Answer: Pretty dumb, and dangerous as well.
Computerworld - Back when I was a younger man, I was a Beltway Bandit. What that means is that I worked as a technical contractor for the federal government. In my case, I worked for several years for NASA and NAVSEA (Naval Sea Systems Command). Then, I worked with numerous bright developers, network engineers and system administrators. Unfortunately, we often worked with federal staffers who were often, ah, clueless. Since then, things have only gotten worse. Much worse.
Then, we usually only had to contend with managers who didn't understand the technology, but were capable of giving us realistic goals. For example, one NASA executive knew that the agency wanted a way to keep track of the current status of all telecom and datacom links to the STS (Space Transportation System, or space shuttle to you), but he didn't know how we would do it -- a combination of C and Datatrieve running on VAX/VMS and AT&T Unix systems, as it turned out -- and as long as we delivered the goods, he was happy.
That was when things worked well. Am I glad I'm out of the consultant/contractor game these days.
For starters, a U.S. Senate committee has approved a cybersecurity bill, the Protecting Cyberspace as a National Asset Act, that appears to say that the president can have the authority to shut down parts of the Internet during a cyberattack.
Actually, Sen. Joe Lieberman has said that what he wants the bill to do is put limits on the powers the president already has to cause "the closing of any facility or stations for wire communication" during war, which had already been given the presidency in the Communications Act of 1934.
OK, so it's not quite the "Internet kill switch" that earlier reports suggested, but tell me exactly how the president, or anyone else, is going to shut down even a significant part of the Internet on demand? We've come a long way since 1934.
Sure, you can wreck parts of the Internet for hours or days at a time with a DDoS (distributed denial-of-service) attack. And you can try to block parts of the Internet, as China does with its so-called Great Firewall of China. But if you know what you're doing, you can walk around the Great Firewall without too much trouble. Heck, even, Google, while backtracking on its stance toward China's censorship, was able to jump right over it by directing to its uncensored Hong Kong Web site.
But for practical purposes, there's no good way you can "turn off" even part of the Internet. It's silly to even think that there is.
Still, that's just a dumb idea. If it makes the Congress-critters happy to think that they can legislate the power to the Internet off and on or to make the value of pi equal 3, let them continue to dream on.
What's far, far more serious is the suggestion that the government be allowed to set up a National Strategy for Trusted Identities in Cyberspace. This sounds good. The plan is to create an Internet-based identity ecosystem, "where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities."
It would work by issuing everyone security tokens such as a state-issued "smart identity card," or perhaps a digital certificate on our PCs and smartphones. This token would contain all of the identity information about a person.
Can you say national identification card? I knew you could. I hate this plan.
This one would, technically speaking, be easy to implement. It's just that it's also an incredibly bad idea for a democracy. I do not like the idea of the federal government being able to track my every online step one little bit.
Sure, they might say that they wouldn't do that, but we'd always be one change of government away from an all-knowing, all-prying Big Brother. Besides, if you think we have trouble with online privacy and identity theft now, just wait until someone hacks their way into the identity ecosystem, or just into the mechanisms we'll need to log in to online services with out smart identity cards.
The saying goes that "to err is human but to really screw up you need a computer." I'd suggest an addition: "And to screw up things beyond comprehension, add the government."
Computerworld - Back when I was a younger man, I was a Beltway Bandit. What that means is that I worked as a technical contractor for the federal government. In my case, I worked for several years for NASA and NAVSEA (Naval Sea Systems Command). Then, I worked with numerous bright developers, network engineers and system administrators. Unfortunately, we often worked with federal staffers who were often, ah, clueless. Since then, things have only gotten worse. Much worse.
Then, we usually only had to contend with managers who didn't understand the technology, but were capable of giving us realistic goals. For example, one NASA executive knew that the agency wanted a way to keep track of the current status of all telecom and datacom links to the STS (Space Transportation System, or space shuttle to you), but he didn't know how we would do it -- a combination of C and Datatrieve running on VAX/VMS and AT&T Unix systems, as it turned out -- and as long as we delivered the goods, he was happy.
That was when things worked well. Am I glad I'm out of the consultant/contractor game these days.
For starters, a U.S. Senate committee has approved a cybersecurity bill, the Protecting Cyberspace as a National Asset Act, that appears to say that the president can have the authority to shut down parts of the Internet during a cyberattack.
Actually, Sen. Joe Lieberman has said that what he wants the bill to do is put limits on the powers the president already has to cause "the closing of any facility or stations for wire communication" during war, which had already been given the presidency in the Communications Act of 1934.
OK, so it's not quite the "Internet kill switch" that earlier reports suggested, but tell me exactly how the president, or anyone else, is going to shut down even a significant part of the Internet on demand? We've come a long way since 1934.
Sure, you can wreck parts of the Internet for hours or days at a time with a DDoS (distributed denial-of-service) attack. And you can try to block parts of the Internet, as China does with its so-called Great Firewall of China. But if you know what you're doing, you can walk around the Great Firewall without too much trouble. Heck, even, Google, while backtracking on its stance toward China's censorship, was able to jump right over it by directing to its uncensored Hong Kong Web site.
But for practical purposes, there's no good way you can "turn off" even part of the Internet. It's silly to even think that there is.
Still, that's just a dumb idea. If it makes the Congress-critters happy to think that they can legislate the power to the Internet off and on or to make the value of pi equal 3, let them continue to dream on.
What's far, far more serious is the suggestion that the government be allowed to set up a National Strategy for Trusted Identities in Cyberspace. This sounds good. The plan is to create an Internet-based identity ecosystem, "where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities."
It would work by issuing everyone security tokens such as a state-issued "smart identity card," or perhaps a digital certificate on our PCs and smartphones. This token would contain all of the identity information about a person.
Can you say national identification card? I knew you could. I hate this plan.
This one would, technically speaking, be easy to implement. It's just that it's also an incredibly bad idea for a democracy. I do not like the idea of the federal government being able to track my every online step one little bit.
Sure, they might say that they wouldn't do that, but we'd always be one change of government away from an all-knowing, all-prying Big Brother. Besides, if you think we have trouble with online privacy and identity theft now, just wait until someone hacks their way into the identity ecosystem, or just into the mechanisms we'll need to log in to online services with out smart identity cards.
The saying goes that "to err is human but to really screw up you need a computer." I'd suggest an addition: "And to screw up things beyond comprehension, add the government."
