Egypt And The Internet Kill Switch
News developments often lead to some rather ironic coincidences, such as this past week. On Friday, the crisis in Egypt seemed to finally come to the attention of the West when the Egyptian government decided to completely cut off the nation’s connections to the internet. Only a few days earlier, Cnet’s Declan McCullough noted that Congress was once again considering legislation that would give the President the authority to do much the same thing in a “national emergency”:
A controversial bill handing President Obama power over privately owned computer systems during a “national cyberemergency,” and prohibiting any review by the court system, will return this year.
Internet companies should not be alarmed by the legislation, first introduced last summer by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), a Senate aide said last week. Lieberman, an independent who caucuses with Democrats, is chairman of the Senate Homeland Security and Governmental Affairs Committee.
“We’re not trying to mandate any requirements for the entire Internet, the entire Internet backbone,” said Brandon Milhorn, Republican staff director and counsel for the committee.
Instead, Milhorn said at a conference in Washington, D.C., the point of the proposal is to assert governmental control only over those “crucial components that form our nation’s critical infrastructure.”
In other words, we’re from the government, trust us.
As always, the devil is in the details:
The revised Lieberman-Collins bill, dubbed the Protecting Cyberspace as a National Asset Act, works this way: Homeland Security will “establish and maintain a list of systems or assets that constitute covered critical infrastructure” and that will be subject to emergency decrees. (The term “kill switch” does not appear in the legislation.)
Under the revised legislation, the definition of critical infrastructure has been tightened. DHS is only supposed to place a computer system (including a server, Web site, router, and so on) on the list if it meets three requirements. First, the disruption of the system could cause “severe economic consequences” or worse. Second, that the system “is a component of the national information infrastructure.” Third, that the “national information infrastructure is essential to the reliable operation of the system.”
So, in some ways, the new bill is better than what was before Congress last years, but in other ways its much, much worse. As noted above, the new version of the bill provides that the DHS’s determination of “critical infrastructure” is not subject to any form of judicial review, and, of course, neither would the President’s determination of a crisis sufficient to activate the kill switch:
Last month’s rewrite that bans courts from reviewing executive branch decrees has given companies new reason to worry. “Judicial review is our main concern,” said Steve DelBianco, director of the NetChoice coalition, which includes eBay, Oracle, Verisign, and Yahoo as members. “A designation of critical information infrastructure brings with it huge obligations for upgrades and compliance.”
In some cases, DelBianco said, a company may have a “good-faith disagreement” with the government’s ruling and would want to seek court review. “The country we’re seeking to protect is a country that respects the right of any individual to have their day in court,” he said. “Yet this bill would deny that day in court to the owner of infrastructure.”
“No amount of tightening of what constitutes ‘critical infrastructure’ will prevent abuse without meaningful judicial review,” says Berin Szoka, an analyst at the free-market TechFreedom think tank and editor of The Next Digital Decade book. “Blocking judicial review of this key question essentially says that the rule of law goes out the window if and when a major crisis occurs.”
Of course, that’s pretty much always the case in a crisis isn’t it? Which is exactly why we need to step back and think about whether its really a good idea to be giving this kind of unchecked power to a President. Not just this President, or the last one, but any President. The most important thing to remember about grants of power like this is that they almost never get revoked, and the typically get expanded on over time. They are, as Bruce McQuain notes, just the beginning:
The proverbial camel’s nose under the tent that is not subject to judicial review. Let me stress that for the third time – none of this, if passed into law, is reviewable by the judiciary. And, of course, once passed, they won’t decide other parts of the infrastructure belong on there, will they? Oh, no.
As Berin Szoka of TechFreedom says, “blocking judicial review of this … essentially says that the rule of law goes out the window if a major crisis occurs.”
Well, yeah … and guess who gets to decide what is a “major crisis”? Without judicial review.
Hosni Mubarak’s decision to cut off the Internet may have done us a huge favor in some respects by bringing this issue to the forefront. Do we really want our President to have the power to do something that dictators do when faced with citizen unrest?
Graphic via Hit & Run