"Cyberspace Protection" bill approved by Senate committee, no Internet "kill switch" to speak of
There's been quite a few sensational headlines cropping up around the Web lately about a new bill that's abuzz in the Senate. The title of that bill is Protecting Cyberspace as a National Asset Act of 2010, or PCNAA. It's a pretty big piece of legislation for the Internet as a whole, but nowhere inside it will you find mention of an Internet "kill switch." At least, not in so many words.
The full-text version of the bill is available as a 197-page PDF, and there are additional breakdowns of the bill available at a site put up by the Committee on Homeland Security & Governmental Affairs.
Yesterday, the bill was unanimously approved by Senate Committee, and will now make its way to the Senate floor for a full vote. Critics have all but run to the streets with end of the world is nigh signs, and headlines in everything from newspapers to tech blogs (and right back 'round to news blogs) haven't exactly helped matters, either. There's no doubt that the bill is wide-ranging, but there is no wording within it that should automatically be construed as "providing the President with an Internet kill switch."
What the bill does say is that, should it be passed, the DHS would spawn a new agency called the National Center for Cybersecurity and Communications. This NCCC would become the focal point for all things "cybersecurity" at the national level, and would act as go-between for the government and the private sector. Private companies (like ISP's) would also be asked for data that could be used to diagnose security holes. The rest of the private sector, or more specifically, the heads of Internet-related tech firms in the private sector, would lend their expertise in situations that might take place in the event of a major "cyber attack."
And a major cyber attack is exactly what this bill is about. The PCNAA isn't about creating a new agency to ruin everybody's private-sector security party, and it's certainly not to make it easier for the government to nail torrent sites. It's not about getting the government's claws into our very freedom-loving Internet on a day-to-day basis; this bill is about creating a FEMA for the Internet that could support the President in a time of cyber war or emergency. That's the cue to start cracking jokes about FEMA's effectiveness, BTW.
It all comes down to one thing: Estonia. It's about how the US Government has been worried about the potential embarrassment of having its country's tubes clogged by a foreign power while the whole world watches -- which Estonia experienced in 2007. In other words, it's about the Federal Government believing that it knows how to handle threats on the Internet better than the companies who built, and run, the Internet.
Those backing the bill, including Senator Joe Lieberman, say that instead of granting the Presidency some sort of new superpower over the Internet, that the PCNAA would actually limit the power granted by section 706 of the now-ancient Communications Act of 1934. Comparing the two, they appear to be right.
Section 706c of that Act gives the President unfettered power to "suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations..." It goes on to say that the President can then have any and all "stations or devices" physically shut down. That arcane piece of legislation could act as more than a simple "kill switch" -- it could break the Internet's back if it were ever used to its potential. The PCNAA would require the President to go before Congress and present a viable threat, then take the least drastic action possible while still effectively handling whatever horrendous situation has arisen online. If the fate of the entire planet rests on chunks of the American-hosted portions of the Web going dark for a few days, we can then say he used a "kill switch," but the fact of the matter is that he already has one.
In the end we're left with a bill that will be hitting the Senate floor sometime in the near future that technically limits the President's power to kill the Internet, but creates a brand new bureaucratic arm of the US Government that will meddle in the affairs of the cybersecurity private sector. As long as there aren't any large-scale, state-funded DDoS attacks aimed at the greater public infrastructure, we probably won't ever notice the difference.