"Internet Kill Switch" Bill Conflicts With Broader US Internet Agenda

BY CCIA Staff
February 4, 2011

Senator Susan Collins (R-ME) says she plans to re-introduce legislation that would grant the President broad authority over swaths of Internet infrastructure to confront a “cyber emergency.” The re-emergence of this legislation, coinciding with the five-day Internet blackout across Egypt, has come under criticism this week.
Egypt’s Internet shutdown has raised concerns about that happening in the U.S. more easily if the “Protecting Cyberspace as a National Asset Act” is enacted. Some say the legislation gives our government an “Internet kill switch,” but the bills’ backers dispute this assertion.
CCIA has repeatedly pointed out hat the Internet is an unmatched tool for free expression, communications, access to information, and economic growth.  Unfortunately, governments such as Egypt and those in approximately 40 other nations have employed tools to censor, filter, and block Internet content and communications.
When governments censor the Internet, whether it is for political, economic, or other reasons, the net impact is that free expression is stifled and the economic consequences are severe.  The Organization for Economic Cooperation and Development reported that Egypt’s blocking Internet services cost the country an estimated $90 million, and would have been greater if not for the country’s low Internet penetration.
CCIA has repeatedly called for U.S. engagement to confront Internet censorship in testimony before Congressional committees.  Last year we praised Secretary of State Clinton’s speech calling for Internet freedom to be a diplomatic priority for the United States.  However, as we advocate for freedom abroad, we will have little credibility if we don’t set an example for that freedom with our own policies.
Unfortunately, the “Protecting Cyberspace as a National Asset Act” is a step against these broader diplomatic, human rights and trade goals.  This legislation would empower the President to declare when there is a cyber emergency, designate which entities are “critical infrastructure”, and demand those entities to comply with government emergency actions.  Supporters point to the fact that this power is narrower than those already authorized by Section 706 of the Federal Communications Act; however, this legislation does nothing to curb the President’s Section 706 authority.  If that is the case, the portions of the legislation that have been dubbed an “Internet kill switch” are at best redundant.
As CCIA has noted in the context of the ongoing debate over another problematic bill, the expansion of the Communications Assistance for Law Enforcement Act (CALEA), mandates on providers of Internet infrastructure are threats to Internet freedom.  Also, building in capabilities to effectively allow the President to shut down or overtake critical Internet infrastructure is actually likely to make that critical infrastructure less secure.  Backdoors, override functions, and the like create built-in vulnerabilities that hackers and others can take advantage of.
Like Senators Collins, CCIA believes that cybersecurity is a pressing national issue that needs to be addressed by legislation that sets out a comprehensive strategic approach that will allow the government to adeptly respond to cyber attacks and safeguard the American people.  Creating a National Center for Cybersecurity Communications (NCCC) to advise the President on cybersecurity issues is a reasonable step in accomplishing this goal.
However, the authority provided under the bill to order private operators of Internet infrastructure to comply with Presidential directives goes too far.  This authority would not be contingent on Congressional approval, nor would it be subject to judicial review.  Additionally, the language of the legislation is ambiguous and leaves far too much power to the President to decide when and on whom to extend the reach of the law.
Arguments that this law would enable an Egypt-like government shutdown of the Internet are overblown. The bill specifically forbids the government from shutting down the Internet to silence political dissent. But CCIA is concerned other governments may not strive for that goal when they copy this policy and this unchecked power opens the door for future abuse by governments, or other international bodies trying to control the Internet. Legislators should think of their responsibility to set an example for other nations on Internet freedom and re-think the unchecked authority this legislation allows. They should create a comprehensive cybersecurity policy that both protects vital American interests and remains consistent with the principals and ideals put forth in Secretary Clinton’s speech on global Internet freedom.

Related Articles

Tech Associations Offer Digital Trade Priorities for Biden-Harris Administration

Jan 22, 2021

Washington — The Computer & Communications Industry Association joined 4 other associations in a statement to the incoming Biden Administration on digital trade. This is critical at a time when some longtime trading partners are enacting new barriers to cross-border delivery of digital services and goods. Industry encourages the Biden-Harris Administration to make open, rules-based…

New EU Cybersecurity Rules Should Promote Security Mitigation, Avoid Compliance Red Tape

Dec 16, 2020

Brussels, BELGIUM — The European Commission published today a legislative proposal to update the 2016 Network and Information Security Directive.  The proposal aims to reduce regulatory inconsistencies across the EU’s internal market and it encourages security information sharing to help companies effectively address future cybersecurity risks. But the proposal also suggests that cloud computing providers,…

CCIA Offers European Commission Comments On Data Transfer Method

Dec 11, 2020

CCIA submitted comments to the European Commission on the draft new Standard Contractual Clauses (‘SCC’) to transfer data outside of the EU. CCIA believes this transfer tool will pave the way towards greater legal certainty for most data transfers outside the European Union. However, the tool could still be made more practical for companies to…