Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
"Cyberspace Protection" bill approved by Senate committee, no Internet "kill switch" to speak of
There's been quite a few sensational headlines cropping up around the Web lately about a new bill that's abuzz in the Senate. The title of that bill is Protecting Cyberspace as a National Asset Act of 2010, or PCNAA. It's a pretty big piece of legislation for the Internet as a whole, but nowhere inside it will you find mention of an Internet "kill switch." At least, not in so many words.
The full-text version of the bill is available as a 197-page PDF, and there are additional breakdowns of the bill available at a site put up by the Committee on Homeland Security & Governmental Affairs.
Yesterday, the bill was unanimously approved by Senate Committee, and will now make its way to the Senate floor for a full vote. Critics have all but run to the streets with end of the world is nigh signs, and headlines in everything from newspapers to tech blogs (and right back 'round to news blogs) haven't exactly helped matters, either. There's no doubt that the bill is wide-ranging, but there is no wording within it that should automatically be construed as "providing the President with an Internet kill switch."
What the bill does say is that, should it be passed, the DHS would spawn a new agency called the National Center for Cybersecurity and Communications. This NCCC would become the focal point for all things "cybersecurity" at the national level, and would act as go-between for the government and the private sector. Private companies (like ISP's) would also be asked for data that could be used to diagnose security holes. The rest of the private sector, or more specifically, the heads of Internet-related tech firms in the private sector, would lend their expertise in situations that might take place in the event of a major "cyber attack."
And a major cyber attack is exactly what this bill is about. The PCNAA isn't about creating a new agency to ruin everybody's private-sector security party, and it's certainly not to make it easier for the government to nail torrent sites. It's not about getting the government's claws into our very freedom-loving Internet on a day-to-day basis; this bill is about creating a FEMA for the Internet that could support the President in a time of cyber war or emergency. That's the cue to start cracking jokes about FEMA's effectiveness, BTW.
It all comes down to one thing: Estonia. It's about how the US Government has been worried about the potential embarrassment of having its country's tubes clogged by a foreign power while the whole world watches -- which Estonia experienced in 2007. In other words, it's about the Federal Government believing that it knows how to handle threats on the Internet better than the companies who built, and run, the Internet.
Those backing the bill, including Senator Joe Lieberman, say that instead of granting the Presidency some sort of new superpower over the Internet, that the PCNAA would actually limit the power granted by section 706 of the now-ancient Communications Act of 1934. Comparing the two, they appear to be right.
Section 706c of that Act gives the President unfettered power to "suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations..." It goes on to say that the President can then have any and all "stations or devices" physically shut down. That arcane piece of legislation could act as more than a simple "kill switch" -- it could break the Internet's back if it were ever used to its potential. The PCNAA would require the President to go before Congress and present a viable threat, then take the least drastic action possible while still effectively handling whatever horrendous situation has arisen online. If the fate of the entire planet rests on chunks of the American-hosted portions of the Web going dark for a few days, we can then say he used a "kill switch," but the fact of the matter is that he already has one.
In the end we're left with a bill that will be hitting the Senate floor sometime in the near future that technically limits the President's power to kill the Internet, but creates a brand new bureaucratic arm of the US Government that will meddle in the affairs of the cybersecurity private sector. As long as there aren't any large-scale, state-funded DDoS attacks aimed at the greater public infrastructure, we probably won't ever notice the difference.
Comments
22
Subscribe to commentsDr_whiteJun 26th 2010 12:05PM
We already have plenty of laws limiting the president's power, requiring him to get congressional OK on various actions, working through channels, etc. Obama has so far proved quite adept at circumventing or ignoring all of these checks and balances. If he wanted to shut down the internet, his cronies would make it happen. This administration continually produces reams of legislation that nobody ever reads which serve as a toehold towards greater and greater federal power. As If the writer's ignorance of this overwhelming reality wasn't bad enough, we have this gem of a closer:
"In the end we're left with a bill that will be hitting the Senate floor sometime in the near future that technically limits the President's power to kill the Internet, but creates a brand new bureaucratic arm of the US Government that will meddle in the affairs of the cybersecurity private sector. As long as there aren't any large-scale, state-funded DDoS attacks aimed at the greater public infrastructure, we probably won't ever notice the difference."
