Internet Kill Switch Bill

[alexander]

So, uuh, anyone else think that this is, oh how should i put it nicely, ****ing insane?

 

Internet 'kill switch' proposed for US - Security - News

 

I mean i understand that there is a need for some regulation of the critical infrastructure in semi private hands, power stations, what have you, and i agree that a federal oversight would not be a bad thing, say a division of the NSA to help monitor and secure these networks with some government backing financially and regulation from the NSA in terms of security for these networks, but even that should be carefully crafted to not interfere with many aspects of operations, such as some of those of the large ISPs, and only access what is absolutely necessary, in the most minimalistic terms for the agency to execute it's duties. But what Lieberman is proposing is outrageous. We are not kids, we are not dumb and we can manage to run our own internets... I thought it was supposed to be government for and by the people not people for and by the government...

[LaurieAG]

Hi Alexander,

 

So, uuh, anyone else think that this is, oh how should i put it nicely, ****ing insane?

 

It's a bit like holding a gun to your head and saying that you'll shoot yourself if anybody attacks you.

[alexander]

Aaaw Laurie, i know you wouldn't attack me :)

[Theory5]

Hey, long time no posting.

This is terribly wrong. From what I understand this will give the government control of not only the internet, but of many private sector corporations, which will allow the government to seize control at any time. They wouldn't dream of "shutting off" the internet, but they wouldn't think twice about grabbing control out of the hands of the people. Everybody knows how jumpy homeland security already is, and giving the government this much power will only make things worse. The FBI and other organizations already take too much liberties with the internet, and this would mean that they will now be able to control the internet and its providersb completely. Suffice to say, if the government has a problem with you, you might not get internet access.

And the bottom statement worries me even more, this year Mcafee took out five hospitals in the providence area when they failed to check an update they sent out. These hospitals were not able to move people in or out, and it resulted in a complete standstill. This problem also took out the entire Johson & Whales University, in providence, network. I belive the new update targeted an svhost file which prevented computers from connecting to the internet.

Just when you think it can't get any worse,

Theory5

[Boerseun]

How would they even propose to implement such a foolish idea? Do they intend to load some sort of a hack on all routers, public and private, to shut down traffic at any given moment?

 

And what about all the private admins who will give them dummy accounts with insufficient rights to administer their routers?

 

This is about the most pie-in-the-sky dumbest unexecutable idea that I've heard of.

[Theory5]

How would they even propose to implement such a foolish idea? Do they intend to load some sort of a hack on all routers, public and private, to shut down traffic at any given moment?

 

And what about all the private admins who will give them dummy accounts with insufficient rights to administer their routers?

 

This is about the most pie-in-the-sky dumbest unexecutable idea that I've heard of.

heh, I never even thought about that. I bet they would try to shut everything down by taking out the major ISP networks, probably just by calling them up and telling them to shut them down... but wouldnt they also try to take out the phone lines as well? hmm interesting train of thought there, boerseun.

[CraigD]

How would they even propose to implement such a foolish idea? Do they intend to load some sort of a hack on all routers, public and private, to shut down traffic at any given moment?

From the ZDNet article’s summary, I gather the proposed bill allows the US DHS to “select” a collection of ISPs, search and content providers, who will then be expected to promptly (a usual commercial service level agreement for such a thing I’d guess would define “promptly” as within an hour or a few) respond to “any emergency measure” by DHS or be subject to a fine. So the “kill switch” headline, though catchy newscopy, is inaccurate – the bill doesn’t call for any sort of actual software/hardware “switch” on hosts, routers, etc.

So, uuh, anyone else think that this is, oh how should i put it nicely, ****ing insane?

The image conjured up by a true government-controlled “kill switch” is, IMHO, crazy.

 

How crazy or not crazy the actual legislation that may come out of Lieberman and co-sponsors’ bill depends critically, I think, on the number and kind of network owners “selected” by it, and precisely what “complying with an emergency measure” consists of. On the least crazy end of the spectrum, this might simply improve communication and clarify and put limits on procedures for what most people will already do if DHS demands they do something – do it, and ask questions later or not at all – so might actually be an improvement on the current state of things. On the most crazy end, it might involve physically downing hard and microwave lines, jamming satellites, etc –worse than what the biggest, nastiest, most well-organized cyber attack could do in its planners’ craziest dreams.

