fits many of the requirements, even that wouldn't likely be able to act quickly enough. The formation of such a group should precede any deployment of tool with this much power.
Security tools often have the ability to both provide great protection and to do great harm. An Internet kill switch is no different, so before it is deployed, controls need to be placed over its use that still make it effective but prevent abuse.
-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.