For six-plus years, all we heard was AT&T was helping Bush spy on everyone's email, that the Patriot Act was clearly the first step towards Nazism in America, etc, etc. Now we have control freaks in the White House who make the previous bunch seem positively quaint. And unlike the last crew of capitol clowns, this one has been caught red-handed not just saying they want to invade our privacy, but doing it! Unapologetically! And the writer even admits to the inevitable "meddling" in cybersecurity. Wow, that's great, they've done such a bang-up job with the banks, the auto industry and the oil business..who wouldn't want the government in charge of cybersecurity? I feel better already!
If there's anyone left who trusts anything the federal government, and particularly the Marxists in the White House say, they seriously need counciling.
x ShadowJun 26th 2010 12:28PM
Marxists? Umm....
It is annoying when everyone uses that term incorrectly. Tisk Tisk..
GJul 19th 2010 3:17PM
AGREE 100% - The Writer needs a real Lesson in what the Bill is really about - Limiting of the Conservative Media, including the Internet, Radio and Print. Tech Blogs need to focus on Tech and stay out of the political aspects of things - especially when they are spreading an INCORRECT information point!
Daria NovakJun 27th 2010 11:50PM
We have to vote out the incumbents who make Obama's agenda possible - plain and simple. Otherwise, we lose the greatest nation this earth has ever seen. It will internally devolve into a socialist state that won't resemble anything the Founding Fathers intended for us if we fail to act this November.
ChrisLovesSAWJun 26th 2010 12:38PM
This is the first step for the government. They always have a small, first step which most people refer to as "getting their foot in the door." Once they pass this, eventually they'll move onto a bill that will allow them to shut down the internet with a killswitch if they want, and included in that bill will probably be one that allows them to block certain webpages from anyone seeing (like in China) and will start nailing torrent sites to death (unless the Anti-Counterfeiting PoS passes first).
And if this does pass, and so does the AC PoS passes they will probably pass the long rumored i-Patriot Act that gives them complete control of the Internet (like Bush passed the PA 1 and 2 destroying America's freedom).
Off Topic:
And now that you mention AT&T was helping Bush spy on everyone's emails (I knew they did weird shit like that but not exactly that) I am NOT getting an iPhone 4 or ever switching to their service.
SeanJun 26th 2010 5:49PM
Anyone who believes this is about 'internet security' is a deluded moron. This bill is about 'securing the internet' for the purposes of 'national security'. Information Control. Don't let this sneak by. Write your senator, your newspaper, whatever it takes. Kill this abomination.
KakerateJun 27th 2010 7:06AM
I've read through the current bill now and I feel your comment sums it up the best.
There are a few specifications I'd like to point out to everyone though.
1) 1934 bill==> did not give the president the power to shut off the internet. BUT, If he wanted to, theres no doubt in my mind he could just say the old bill does give him that power and censor the internet as he pleases. Whats going to stop him... Congress needs to post a UP TO DATE clarification of what this bill covers honestly...
2) The new bill creates an office of cyberspace policy to replace the current Federal orginization that does the same thing. They both monitor and handle the internet as a government orginization. The old federal orginization will be removed/replaced by the new cyberspace one after a time stated in the bill that the president can extend.
3) The president can shut off the internet as said in the bill for these reasons as stated exactly as written:
`(A) the perceived threat, including a consideration of adversary capabilities and intent, preparedness, target attractiveness, and deterrence capabilities;
`(B) the potential extent and likelihood of death, injury, or serious adverse effects to human health and safety caused by a disruption of the reliable operation of covered critical infrastructure;
`(C) the threat to or potential impact on national security caused by a disruption of the reliable operation of covered critical infrastructure;
`(D) the extent to which the disruption of the reliable operation of covered critical infrastructure will disrupt the reliable operation of other covered critical infrastructure;
`(E) the potential for harm to the economy that would result from a disruption of the reliable operation of covered critical infrastructure; and
`(F) other risk-based security factors that the Director, in consultation with the head of the sector-specific agency with responsibility for the covered critical infrastructure and the head of any Federal agency that is not a sector-specific agency with responsibilities for regulating the covered critical infrastructure, determine to be appropriate and necessary to protect public health and safety, critical infrastructure, or national and economic security.
==========
So what is critical infrastructure? The bill tells us where to find the definition for critical infrastructure. This is exactly how it is written in the bill to find the definition.