 

What most concerns me, without having waded through the bill’s 197 pages, is that one of the “emergency measures” it authorizes is secretly monitoring voice and data traffic of “persons of interest” without a court-issued warrant. The post-9/11/2001 US has already seen enough chillingly disturbing erosion of people’s Constitutional protections against such activity, under the chillingly disturbing justification that the US is in a (presumably never-to-end) time of war.

 

I think the 2009 change of political party of the President and majority party in both house of Congress has lulled many people disturbed by these erosions into a false sense of relief and safety. IMHO, the ability of the Government – President and Congress both – to justify suspending the Constitution with the claim that the US is “at war” in the sense correctly meant by the Constitution is much more dangerous than any single bill affecting computers.

[TheBigDog]

How would they even propose to implement such a foolish idea? Do they intend to load some sort of a hack on all routers, public and private, to shut down traffic at any given moment?

 

And what about all the private admins who will give them dummy accounts with insufficient rights to administer their routers?

 

This is about the most pie-in-the-sky dumbest unexecutable idea that I've heard of.

They are just getting warmed up. Welcome to change.

[IDMclean]

Lieberman has to be one of the most out of touch with reality people in existence at current.

 

First he went after video games and now he's after the Internet. Will someone fire him?

[paladin]

I may be stating the obvious here but knowing how government works, this bill has NOTHING to do with national security and EVERYTHING to do with censorship and restricting your right to information. Information is OK, as long it's the information the government wants you to have. Why do I have the feeling that 9-11 is what precipitated this ? All that online airing of some very dirty laundry...

[Qfwfq]

Gosh if you Yanks are braggin' about this, you ought to envy us over here:

CITIZEN BERLUSCONI - THE FILM

[Pyrotex]

All the terrorists would have to do is frighten our government enough so that in knee-jerk reaction, IT would shut down the Internet -- bringing all financial commerce and most communication to a complete stop. That damage alone would cripple the country for days, if not months! And we will have done it to ourselves!!! Idiots!!!

[IDMclean]

Thinking it over, the form and function of the Internet can only lead to the interpretation of this being a direct attack on that form and that function. It's asking to centralize the backbone connections to a single controller which undermines it's function as a decentralized nigh-unneutralized communications network.

 

Intellectual property right laws likewise serve as a direct attack on the network. It's designed purpose is the copy and distribution of intellectual property (data) across the network. Censorship in this form is a denial of service attack pure and simple. It would raise the risk of cyberterrorism both domestic and foreign by giving cyberterrorist a means to compromise the network through the shutdown protocol.

 

This is not a good idea at all. I doubt the people who've put this bill together understand the technical fallout on the implementation of it.

[eyebeninja]

My first point is, Alex Jones of infowars.com said this would happen.

Secondly, Google, Illuminati, Big Brother, and Agenda 21, BTW O-CENSORED-bama is on board with Agenda 21.

Now something that kind of made my skin crawl that i read on Alex Jones' Prison Planet.com in an article by, Paul Joseph Watson.

 

We have extensively covered efforts to scrap the internet as we know it and move toward a greatly restricted “internet 2″ system. Handing government the power to control the Internet would only be the first step towards this system, whereby individual ID’s and government permission would be required simply to operate a website.

 

The Lieberman bill needs to be met with fierce opposition at every level and from across the political spectrum. Regulation of the Internet would not only represent a massive assault on free speech, it would also create new roadblocks for e-commerce and as a consequence further devastate the economy.

 

I don't know how many of you voted for obama but you made a mistake we all know who should be in office. they picked obama for a reason, its right before your eyes.

 

If the government gets this power we are litteraly CENSORED watch the agenda 21 video then take a look at the "American Government".

If they get this switch it will take DSL and other ISP providers co-operation and possibly create a whole new business opportunity for network techs and CENSORED like that.

For the government to have this power, scares the CENSORED out of me, and i aint scared of the government, yet.

Do you like your privacy on your computer? if your thinkin yeah duh! then hope this bill dont pass because by the time its allhooked up they'll have so much more power to take your information right from under your nose, and your freedom of speech.

how would we communicate without the internet? i talk to people all around the world on my computer on a daily basis.

 

Im just expressing how i feel about the situation at hand, as of right now i have a freedom of speech on here.

 

The conspiracy theorist :soccerb:

[Boerseun]

...as of right now i have a freedom of speech on here.

