An armed FBI special agent shows up at your facility and tells your ranking
manager to "shut down the Internet".
What do you do when you get home to put it back on the air -- let's say email
as a base service, since it is -- do you have the gear laying around, and how
long would it take?
Do you have out-of-band communications (let's say phone numbers) for enough
remote contacts?
Cheers,
-- jra
Focus on this part, BTW, folks; let's ignore the politics behind the
shutdown. 
Cheers,
-- jra
legal paperwork or pound sand. [very small hurdle, pathetic how many
LEOs seek to avoid it] The rest of it waits for that.
So if I get what you're saying, I could have something operational from scratch in a few hours. I've got a variety of Cisco routers and switches, Linux and Mac OS X boxes in various shapes and sizes, and a five CPE + one AP 5 GHz Mikrotik RouterOS-based radio system, 802.11b/g wireless AP, 800' of Cat 5e cable, connectors, and crimpers. The radios, if well placed, could allow me to connect up several strategic locations, or perhaps use them to connect to other sources of Internet access, if available. If it really came down to it, I could probably gather enough satellite communications gear from the office to allow me to stand up satellite Internet to someone. Of course, the trick would be to talk to that "someone" to coordinate connectivity over the satellite which may be hard to do given the communications outage you described. I wouldn't be so worried about transmitting to the satellite, in this case I'd just transmit without authorization, but someone needs to be receiving my transmission and vice versa for this to be useful. At a minimum, I could enable communications between my neighbors.
Regards,
Ryan Wilkins
Turn off the room lights, salute, and shout, "Mission Accomplished."
The FBI dude with the gun won't know the difference.
- mark
No. The correct answer is that in the U.S., if the Agent in question has a
valid subpoena or N.S.L., you must comply. If he doesn't, then you do not
have to comply.
I cannot answer for any other jurisdiction.
Also, make sure you have staff attorneys well-versed in Internet law --
you'll need them either way.
- - ferg
Also, make sure you have staff attorneys well-versed in Internet law --
you'll need them either way.
The Internet has it's own law now?
MMC
Subpoenas and NSLs are used to gather information, not to shut down
telcos. They're just an enforceable request for records.
Considering that politicians in the US have suggested that they need
"kill switch" legislation passed before they can do it, and further
considering that "kill switch" legislation doesn't currently exist,
what lawful means do you anticipate an FBI special agent to rely on
in making such a request?
I'm not actually in the US. In a question arising from the Egypt
demonstrations earlier this week, Australia's Communications Minister
said he didn't think the law as written at the moment provided the
government with the lawful ability to shut down telecommunications
services.
http://delimiter.com.au/2011/02/03/no-internet-kill-switch-for-australia-says-conroy/
- mark
The Internet is not immune to the law, as you should well know. In fact,
the Internet seems to be a legal "proving ground" these days, so word to
the wise.
- - ferg
I share your sentiment.
One of the best commentaries I have read lately on this issue was earlier
today:
http://www.zdnet.com/blog/government/ive-changed-my-mind-america-must-never
- -allow-an-internet-kill-switch-heres-why/9982
Worth a quick read.
- - ferg
No. The correct answer is that in the U.S., if the Agent in question
I am making no argument to the contrary.
But I should caution you that there are forces at work currently which are
making motions to federalize this authority.
I think we all should be deeply concerned -- some of this
pandering/politicizing/scar-mongering can have ill effects.
- - ferg
Paul,
a key piece in the article is on the second page:
"In fact, a lot of what the bill provides for are a very good ideas.
The bill sets out the concept that cyberspace is a strategic asset for
the United States and needs to be protected like any other strategic
asset. This is good.
The bill also acknowledges that we’re likely to come under severe
attack and need to have a way to respond. We also need to have a
single point of authority to make sure we respond in a coordinated
way, instead of having all of America’s security forces working at
cross-purposes. That single point of authority is the President. This
makes sense."
In all seriousness here, I wonder how the Egyptian law was worded,
that allowed them to legally (let's assume so) send out propaganda
text messages through all mobile operators (force operators to
comply), and even shut down the Internet (force operators to comply).
It is fully possible that the law says something very similar to that
above, that when the state is under stress or attack (by its own storm
troopers...), the state is allowed to step in to take protective
measures, all in the good interest of the state, authorized by their
single point of authority.
This is a dangerous design, specifically as it assumes that the state
under all circumstances is good which most observers will note,
especially now, that states cannot be assumed to be, forever and
always.
Essentially, I'm not seeing the upside in assuming any state will
always be good, forever and always. And it boils down to what's been
discussed earlier: centralizing control of the Internet, whether
political or technical, makes it less robust to failures and more
prone to abuse/attack, as the value of a single point or target
increases.
This sub-thread is a bit off-topic, and to the thread starter I only
suggest you look into the Egypt situation/operations a bit, but I
guess that's where you got your inspiration for the question anyway.
Cheers,
Martin
In this, we completely agree.
And as an aside, governments will always believe that that they can control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
- - ferg
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies.
Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the direction of Egypt, where pressure on just a few companies CAN shut down the entire internet. Otherwise we end up with a few companies that will play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security".
If you *really* believe that the TSA is effective, you would be in favor of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any safer, then you should equally be very concerned that someone ever has the power to order that the internet be "shut down" for our safety.
jc
1. I always keep a printed copy of all email and cellphone contacts that
I normally would have access to online.
