Killing the Switch

After I mentioned it in a recent post, the Internet had been a-buzz and a-twitter with reports on the Protecting Cyberspace as a National Asset Act, or PCNAA, which had been described as a new bill that could give the President a “kill switch” to “shut down” the Internet. My first reaction was that whether or not the bill that is eventually signed into law contains such a provision wouldn’t really change anything (warrantless wiretapping, anyone?). Since then, the version of the bill that actually (and unanimously) cleared the Senate Committee on Homeland Security and Government Affairs has no trace of such a kill switch. And as far as the media explosion over the issue is concerned, a Mark Twain quote comes to mind: “A lie can get halfway around the world while the truth is still putting its boots on.” In a world where instant communication is a simple fact of nature, one might consider the psychological implications of the media’s accuracy in its first-run coverage of these topics.

One of the strongest, most-repeated findings in the psychology of belief is that once people have been told X, especially if X is shocking, if they are later told, “No, we were wrong about X,” most people still believe X.

Though I’m not sure how the mainstream media is covering the newest version of the bill, I did watch how the stories flew off the digital presses when the thought of a “kill switch” was involved. I was pleasantly surprised at the time to see an earnestness in the typical sensationalism that the media has no problem embracing when its own interests are at stake. Instead of the banal blend of incrementalism and content filled with parroted talking points levied by each “side,” some media outlets showed that they could actually shape the tone of the discourse on their own, regardless of the agenda that the politicians were actually setting. Online outlets (for obvious reasons) were particularly polemical and willing to characterize the idea itself as a threat and opine on its merits, refusing to simply magnify the staged wrestling theatrics that comprise American politics.

A reader of this blog already knows that I’m in favor of anything that gets Americans to actually consider the merits of expanding (and usually mission-creeping) executive power. Usually, the only time you can get Americans to care about an election is when their tangible, obvious and personal interests are stake. E.g.,

So, the media covering an issue of political philosophy in a way that was cognizant of the long term costs as compared to the immediate implications seemed like progress, even if the media missed the point on what the bill really does.

What the bill does say is that, should it be passed, the DHS would spawn a new agency called the National Center for Cybersecurity and Communications. This NCCC would become the focal point for all things “cybersecurity” at the national level, and would act as go-between for the government and the private sector. Private companies (like ISP’s) would also be asked for data that could be used to diagnose security holes. The rest of the private sector, or more specifically, the heads of Internet-related tech firms in the private sector, would lend their expertise in situations that might take place in the event of a major “cyber attack.”

More or less, the bill authorizes a lot more coordinated “monitoring,” in one form or another. The bill contemplates methods that somewhat dubiously take cues from our current war against terrorism because of the commonality of the sometimes inapt metaphors used to liken both “wars.” The other, perhaps more important, missed point is that the President already had the legal power to hit a “kill switch,” dating back to an arcane provision of the Communications Act of 1934. Section 706(c) of that still-effective Act gives the President unfettered power to “suspend or amend, for such time as he may see fit, the rules and regulations applicable to any or all stations or devices capable of emitting electromagnetic radiations…” It goes on to say that the President can then have any and all “stations or devices” physically shut down. That’s much more power than the mere “kill switch” that everyone seemed to be freaking out about, and the President already had the legal authority to use such power. The PCNAA would actually put a check on Presidential power by requiring the President to go before Congress and present a viable threat, then take the least drastic action possible while still effectively handling whatever horrendous situation has arisen online.

All of this may be well and good from a national security standpoint; I’m not particularly sure. What I am sure about is that cyberattacks are something that most Americans perceive dimly, if at all. And that relative ignorance is dangerous when it comes to the possibility of a power-grab. In that vein, an excellent Intelligence Squared debate recently asked the question: “Has the Cyberwar threat been grossly exaggerated?”

At first blush, given my natural suspicions about how and why threats are generally communicated to the public, I would have been inclined to respond, “Yes. No question. Are you mad? Are you some backwoods fascist more prone to load a gun than a webpage in exercising Amurrica’s freedoms?” It is that kind of person on whom the argument in favor of amping up the threat of war works so well in extracting consent for additional executive power because the threat seems immediate. The pro-executive argument tends to rely on an argument from authority (i.e., “Trust me, I know how dangerous it is, but it’s classified, so I can’t tell you why it’s dangerous.”), which germinates political thought with the nightmare scenarios (i.e., “cyber-9/11”) that create the willingness to hand over whatever unlimited executive authority is necessary to quell those unknown threats. Of course, Thomas Hobbes pointed all this out four centuries ago. The fact that the proponents of expanded power tend to be part of the machine that stands to gain in terms of authority and institutional control is usually beside the point.

As skeptics like Bruce Schneier put it, this is a rhetorical war; it’s a way to focus attention and make an interesting headline, while blurring a lot of the threats that exist in the context of the networked society, not by virtue of attacks on the infrastructure itself. The fact that anyone is willing to characterize the issue as a Cyberwar evokes strong imagery of serious assets at stake and great potential for loss (or gain) on any side.

The winners of the aforementioned debate emphasized and re-emphasized the word “threat” and threw out a bunch of nightmare scenarios (which their opponents, to their credit and debating demise, acknowledged were situations that were both possible and undesirable) that were designed to frighten the audience into stating that the threat of cyberwar has not been exaggerated. The threat side threw out the possibility of “taking down the entire internet” and stealing “terabytes of data” through a couple of seriously constructed viruses, Trojans, and worms. The term “cyber-9/11” was used repeatedly, as were comparisons and citations to the Cold War, as a way of reminding the assembled security wonks that a threat can be very real without a shot being fired. And when you consider that the winning team won by changing more minds amongst the assembled security policy types that would even consider showing up to the Newseum in Washington, DC for a debate on cyberwar, this is a much more savvy group of people than the general population, one that I would suppose is at least marginally less susceptible to blatant manipulation through allusions to unknown threats than the average population. What that means for the future of government authority, cybersecurity policy, and privacy, of course, is what has me spooked.