»
Discussion
»
The Alley
»
The Kill Switch
| The Alley |
|
The Kill Switch |
|
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648
|
How can this possibly be justified in a free country? We aren't China, Cuba or Venezuela. Not yet anyway. quote: http://www.wnd.com/index.php?fa=PAGE.view&pageId=168197 |
||
| © Copyright 2010 Denise - All Rights Reserved | |||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: If you understand anything about how computers and the internet works justifying having someone able to order the isolation or shutdown of all or part of it in an emergency is simple Denise. Once you accept that someone has to be able to do that, the only question left is who that someone should be, the President seems like a good choice to me – who do you think it should be Denise? . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
Anyone but a politician. When they first floated this idea over a year ago, one of his aids said that it's no big deal. The President already has the power required in national emergencies to do this. The one question I didn't hear from anyone in the media, including Fox, is why the necessity for the new law then? There must be something in it that grants more power to the President than he already has. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: I’m not sure I like your idea of appointing an independent Internet Security Czar Denise, it might work, but how would the position be funded to ensure he/she remains independent and who would appoint them? quote: Technically he has, along with a whole bunch of other stuff he can do all rolled up in his responsibility to protect the nation, like launching a nuclear strike if the situation necessitates it. The problem is that there’s no formal process, the proposed bill which seeks to ensure the security of networks, data and infrastructure includes a provision to correct that. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
It also leaves it to his sole discretion as to what constitutes a national emergency. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
Wouldn’t that be the same if your non-political internet security Czar were given the power Denise? As I said, someone has to do it and the office of President seems like an obvious choice regardless of who the President happens to be. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
I think we are capable of better than that, Grinch. And we have too many Czars at the moment, too. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
I’m not so sure Denise, I mean the dipstick in the article you quoted couldn’t even think of an emergency that would require closing down sections of the internet - the non-political Czar was your idea – remember? Imagine if that wingnut was given the power. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
I didm't say we needed a Czar. I said we needed a non-politician. Maybe perhaps a committee in Defense to evaluate potential securiry emergencies and then recommend appropriate action for the President to sign off on. It shouldn't be only in the hands of the President, in my opinion. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
Err.. That’s almost exactly what the bill proposes Denise, a central group or committee of experts will be formed to which all key network and system Administrators will be obliged to report potential cyber attacks. That group would report to the President with a rating of potential risk and a recommended strategy, including any necessity to isolate or shutdown affected systems. The President would base his decision on their report but ultimately he’d be the only person able to authorise such action. Have you read the proposal Denise? Or are you simply regurgitating what the dipstick said in the article? . |
||
|
Essorant Member Elite
since 2002-08-10
Posts 4769Regina, Saskatchewan; Canada |
What kind of "emergencies" are we talking about? I can see how a bank's site might need to be shut down for security issues, but the internet as a whole? I don't quite see what would justify that. |
||
|
Amaryllis Senior Member
since 2010-05-20
Posts 1306Mi now |
This is completely off the subject, but `The Kill Switch` is a great title for a poem~!  . Sorry.. carry on! ~Amaryllis |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: Ess, the access and transfer medium of a systematic cyber attack is likely to be via the internet, to protect uncompromised networks, and isolate affected networks cutting internet access is standard operating procedure. It would need to be a serious cyber attack for anyone to contemplate shutting down the whole internet but it’s not difficult to build possible scenarios. Take your bank example, if a single bank was infected by an unknown piece of malicious software that transmitted account details to a site on the internet you could stop the transfer by cutting the banks internet connection. If an unknown number of banks were being affected you could shutdown the site that the account details were being transferred to, but suppose the number and type of networks being attacked was unknown and the number and location of sites that the details were being transferred to was also high and constantly changing. Under those circumstances cutting internet connection across the main backbone and inter-backbone routers is a viable option. As I said, cutting access to the whole internet would have to be an exceptional case Ess, for a start it’s not as simple as it sounds, the internet is designed to be resilient in that regard - flicking a switch isn't a good analogy. In most cases localised access would be cut. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
Yes, I've read it Grinch. And as with other legislation lately, the language is too vague, and the powers granted too far sweeping. I've underlined a few areas of concern in these selections: the term ‘incident’ means an occurrence 19 that— 20 ‘‘(A) actually or potentially jeopardizes— 21 ‘‘(i) the information security of infor 22 mation infrastructure; or 23 ‘‘(ii) the information that information 24 infrastructure processes, stores, receives, 25 or transmits; or ‘‘(B) constitutes a violation or threat of 2 violation of security policies, security 3 procedures, or acceptable use policies applicable to 4 information infrastructure. 