President has had 'kill switch' for communications since 1934
Beware of lobbyists' scare tactics behind key Senate cybersecurity bill
Contrary to what's being widely and incorrectly reported in a number of media outlets, there is no kill switch in the Lieberman-Collins-Carper cybersecurity bill (S 3480) that would give the President of the United States new powers to shut down critical networks. But there is one already on the books in the Telecommunications Act. of 1934.
- By Alan Paller
- Jun 28, 2010
The Lieberman-Collins bill just authorizes standard filtering like that done by Internet service providers every day, but in a nationally-coordinated fashion. The only kill switch appears to be in Section 706 of the Communications Act of 1934 that already gives the President the power in a time of national security emergency to shut down or disrupt network traffic.
The Lieberman-Collins bill is much more measured and effective. The relevant sections of the bill and the original 1996 Telecommunications are provided the below and are worth reading.
Much of the press has been totally fooled by information technology and telephone company lobbyists, and by an incorrect article from a CNET reporter (I wonder who gave him the incorrect data) that got repeated over and over.
The next time you hear lobbyists talk about “unintended consequences” and “kill switches” remember how the car companies tried to block mandatory seat belts by telling us that our wives or husbands and children would die in car fires because the seat belts would keep them from escaping. And you might consider recalling the immortal words of Garrison Keillor, “Liar, liar, pants on fire.
Here is the wording from Section 706 (c) of the Communications Act of 1934:
“Upon proclamation by the President that there exists war or a threat of war, or a state of public peril or disaster or other national emergency, or in order to preserve the neutrality of the United States, the President, if he deems it necessary in the interest of national security or defense, may suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations within the jurisdiction of the United States”
Here is the wording from the Lieberman-Collins bill:
‘‘Section 249. National Cyber Emergencies.
"If the President issues a declaration under paragraph (1), the Director shall—
‘‘(A) immediately direct the owners and operators of covered critical infrastructure subject to the declaration under paragraph (1) to implement response plans required under section 248(b)(2)(C);
"(B) develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure;
‘‘(C) ensure that emergency measures or actions directed under this section represent the least disruptive means feasible to the operationsHEN10601 S.L.C. of the covered critical infrastructure and to the national information infrastructure;
‘‘(D) subject to subsection (g), direct actions by other Federal agencies to respond to the national cyber emergency;
‘‘(E) coordinate with officials of State and local governments, international partners of the United States, owners and operators of covered critical infrastructure specified in the declaration, and other relevant private section entities to respond to the national cyber emergency;
‘‘(F) initiate a process under section 248 to address the cyber risk that may be exploited by the national cyber emergency; and
‘‘(G) provide voluntary technical assistance, if requested, under section 242(f)(1)(S).”
Alan Paller is founder and research director of the SANS Institute, a graduate degree granting college and security training and research institution with more than 120,000 alumni in seventy countries. At SANS, he oversees the Internet Storm Center (an early warning system for the Internet), NewsBites, (the semi-weekly security news summaries that go to 210,000 people), @RISK (the authoritative summary of all critical new vulnerabilities discovered each week), and the identification of the most damaging new attacks being discovered each year. He also leads a global security innovation program that identifies people and practices that have made a measureable difference in cyber risk reduction, and illuminates those innovations so other security practitioners can take full advantage of them to improve security in their enterprises.
He has testified before both the US Senate and House of Representatives. In 2000 President Clinton recognized his leadership by naming him as one of the initial members of the President’s National Infrastructure Assurance Council. The Office of Management and Budget and the Federal CIO Council named Alan as their 2005 Azimuth Award winner, a singular lifetime achievement award recognizing outstanding service of a non-government person to improving federal information technology.
In May of 2010, the Washington Post named seven people as “worth knowing, or knowing about” in cyber security. The list included General Alexander who heads the US Cyber Command, Howard Schmidt, the White House Cyber Coordinator, other national leaders, and Alan. Earlier in his career Alan helped build a software company, took it public, and merged it into a larger company listed on the New York Stock Exchange. His degrees are from Cornell University and the Massachusetts Institute of Technology.