==========
2) CRITICAL INFRASTRUCTURE- The term `critical infrastructure' has the meaning given that term in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e)).
==========
so i go and find that to get the definition from the patriot act. It is listed below exactly as written in the patriot act.
==========
(e) Critical infrastructure defined In this section, the term "critical infrastructure" means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.
==========
It all hinges on the new Office of Cyberspace Policy's definition of what "debilitating Security" covers. Does it cover Hackers trying to access the Federal Ex-Im bank? ( Yes 100% ). Does it cover Radio stations talking about rumors of cancer causing radiation from airport scanners. ( I dunno ). Does it cover a Podcast by you revealing new information about FEMA camps, or privitized police? ( If it does then this bill is a shit sandwich )
For an example of an extreme abuse of what this bill does:
A youtube video of a US soldier shooting civilians could be removed for months because it is information revealed to the public and "reveals to the terrorists with youtube access the location of US troops in the region and thus is deemed==> debilitating Security"
Thats an EXTREME example, and Information about it would have to be presented to the Senate as is stated in the bill. And the president would have to make the decision to remove the video or not.
But if you abuse "FACTORS TO BE CONSIDERED- In identifying and evaluating cyber vulnerabilities" part C
`(C) the threat to or potential impact on national security caused by a disruption of the reliable operation of covered critical infrastructure;
AND abuse the "debilitating Security" from the Patriot Act
The access to this video could be removed for months... it is entirely possible. There IS an someone that would try to prevent this...the Privacy and Civil Liberties Oversight Board. I'll discuss them in part 4.
4) the new Office of Cyberspace Policy could be used to study and propose to the senate, the president and us, the American citizens, a plan for internet control regarding the FCC regulation of internet access in every house with required software.
The GOOD is: now we have an organization that will calculate and weigh the methods we have to Protect the information transfers between critical systems. Systems that run their important information through our internet...like banks(direct pay, money transfers, investments, ect.) and powerplants(they send information to other powerplants and such about the current situation of the powergrid, blackouts, downed powerlines ect).
The BAD is: the Privacy and Civil Liberties Oversight Board is what is put in place to protect our 1st amendment rights and other things. They report to the director of the Office of Cyberspace Policy, but I don't think they have any real power over decision making that decides what systems to implement. Which is made worse because of this:
The Board had already been under scrutiny following the resignation of one of its members, Lanny Davis, on May 14, 2007 amid accusations of White House censorship.
That just looks AWFUL!! The Orginization who is supposed to look out for us had a resignation because of accusations of censorship... Censorship of the VERY INTERNET which its supposed to protect us against. Again, They report to the director of the Office of Cyberspace Policy, but I don't think they have any real power over decision making that decides what systems to implement.
So my final conclusion is that==> There ARE limiters that would need to be stretched beyond reasonable definitions in the bill to abuse our first amendment rights. BUT we have to pray the Privacy and Civil Liberties Oversight Board catches them when they stretch those definitions. Even though the Privacy and Civil Liberties Oversight Board has no direct control or updates on what the Office of Cyberspace Policy did, is doing or plans to do. And there are reports that the the Privacy and Civil Liberties Oversight Board have been censored before.
If you want to oppose this bill on those grounds your free to do so. I'm still considering everything and rereading to ensure I read right, but I think I will oppose this bill. I think that only Congress(not the president) should have the ability to censor parts of our internet for months. Its simply too abuseable.
My changes would be, Let the president ONLY have the ability to shut down federal internet for one month(thus giving congress time to vote to extend it or restart it). This protects our internet without giving the Government a way to censor freedom of speech without a direct vote from congress on the grounds that it effects critical infrastructure noted in the Patriot Act and the following situations noted in the bill itself:
`(2) FACTORS TO BE CONSIDERED- In identifying and evaluating cyber vulnerabilities under paragraph (1), the Director shall consider--
`(A) the perceived threat, including a consideration of adversary capabilities and intent, preparedness, target attractiveness, and deterrence capabilities;
`(B) the potential extent and likelihood of death, injury, or serious adverse effects to human health and safety caused by a disruption of the reliable operation of covered critical infrastructure;
`(C) the threat to or potential impact on national security caused by a disruption of the reliable operation of covered critical infrastructure;
`(D) the extent to which the disruption of the reliable operation of covered critical infrastructure will disrupt the reliable operation of other covered critical infrastructure;
`(E) the potential for harm to the economy that would result from a disruption of the reliable operation of covered critical infrastructure; and
`(F) other risk-based security factors that the Director, in consultation with the head of the sector-specific agency with responsibility for the covered critical infrastructure and the head of any Federal agency that is not a sector-specific agency with responsibilities for regulating the covered critical infrastructure, determine to be appropriate and necessary to protect public health and safety, critical infrastructure, or national and economic security..
