Risk
6/25/2010
02:47 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

There's No (New) Internet Kill Switch

The Lieberman-Collins cybersecurity bill passed out of the Senate Homeland Security and Governmental Affairs Committee on Thursday to await consideration by the full Senate. But not everyone is satisfied with what it says.

The Lieberman-Collins cybersecurity bill passed out of the Senate Homeland Security and Governmental Affairs Committee on Thursday to await consideration by the full Senate. But not everyone is satisfied with what it says.The bill has drawn criticism in some quarters because it supposedly includes provisions for an Internet kill switch -- when the going gets rough, the President supposedly could power down the Net.

Well, it seems there is no Internet kill switch in the bill. Apparently, we have one already.

In an e-mail directed to his media contacts on Friday, Alan Paller, director of research at the SANS Institute, wrote:

There is no kill switch in the Lieberman-Collins Bill (formally known as Protecting Cyberspace as a National Asset Act, S. 3480). But there is one already on the books in the Communications Act of 1934.

The Lieberman-Collins bill just authorizes standard filtering like that done by ISPs every day, but in a nationally-coordinated fashion. The only kill switch appears to be in Sec. 706(c) of the Communications Act of 1934, that already gives the President the power in a time of national security emergency to shut down or disrupt internet traffic. The Lieberman Collins Bill is much more measured and effective.

The relevant sections of both bills are provided below. Read them yourself. The press has been totally fooled by IT and telephone company lobbyists, and by an incorrect article from a CNET reporter (I wonder who gave him the incorrect data). That false press report got repeated over and over.

If you are a journalist, next time you hear one of the lobbyists talk about "unintended consequences" and "kill switches" remember how the car companies tried to block mandatory seat belts by saying "your wives and children will die in car fires because the seat belts will keep them from getting out of their cars in time." And you might consider recalling the immortal words of Garrison Keillor, "Liar, liar, pants on fire."

That's not to say there's no reason to be concerned about the bill. In a letter backed by some 23 other civil liberties groups, the Center for Democracy & Technology on Wednesday, laid out a list of concerns about the specifics of the proposed law.

Among other things, the letter says, "the bill should also be amended to require an independent assessment of the effect on free speech, privacy and other civil liberties of the measures undertaken to respond to each emergency the President declares. It is imperative that cybersecurity legislation not erode our rights."

Frankly, it's hard to know how to talk about possible emergencies and what might be appropriate. Sure, it's nice to think that Twitter will be available in a crisis. But what kind of crisis are we talking about? If it's like The Road, where the main concern is not being eaten by soul-dead cannibals, who'd notice an Internet shutdown?

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.