Killing the 'kill switch'?
http://myble2010.livejournal.com/68915.html
Under a World War II-era law, the US president appears to have authority
to disconnect computer systems and servers from the internet in the event of
a national emergency. But the next US Congress is poised to change that.
The law was passed in 1942. The Japanese attack on Pearl Harbour had
provoked fear of a foreign invasion on US soil, and Congress responded by
giving President Franklin Roosevelt broad power to commandeer or shutter
telephone and telegraph networks.
Nearly 70 years later, telegraph networks have disappeared, and the
telephone is only one of many means of communication.
But although the 1942 law makes no mention of the internet - merely of
"any facility or station for wire communication" - the Obama administration
in June told Congress it would cite it in an emergency.
It has not been tested in court, but experts say section 706(d) of the
Communications Act could give the president wide-ranging authority to shut
down key computer systems.
With typical Washington hyperbole, the law has become known as the
presidential "internet kill switch".
The next US Congress will be under pressure to strengthen the nation's
cyber defences, and a spectrum of security analysts, internet freedom
advocates and senators say lawmakers must update those emergency war powers
to limit or at the very least more clearly define the president's authority.
William LynnThe Pentagon's William Lynn has acknowledged foreign spies
have infiltrated secret US military computers
"The time is ripe for some articulation of this authority so we don't
have presidents going off into the wild, but actually have a set of pretty
clear rules," said Paul Rosenzweig, a former homeland security official
under President George W Bush, now a fellow at the conservative Heritage
Foundation.
Uncertainty over the interpretation of the current laws has left
analysts speculating about how the president would use the "kill switch",
and to what end.
One analyst told the BBC that if, for example, computer systems at
Washington's natural gas and electric utilities became infected by a
powerful internet worm, the president could order them to power down or
disconnect from the internet to protect physical infrastructure, stem the
infection, and allow them to be cleared.
Recent major cyber attacks2010 - Stuxnet infects personal computers used
by Iranian nuclear scientists2009 - A major South Korean bank and newspaper
and the country's spy service are slammed with co-ordinated attacks, which
some blamed on North Korea2008 - Foreign spies infiltrate secret US military
computers in an attack launched from an infected flash drive2007 - Estonian
government and commercial computers bombarded with cyber attacks the country
blamed on Russia2000 - Major websites including Amazon.com and eBay crippled
by "denial-of-service" attacks
In another hypothetical scenario described to the BBC, the president
might order the shut-down of networks hosting Wall Street financial services
infrastructure in order to avoid an imminent cyber attack.
In both cases, the actions would have far-reaching consequences for the
companies and individuals relying on the systems - for power, or to move
money, analysts said.
Civil liberties campaigners are concerned at the potential for the power
to be abused.
"It's unlimited," said Michelle Richardson, legislative counsel for the
American Civil Liberties Union in Washington, about the president's current
power.
"They have the authority, and we've seen since 9/11 that the executive
branch has always pushed its power to the limit."
Privacy advocates say the law must be adjusted to ensure the president
cannot use emergency war powers to snoop improperly on Americans' e-mail or
other information.
Susan Collins, left, and Joseph LiebermanSenators Susan Collins and
Joseph Lieberman are spearheading the Senate cyber security reform bid
It is unclear whether the disconnection of US networks would affect the
internet elsewhere in the world, aside from blocking users from, say, a
popular web page or service, technical experts say.
But Greg Nojeim, of the Center for Democracy and Technology, said there
was "a high risk" of "a spillover effect in other countries".
However, it is nigh on impossible for the US president - or any single
actor - to shut down the whole internet - a virtue of its globally
distributed nature, analysts say.
"There's no plug to be pulled," John Kneuer, a former telecommunications
policy official under President Bush, told the BBC.
Among several shortcomings in the 1942 law's application to the online
world, it does not specify what constitutes cyber war - as opposed to a
commercial hacking job. Nor is it even clear the law would treat a cyber
attack by a foreign power as an act of war - a precondition of the
president's use of the emergency powers.
"The president's authority to deal with a catastrophic cyber attack
aimed at critical infrastructure would be carefully defined - and
constrained"
Senator Susan Collins Maine Republican
Nevertheless, the debate over the president's cyber war authority comes
amid growing evidence that nations are deploying cyber weapons against
adversaries.
The powerful internet worm Stuxnet, discovered this year to have
infected computers across the globe, appears to have been designed
specifically to target Iranian nuclear sites, causing alarm within the US
and UK governments. Some analysts say it was so sophisticated it could only
have been launched by a sovereign nation state.
In all, attacks on US government facilities this year topped 1.8 billion
per month, according to the US Senate sergeant-at-arms.
US officials also fear cyber attacks on the private sector, which
operates as much as 85% of the nation's critical infrastructure - power
plants, major internet service providers, telephone companies and more.
The bipartisan group of US senators currently engaged in re-writing many
US cyber security laws is keenly aware of the threat posed by such attacks.
But the senators argue the president's emergency war powers must be better
defined and delimited.
Legislation backed by Senators Susan Collins, a Maine Republican, and
Joseph Lieberman, an independent from Connecticut, would allow the president
to declare a "national cyber emergency" and permit the administration to
direct a threatened system's operators to take action. The government would
have to ensure the mandatory emergency measures were "the least disruptive
means feasible".
"The president's authority to deal with a catastrophic cyber attack
aimed at critical infrastructure would be carefully defined - and
constrained," Ms Collins said last week. "The president would not have the
authority to take over critical infrastructure."
Some question the need for emergency presidential cyber authority.
Greg Nojeim says internet companies are better equipped than the
government to decide whether to shut down their systems or remove them from
the internet.
"Nobody has yet identified an actual real life circumstance in which an
owner or operator decided not to isolate a network and the government
thought it should be isolated," he said.
James Lewis, director of the technology and public policy programme at
the Center for Strategic and International Studies in Washington, questions
whether emergency shut-down power would be effective considering internet
worms are usually discovered after they have struck.
"We almost never have advance warning," he said.
This article is from the BBC News website. C British Broadcasting
Corporation, The BBC is not responsible for the content of external internet
sites.
-
--
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum
* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.
No comments:
Post a Comment