Senate 'Internet Kill Switch' Bill Moves Forward

by Chloe Albanesius
PC Magazine


06.25.2010 10


A Senate committee on Thursday approved a cyber-security bill that has prompted concern about a presidential "Internet kill switch."

The Homeland Security and Governmental Affairs Committee unanimously approved the Protecting Cyberspace as a National Asset Act of 2010 (S. 3480). It now moves to the Senate floor for a full vote.

The bill is an over-arching cyber-security measure, which would, among other things, create an office of cyberspace policy within the White House, which would be led by a Senate-appointed director. It would also create a new center within the Homeland Security Department, which would implement cyber-security policies.

A provision that got the most attention, however, was one that gave the president the power to "authorize emergency measures to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited."
Though the language is somewhat vague, this section was interpreted by many as giving the president an "Internet kill switch" that would effectively allow him to "turn off" the Web in an emergency.

"While the bill makes it clear that it does not authorize electronic surveillance beyond that authorized in current law, we are concerned that the emergency actions that could be compelled could include shutting down or limiting Internet communications that might be carried over covered critical infrastructure systems," several privacy groups, including the American Civil Liberties Union (ACLU), wrote in a Wednesday letter to the committee.

The bill should be amended to describe exactly what actions the government can take, the groups said.

Sen. Joe Lieberman of Connecticut, the bill's sponsor, refuted the "Internet kill switch" assertion as "misinformation" during a Sunday appearance on CNN, and the committee on Wednesday published a "myth vs. reality" fact sheet on the bill.
Current law already provides the president with broad authority to take over communications networks, the committee said, pointing to Section 706 of the Communications Act. That portion gives the president authority to "cause the closing of any facility or station for wire communication" and "authorize the use of control of any such facility or station" by the federal government. This can be done if a state or threat of war exists, it does not require advance notification to Congress, and can continue for up to six months after the threat expires.

This bill, the committee said, "would bring presidential authority to respond to a major cyber attack into the 21st century by providing a precise, targeted, and focused way for the president to defend our most sensitive infrastructure."

Specifically, the bill would give the president 30 days to respond to a threat, requires that he notify Congress beforehand, and demands that he use the "least disruptive means feasible" to do so. The committee denied that it lets him "take over" the Web, and said it does not provide any new surveillance authorities. Owners of private networks would be able to propose alternative responses to a given threat.

Lieberman's bill "authorizes only the identification of particular systems or assets – not whole companies, and certainly not the entire Internet," the committee said. "Only specific systems or assets whose disruption would cause a national or regional catastrophe would be subject to the bill's mandatory security requirements."

A catastrophe would include mass casualties, severe economic impact, mass prolonged evacuations, or severe degradation of national security capabilities.
The committee's fact sheet also denied that the bill gives the president the authority to conduct e-surveillance and monitor private networks or regulate the Internet.
"Catastrophic cyber attack is no longer a fantasy or a fiction," Lieberman said in a Thursday statement. "It is a clear and present danger. This legislation would fundamentally reshape the way the federal government defends America's cyberspace.

It takes a comprehensive, risk-based, and collaborative approach to addressing critical vulnerabilities in our own defenses. We believe our bill would go a long way toward improving the security of our government and private critical infrastructure, and therefore the security of the American people."

Rep. Jane Harman, a California Democrat, has introduced a House version of the bill, H.R. 5548, but it has not yet passed committee.

In May 2009, President Obama designated cyber-security as a national security policy. Seven months later, he appointed Howard Schmidt, a former eBay and Microsoft executive, as cyber-security coordinator.