2. Critical is contacting your users. Normally your company has its
mailing list but that is now down. You could set up a new list via
Google groups or Yahoogroups or even your own Mailman on a VPS, but
what about the list of users? Always keep an updated exported list of
your users on a DoK so you can rebuild later.
3. Website: as above, keep a duplicate copy of your basic HTML pages on
some DoK that you can take with you. Have the user+pswd to your
registrar so you can repoint your DNS to some new site you now setup up
with the new updated info about your downtime.
-Hank
3. Website: as above, keep a duplicate copy of your basic HTML pages
on
some DoK that you can take with you. Have the user+pswd to your
registrar so you can repoint your DNS to some new site you now
setup up
with the new updated info about your downtime.-Hank
Having a DNS server and MX host outside the borders of the country would
help as well.
I believe that any "attack" is likely to come from within, not from an
external source. It would seem most likely to me that some malware
would be spread around ahead of time that does nothing to bother the
host until it is time for it to act. At that point, cutting off
international links will have little/no impact and would possibly be the
entire goal of the event. Shutting down the Internet would be "mission
accomplished".
The government should be, in my opinion, focusing its efforts on how it
can best facilitate a coordination of efforts to A: profile the traffic
so it can be blocked B: locate infected nodes so they can be
disconnected or disinfected.
The source of the attack is not likely going to be network
infrastructure but instead the millions of end user devices out there.
Questions like: who is monitoring traffic and noting traffic profiles of
malware and developing some mechanism for distributing those traffic
profiles to network operators so they can be blocked or otherwise acted
on?
How can that distribution channel be made "robust" in the face of a
general public network breakdown?
Is there a need for some sort of an operational "order wire" network
that interconnects network operators as sort of an "out of band"
communications path for handling emergency coordination among operators?
What would be the connectivity requirements for such a network?
The government could be a lot of help in keeping the network up in the
face of attack rather than simply shutting it off. The emphasis should
be on keeping it working, not how to most efficiently shut it down.
The Internet is not immune to the law, as you should well know. In fact,
the Internet seems to be a legal "proving ground" these days, so word to
the wise.
And, the US National Communication Service (http://www.ncs.gov/index.html) "technically" has the ability to order all US telecommunications providers to disconnect for the express purpose of maintaining the integrity of the US Telecommunications system. If the NCS does not have implicit authority, a Executive order would grant it.
So beware, most of the "US Internet Kill Switch" talk in Washington DC is politics from people who have not read that can be done now using existing authorities.
An armed FBI special agent shows up at your facility and tells your ranking
manager to "shut down the Internet".
Let's look at this from a different perspective. What level of impairment would the feds face if they ordered wide spread
net shut downs. Do the feds have a big enough network of their own, that they can continue to
operate without the commercial nets being up? I mean they would need to declare martial law and coordinate enforcement
activities. Can they do this all via satellite networks?
Also what's to stop the operations staff from saying "no way jose" and walking out?
Ok. Let's say they aren't dependent on the net being up. What would the scenario look like?
Presumably this would be at a major IX, colo etc? Like say One Wilshire or something?
They would show up with several agents, and probably some tech folks. One presumes they would have
an injunction or some other legal authority to order you to terminate connectivity. This would have to
be spelled out to the letter (terminate all IX traffic, drop all external sessions, take down core routers
etc).
What do you do when you get home to put it back on the air
Put what back on the air? Regional connectivity to let people coordinate a revolution? (I'm
dead serious by the way. If things have gotten to the point where the feds are shutting down
the net, it's time to follow our founding code:
That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it
Depending on the geography, one could establish some long distance links via 802.11/3.65ghz. Hopefully that gear is
already on stand by.
-- let's say email
as a base service, since it is -- do you have the gear laying around, and how
long would it take?
Well I'm a huge data ownership guy and have been preaching to folks the importance of self hosting.
Lots of details are on my wiki at http://wiki.knownelement.com/index.php/Data_Ownership
So yes, I have the gear in service already doing my hosting. I also run a small neighborhood WISP.
I only offer net access via that WISP, but it would be trivial to stand up a neighborhood
xmpp/irc/mail/www server in that VLAN. Maybe I should do that now. Get people using it
before hand, so it's what they naturally turn to in time of distress/disaster. Hmmm....
Do you have out-of-band communications (let's say phone numbers) for enough
remote contacts?
How much phone service would still work, if the feds hit all the major IX points and terminate
connectivity? I seem to recall much discussion about the all IP back bone of the various large
carriers (Qwest/ATT). I guess calls in the same CO and maybe between regional CO's might work.
Think of this from a disaster preparedness perspective (ie a major earthquake or terrorist attack significantly damages One
Wilshire and/or various IXes in the bay area). AT&T has a very large CO right next to One Wilshire, with something like 1.5
million lines terminated in the building. It wouldn't take that much work for the FBI to shut those places down if they
felt a significant need to.
Interesting thought exercise. Let's keep the conversation going guys/gals!
Not sure if it has been said already but wasn't one of the key point for
the creation of the internet to create and infrastructure that would
survive in the case of all out war and massive destruction. (strategic
nuclear strikes)
Does it not bode ill for "national security" if any party could take out
a massive communication system by destroying/pressuring a few choke
points?