Should Obama Have an Internet Kill Switch?

WASHINGTON – There is no kill switch for the Internet, no secret on-off button in an Oval Office drawer. Yet when a Senate committee was exploring ways to secure computer networks, a provision to give the president the power to shut down Internet traffic to compromised Web sites in an emergency set off alarms.

One month ago, a revamped version of the Cybersecurity Act of 2009 emerged, months after an initial version authored by Sen. Jay Rockefeller, D-W.V., was blasted in Silicon Valley as dangerous government intrusion.

"In the original bill they empowered the president to essentially turn off the Internet in the case of a 'cyber-emergency,' which they didn't define," said Larry Clinton, president of the Internet Security Alliance, which represents the telecommunications industry.

"We think it's a very bad idea ... to put in legislation," he told said the new version of the bill is improved from its first draft, but troubling language that was removed was replaced by vague language that could still offer the same powers to the president in case of a disaster.

"We need to prepare for that digital disaster," said Melissa Hathaway, the former White House cybersecurity adviser. "We need a system to identify, isolate and respond to cyberattacks at the speed of light.

"Lawmakers have subsequently dropped the kill-switch provision, but the debate rages on. How much control should federal authorities have over the Web in a crisis? How much should be left to the private sector? Private companies own and operate at least 80 percent of the Internet, and argue they can do a better job.

The need for greater cybersecurity is obvious:

— Security experts recently discovered that at least 50 of the Fortune 100 were infected with malicious software designed to steal network data, harvest email addresses, and download malware onto computers.

— A Seattle security analyst warned earlier this year that the advancement of digital communication within the electrical grid, as promoted under President Obama's stimulus plan, would leave the nation's electrical supply dangerously vulnerable to hackers.

— Computer spies broke into the Pentagon's $300 billion Joint Strike Fighter project earlier this year and breached the Air Force's air-traffic-control system.

Nonetheless, the proposal to give the U.S. government the authority to regulate the Internet is sounding alarms among critics who say it's another case of big government getting bigger and more intrusive.

Silicon Valley executives are calling the bill vague and overly intrusive, and they are rebelling at the thought of increased and costly government regulations amid the global economic crisis.

Others are concerned about the potential erosion of civil liberties. "I'm scared of it," said Lee Tien, an attorney with the Electronic Frontier Foundation, a group based in San Francisco.

Committee spokeswoman Jena Longo said the bill "will not empower a government shutdown or takeover of the Internet and any suggestion otherwise is misleading and false."

She said the president has the constitutional authority to protect the American people and direct the response to a crisis — including "securing our national cyberinfrastructure from attack." Privacy advocates say the government has not proven it can do a better job securing networks than the private sector.

"The government needs to get its own cybersecurity house in order first before it tries to tell the private sector what to do," said Gregory T. Nojeim, senior counsel for the Center for Democracy and Technology.

Nojeim said the Senate Commerce Committee bill appears to leave "tough questions to the president, and that isn't comforting because some presidents will answer those questions in troubling ways."

The Associated Press contributed to this story.