The Internet kill switch that isn't

A cybersecurity proposal wouldn't allow the U.S. president to shut down the Internet

A cybersecurity proposal in the U.S. Congress, called an "Internet kill switch" plan by some critics, isn't exactly what that sounds like.

Plans by members of the U.S. Senate Homeland Security and Government Affairs Committee to reintroduce 2010's Protecting Cyberspace as a National Asset Act have led some critics to compare provisions in the bill to the Egyptian government's order to shut down all Internet access across the country during recent protests.

But the Egypt comparison -- and the term "Internet kill switch" -- is a stretch. Still, some tech and civil liberties groups have questioned the powers the proposal would give the president.

The proposal, not yet introduced as a formal bill this year, would give the U.S. president the power to take emergency measures, including possibly quarantining or shutting down parts of the Internet, only when there's an "ongoing or imminent" cyberattack on the nation's critical infrastructure.

The bill would require the president to take the "least disruptive" measures necessary, and the emergency powers would expire after 120 days without congressional approval.

The proposal would prohibit the president from shutting down the Internet to silence free speech, said Leslie Phillips, communications director for Senator Joseph Lieberman, a Connecticut Independent and chairman of the Senate Homeland Security Committee.

"There is no relation at all between Senator Lieberman's bill to strengthen our nation's cyberdefenses and events taking place in Egypt," Phillips said. "The emergency Internet measures in the senator's bill are designed to ensure that our most critical infrastructure, our economy and our way of life -- all of which rely on the Internet -- are protected from destruction."

But critics say the proposal would give the president broad new authority over the Internet. The emergency powers language in the bill is ambiguous, said Gregory Nojeim, senior counsel at the Center for Democracy and Technology.

Backers of the proposal say it would limit the authority granted the president in section 706 of the Communications Act of 1934 to take over or shut down wire and radio communications in a time of war.

Whether that section of the 1934 act would apply to the Internet is "open to debate," Nojeim said. Beyond that, the 2010 bill would not have abolished that old presidential authority, he added.

"There are restrictions on the new [cybersecurity] authority, and they are important, but there should be no doubt that the bill does not limit the authority the president has, and instead expands it," he said. "If the intent was to limit the president's authority, the bill fails to do so."

It's unfair to suggest the bill would give the president the power to shut down the Internet to squelch dissent, but the additional authority is "not sufficiently defined," Nojeim added.

The comparisons to the Internet shutdown in Egypt grew loud enough that the three sponsors of the 2010 bill, Senators Joseph Lieberman, Maine Republican Susan Collins and Delaware Democrat Tom Carper issued a statement this week condemning the actions there.

"We would never sign on to legislation that authorized the president, or anyone else, to shut down the Internet," they said in the statement. "Emergency or no, the exercise of such broad authority would be an affront to our Constitution."

The three senators called the actions by the Egyptian President Hosni Mubarak "totally wrong."

"His actions were clearly designed to limit internal criticisms of his government," they said. "Our cybersecurity legislation is intended to protect the U.S. from external cyber attacks. Yet, some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth."

The senators' statement didn't comfort Free Press, a media reform and digital rights group.

"It's good to see the senators have heard the outcry from Americans troubled by this bill, but their promises that the bill won't give the president 'kill-switch' powers aren't very reassuring," Timothy Karr, campaign director for Free Press, said in a statement. "The devil is always in the details, and here the details suggest that this is a dangerous bill that threatens our free speech rights."

The proposal would give the president the authority to take emergency actions without congressional approval, Free Press said. The result is a concentration of power with the president, the group said.

"We understand that protecting Internet communications is a vital government interest, but we're troubled by the idea that the president could declare an emergency and shut down digital communications," Karr added. "In its current form, the legislation offers no clear means to check that power."

While the senators say the bill does not allow emergency actions in response to dissent, national security problems and political crises can become intertwined, added Heather Greenfield, a spokeswoman for the Computer and Communications Industry Association, a tech trade group.

"What governments do today in response to legitimate concerns can open the door to future abuses," she said.

Democracies should be models for Internet openness and freedom, she added. "CCIA doesn't want any government, or international body like the U.N., to expand their control over Internet operations," Greenfield said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Senate Homeland Security and Government Affairs CommitteeregulationsecurityCenter for Democracy and TechnologylegislationgovernmentComputer and Communications Industry Association

More about Computer and Communications Industry AssociationIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place