5 ‘‘(10) the term ‘information infrastructure’ 6 means the underlying framework that information 7 systems and assets rely on to process, transmit, re 8 ceive, or store information electronically, including— 9 ‘‘(A) programmable electronic devices and 10 communications networks; and 11 ‘‘(B) any associated hardware, software, or data; ‘‘(17) the term ‘national cyber emergency’ 2 means an actual or imminent action by any indi 3 vidual or entity to exploit a cyber vulnerability in a 4 manner that disrupts, attempts to disrupt, or poses 5 a significant risk of disruption to the operation of 6 the information infrastructure essential to the reli 7 able operation of covered critical infrastructure; 8 ‘‘(18) the term ‘national information infrastruc 9 ture’ means information infrastructure— 10 ‘‘(A)(i) that is owned, operated, or con 11 trolled within or from the United States; or 12 ‘‘(ii) if located outside the United States, 13 the disruption of which could result in national 14 or regional catastrophic damage in the United 15 States; and 16 ‘‘(B) that is not owned, operated, con 17 trolled, or licensed for use by a Federal agency; ‘‘(iii) information security standards 2 and guidelines for national security sys 3 tems issued in accordance with law and as 4 directed by the President; (this could be tightened up by removing the 'and' to read 'in accordance with law as directed by the President'. Putting that 'and' in there is potentially granting power to the President not necessarily according to law.) Any emergency measure or 2 action developed under this section shall cease to 3 have effect not later than 30 days after the date on 4 which the President issued the declaration of a na 5 tional cyber emergency, unless— 6 ‘‘(A) the Director affirms in writing that 7 the emergency measure or action remains nec 8 essary to address the identified national cyber 9 emergency; and 10 ‘‘(B) the President issues a written order 11 or directive reaffirming the national cyber 12 emergency, the continuing nature of the na 13tional cyber emergency, or the need to continue 14 the adoption of the emergency measure or ac 15 tion. I would like to see some language of checks and balances before drastic measures could be taken by the Cybersecurity Agency and the President to shut down segments of or the entire internet or extend shutdowns. I don't see any language here to restrain this or any future President from abusing his power. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: The language isn’t vague to me Denise, I’ll be happy to explain what it means if you like, or you can simply carry on reading articles like the one you posted - written by fools who don’t know what they’re talking about. Take this for instance: quote: There’s no need to add that part Denise, for the same reason that similar language isn’t added to all legislation - the President is already charged with acting in accordance with the law. It’s implicit in accepting the office of President – in fact anyone who wants to hold that office has to swear that he will do so. |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
I worded that incorrectly, Grinch. The way it is worded now, with the 'and' inserted, essentially makes any directive from the President lawful, according to this legislation. Taking out that word means any directive he issues must be based in already established law. From my reading of this it isn't restricted to internet communication either. It states electronic communications. That covers just about everything, telecommunications, including cell phones, blackberries, all broadband systems, etc. I also have a problem with the 30 days. Why would it take 30 days to isolate and combat a cyber attack, and why would there be a need to keep extending the 30 day blackout? |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
The bill is related to Cyber security, electronic communications in that sphere would exclude telecommunications that don’t rely on internet connectivity. ‘‘(1) IN GENERAL.—Any emergency measure or action developed under this section shall cease to have effect not later than 30 days after the date on which the President issued the declaration of a national cyber emergency” This section is a protection against keeping any restriction in place longer than is necessary Denise. Why do they need 30 days? They may not, it actually states no later than 30 days, if the emergency is resolved earlier any measures put in place may be lifted, if they aren’t lifted within 30 days anyone with restrictions still in place will have to explain why. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
Don't Blackberries and Broadband depend on an internet connection, Grinch? Some cell phone plans too have internet capabiity, as do some phone services now. How would all those be affected due to an internet disruption or shut down? How about television? Do they depend on Broadband with those reception boxes we all had to install last year if we had older TVs, or is that a different type of technology, do you know? I know the 30 days is a limit. I just don't know why they chose that number. I would think anyone who knows what they are doing would be able to identify and isolate a threat in a matter of hours, not days or a month, with possible extensions of the outside limit of 30 days. It just seems too broad of a time frame to me. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: Yes. Mobile voice communication doesn’t rely on the internet, nor does your home phone line. Blackberry and internet capable phones will still be able to make standard calls but data traffic would be affected if internet access were cut. Television transmitted by satellite, cable or standard terrestrial methods would not be affected – broadband on standard phone lines, both ADSL and DSL, would be affected but, like Blackberries, it wouldn’t affect voice data on those lines. 30 days? If the attack is a concerted effort by a foreign government or terrorist organisation 30 days would probably be optimistic. . |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
I guess folks who have their phones hooked up via the internet with companies like Comcast and Vonage should consider switching to old fashioned landlines then? This woman is scary. She takes the concerns of the Patriot Act, which allowed phone surveillance of calls to or from countries where terrorists live to a whole new level. She now wants internet monitoring of U.S. citizens for homegrown terrorists. Considering her definition of what a potential terrorist is, those who believe in limited government those who want tax reform, those who speak out against socialism and globalization, those who want secure borders, etc., this is quite frightening: http://www.foxnews.com/politics/2010/06/18/napolitano-internet-monitoring-needed-fight-homegrown-terrorism/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+foxnews%2Fpol itics+(Text+-+Politics) |
||
|
Denise
Moderator
Member Seraphic
since 1999-08-22
Posts 22648 |
Oh wait, maybe a comcast phone line would work since they are cable. Maybe you would just have to unhook it from the internet and plug it directly into the cable wall connection. |
||
|
Grinch Member Elite
since 2005-12-31
Posts 2929Whoville |
quote: No need Denise. Voice and data are transmitted separately; the only voice services affected would be Skype phones or VOIP. quote: You’d have to go a long way to take the Patriot act to a new level Denise. quote: I think you’ll find that she wants the ability to monitor suspected terrorists and visitors to sites suspected of recruiting terrorists. The first is a non-issue in my opinion, as long as there is a clear and secure procedure to authorise such surveillance monitoring a suspected terrorist seems like a no-brainer. Monitoring access to a site is a little more problematic, your constitution doesn’t protect email communication due to the fact that there’s no presumption of privacy but the sites you visit clearly carry a presumption and expectation of privacy – as evidenced by the proliferation of privacy policies. Personally I can’t see that one getting past the Supreme Court – but then again I also said that the Patriot Act was an abomination that had no chance of being implemented outside mainland China.  |
||
|
|
⇧ top of page ⇧ |
|
| All times are ET (US). All dates are in Year-Month-Day format. | ||