Lastly, I would ask Congress to post an UP TO DATE clarification of what the old 1934 bill covers within a year. honestly, its retarded that this thing hasn't been updated for 70+ years.
Thank you for your time! Good luck America!
KakerateJun 27th 2010 7:19AM
I worded this part poorly:
That just looks AWFUL!! The Orginization who is supposed to look out for us had a resignation because of accusations of censorship... Censorship of the VERY INTERNET which its supposed to protect us against.
Replace that with this:
That just looks AWFUL!! The Orginization who is supposed to look out for us had a resignation because of accusations of censorship... The Privacey and Civil Liberties Oversight Board likely wont know of the censored information of the VERY INTERNET being done by the Office of Cyberspace Policy which its supposed to protect us against.
BugMeNotJun 26th 2010 3:11PM
Has the government ever passed anything that was not about increasing their own power and control? At least in the memory of any living person.
That is the nature of a law. It takes the decision out of your hands and puts it in theirs. Since the internet has been doing quite well without their meddling, I can understand how they are feeling unneeded.
We can't have all these people making their own decisions. Something has to be done.
If a foreign government staged a cyber attack, short of going to war; all that could really be done would be to retaliate in kind.
In the case of individual hackers you would either have extradition treaties or agreements with other governments that they would prosecute them.
The internet is constructed in such a way that unless you disconnect completely, there is always a way around any shut down areas or damage.
BugMeNotJun 26th 2010 3:28PM
Since the purpose of most such attacks is denial of service. How would shutting down help? You want to keep me off the internet so I will do it myself?
Isn't that the equilivent of if you shoot at me I'll blow my own brains out?
Even if the purpose were to steal data. If you take it off line, your people can't use it either. So they have effectively crippled you.
Matthew RogersJun 26th 2010 4:17PM
Back in 2007 when the 'worst case scenario' happened to Estonia, it was non-stop DDoS attacks that more or less crippled the country's Internet access. Since the attacks originated from outside the country, the only way they were able to fight them was to block all access from foreign IP's, leaving the country of Estonia to look like a black hole to the rest of the Internet. Sometimes a complete shut-down was necessary to get their systems in order.
KakerateJun 26th 2010 5:14PM
The 1934, only gives the president power to shut down radio stations( devices emmiting electromagnetic radiations{cell phones come to mind}, and stations for radio communication)
I haven't finished reading the current bill, but the thought of the public sector being unable to access internet documents for 120 days...
And the president doesnt need a congress vote...
IF
those are both true, it would send me into the streets and I will be one hell of an angry protester of this bill.
stinlen56Jun 26th 2010 5:35PM
Thanks for bringing up important points that Matt conveniently switched around. His claim that "The PCNAA would require the President to go before Congress and present a viable threat, then take the least drastic action possible.." is false from what I can tell. The President can take action, but then only has to give a report after 120 days.
Matthew RogersJun 26th 2010 5:50PM
I think you've both forgotten that there was no Internet and the idea of television was still mostly theoretical at the point in time when the 1934 Act was penned. It covers the Internet in its current state. As for the President notifying Congress afterwards, you need to read the bill again.
stinlen56Jun 27th 2010 5:09AM
@Matthew Rogers: It is you who needs to read it again. The president only has to notify congress that he is taking action and this in no way affects his action. (This is likely moot since when the internet stops working, or some other consequence, they will have figure this out) The President then has to give a full accounting after 120 days but can essentially do whatever he likes in the time frame. Congress has no say, no vote, there is no presentation made as if asking for approval, only a notification which does not affect the scope of power this would provide the President; the notification is meaningless and far from a check on power. Moreover, all of this contradicts your claim that there is no kill switch present when the President can very likely do exactly that as long as he claims it is the least drastic action.
stinlen56Jun 26th 2010 5:32PM
Wow Matthew, you are way off on this one.