Oh, the irony...

 

This is a private website, and the freedoms anybody enjoy here is determined by the rules you agree to when signing up.

 

Welcome to hypo, and mind the language.

[CraigD]

I had time to skim-read the bill (this senate.gov PDF document), and recommend that before reaching a conclusion about it based on internet articles, blogs, and forum posts, people read it. At 34000 words, about the length of a short novel, though seeming like a lot of reading, much of it is legislative boilerplate, so reading it is not anywhere near equivalent to reading a short novel. It took me about 45 minutes.

 

Summarizing, the bill calls for the creation of several new offices and teams under the Executive and the Executive’s (new in 2002) Department of Homeland Security, with some minor realignment and elimination of existing management roles in DHS. It directs the National Center for Cybersecurity and Communications (not actually a new office, but one established along with DHS in 2002), to have various private businesses and government agencies, excluding the military, submit plans for to fixing existing vulnerabilities and reacting to intrusions and attacks to their computers and networks. The Center will then review these plans, eventually approving them. These plans must include rules defining what “incidents” will be reported to the Center, and how, and how a “National Cyber Emergency” will be responded to.

 

If the President declares a National Cyber Emergency (not the Center – under the act only the POTUS has this authority), companies and departments with response plans must execute them. The Center reviews and assists. If the Center doesn’t find the plan adequate, the biz or dept must submit a revised one, which the Center approves – the government isn’t authorized to simply issue orders, or take over operations. NCEs last no more than 30 days unless extended by the POTUS.

 

The bill specifically excludes turning over private information or conducting surveillance, but doesn’t repeal the 1978 Foreign Intelligence Surveillance Act or similar existing laws. It specifically instructs the Director of the Center to “ensure that the privacy and civil liberties of United States persons are protected”

 

In short, I think claims that this bill implements a “kill switch on the internet” or infringes on freedom of speech or privacy, are simply incorrect – although existing legislation, such as FISA and the Patriot Act, can reasonably be said to do so.

 

I find myself liking the bill. Fully disclosing, some of my liking is because I’m a computer security consultant nearing early retirement age, and see in it the possibility of some lucrative post-retirement consulting work. Much of it, however, comes from years of getting necessary security remediation done under the umbrella of SOX (other IT folk out there likely understand this), a bill intended to specifically to protect shareholder money, and only indirectly, fix security problems. I, and many folk in my profession, would welcome a major government mandate to improve security in general, not just where it protects against monetary theft and fraud.

[LaurieAG]

Hi All,

 

The National Center for Cybersecurity and Communications might not be the actual switch itself but it would provide much of the information for any kill switch that might be brought into being under existing legislation.

 

But the kill switch is not really the problem, the companies/departments who cannot isolate their ICT networks from the internet without causing major problems to their own operations during and/or after the emergency are the real problem.

 

On February 3 2004 at 10 am I disconnected a 16 PC network from the internet for 24 hours after reading the firewall log and identifying who was trying to get into the LAN via the blocked MYDOOM port. For something that was supposed to attack the MS update site it did a good job of of providing a global roadmap to the spawning of a massive viral attack.

 

You might not think that attempts to get into a network via a known and blocked port would be that critical until you identified the owners of the IP addresses of infected systems that were trying to get in.

 

Mydoom - Simple English Wikipedia, the free encyclopedia

 

http://www.us-cert.gov/cas/techalerts/TA04-028A.html

 

•The virus scans for systems listening on 3127/TCP (possibly 3127-3198). While the purpose of this scanning is unclear, it may be an attempt to contact systems infected with the initial version of MyDoom (W32/Novarg.A).

 

The first scans on the MYDOOM port came from infected systems in several US states. It soon spread to France, Spain and the rest of Europe. When I identified the owner of one IP as the European 1PV4 Server I immediately reset the broadband modem, gained a new IP for the network, told management not to do any financial transactions, started monitoring the Firewall log every 20 mins checking for repeats and 59 mins later found the same IP address attempting to gain access to the network a second time.

 

It comes down to the point where you must decide if disconnecting will cause less damage to your network than staying connected. If you are required to disconnect quickly, not pulling the power cord out and being able to restore operations just as quickly should be mandatory requirements.

 

So you don't have to worry about shooting yourself in the head if you know that doing so will not cause you any considerable long term damage.

 

Plenty of work there eitherway CraigD B)