There is a lot of buzz and discussion around the danger of giving the President of the United States the authority to cut-off citizen access to the Internet – the so-called “Internet kill switch.” I recently appeared on Fox News to discuss this topic with the executive director of the Electronic Privacy Information Center who expressed a continuing concern about the possibility that the President would be granted or otherwise exercise such authority.
I believe this debate stems from language in “comprehensive” cyber legislation introduced last year by Senators Lieberman, Collins and Carper that gave the President authority to take certain steps in the event of a cyber emergency. In particular, privacy advocates say that the legislation, although not explicitly authorizing that authority, gives rise to the fear that a President could exercise that power in a way that could limit free expression.
Recent developments in Egypt and Libya provide proof that at least some national leaders will assert their authority to limit free expression cutting off or degrading Internet connectivity to its citizens. In response to the fears expressed last year that were only heightened by more recent developments, the senators modified their legislative language when they re-introduced their legislation in the new, current term of Congress. The new language explicitly says that it does NOT authorize the President to exercise “Internet kill switch” authority.
Let’s be clear, the President has emergency authority in the telecommunications space that was granted in the 1930s and amended in 1999 (supplemented by Executive Order), which, for example, provides for authority to ensure that national security emergency communications are maintained during a crisis. White House Cybersecurity Coordinator Howard Schmidt is conducting a review of current statutes and regulations to see if revisions or additions are necessary. This is an important effort that should be supported and enhanced by significant input from the private sector. The President needs the ability in a national emergency to limit harm from cyber attacks and work with the private sector to protect our critical infrastructure and communications, not to stifle free expression. Collaboration in advance of an emergency is critical to enhance the nation’s preparedness.
Regarding the substance underlying the publicity about the “kill switch,” it is important to distinguish between full shutdown and the ability to protect the most critical components that exist on the Internet backbone. Government and industry – in partnership (and this is key) – must have the ability to protect its critical traffic (i.e., financial transactions, intelligence sharing, defense communications and international commerce/flow of funds).
Heightened advances in cybersecurity in government and private sector are essential to protect privacy. We must promote and protect free expression, but, frankly, there needs to be a balance between anonymity and accountability. If anonymity is unbounded, then there will be no accountability for wrongdoing no matter how significant. Within the U.S. we need to continue to require and monitor the use of legal authorities to identify wrongdoers to limit abuse, just like with the exercise of any governmental authority. On the international front, we need to consider strengthening international norms to limit government interference with privacy and free expression rights.