You are saying a kill switch doesn't exist in the title, but then in the body of the article you claim that it does exist but the PCNAA means the President has to go before congress to get approval, which is not even true! A report only has to be made on actions taken after they have been in effect for 120 days.
Furthermore, the Communications Act of 1934 only allows the President to shutdown EMF devices, while the PCNAA allows the President to order involved parties to follow the directions of his mandated plans. That is vastly more powerful than before.
You then go on to sensationalize the "fate of the entire planet". Did you forget the part where this is an American law meant to deal with the internet from the American perspective? The acrimony isn't about whether or not the President can kill the whole internet, but the internet for Americans while the country is under cyber-attack.
If this was your attempt at being journalistic and impartial, you failed miserably.
KakerateJun 26th 2010 6:10PM
An important clarification is that, "wire communications" wouldn't include internet because at the time "1934" it(wire communications) was cable and telephone/telegraph not fiber optic internet cables, and coaxial cable internet. DSL, and wireless internet could be shut down as they use radio waves to communicate. The president would have to ADD the other forms of internet to the 1934 bill. The bill from 1934 had a section with information on how to ADD new things so... NO the president doesn't have the ability to shut down the internet currently like several people claim.
In the new bill,
To qualify as a national or regional catastrophe, the disruption of the system or asset would have to cause:
• mass casualties with an extraordinary number of fatalities;
• severe economic consequences;
• mass evacuations of prolonged duration; or
• severe degradation of national security capabilities, including intelligence and defense functions.
The bill expressly prohibits the Secretary from identifying systems or assets as covered critical infrastructure “based solely on activities protected by the first amendment of the United States Constitution.” This prohibition would also prevent the identification of specific websites for censorship.
=============
is claimed by this report done on the bill==> http://hsgac.senate.gov/public/index.cfm?FuseAction=Press.MajorityNews&ContentRecord_id=66c23959-5056-8059-7686-43a8307e966c
I'm still looking through the bill to find all that... If its true then the bill is excellent! If its worded funny and this isn't completely true, I'm gonna hit the streets and go door to door telling people to email our state senators to vote against it.
KsE711Jun 26th 2010 8:51PM
Bill after bill after bill. Bills that most of these idiot clowns dont read but will sign regardless. I remember just a few years ago, we were told by Dems and the media that the Patriot Act was horrible and to big. It needed more debate. It intruded into our lives. Yet here we are in 2010, Dems in power, and Patriot Act was continued by Obama. Why arent we getting any more cries from the Left and the media about the Patriot Act?
The previous Administration had its faults, previous Congress had its faults. But this current Admin and current Congress is sinking to new lows. How many times now have they told us how "we must pass this bill NOW or ____ will happen"? Over and over again. One thing after another. And these monstrosity of bills have done nothing to help but rather have increased spending of money we dont have, increased the debt, increased power of the government, and opened doors to intruding on OUR freedoms and rights.
So the media can crap on those who participate in Tea Party rallies. You can crap on those who dare question this Congress and Admin. And Ill admit, ive been more than disappointed with some of what Bush did/didnt do and some of what the Repub Congress did/didnt do, but my Lord!! When you have DC run by Obama, Barney Frank, Pelosi, Reid, Schummer, Dodd and they are pushing everything down our throats that they can, however they can, we must be in very bad times. Time for the media to start reporting ALL things and time for the American people to wake up
KATFORSUREJun 26th 2010 10:14PM
"In other words, it's about the Federal Government believing that it knows how to handle threats on the Internet better than the companies who built, and run, the Internet."
Umm. Do you understand the genesis and history of the internet? Because from this comment, I'm not at all sure that you do. And that casts doubt on all your other opinions in this piece.
PhilJun 26th 2010 11:55PM
This sounds great. I just got back from a place that has exactly this kind of structure, working for a year as a teacher. It was great. Of course, there was this HUGE government funded firewall that restricted pretty much everything, and the Green Dam Youth Escort was going to be installed on every machine so the government could watch what you were doing.
Of course, people screamed like crazy, and the government of the Peoples Republic of China finally decided it was better off if the GDYE was not there.
Perhaps, we will be as lucky.