National Security Through the Lens of the "Internet Kill Switch:" An Overview of the Debate in the U.S. and Russia

Blog | September 17, 2018

BY: PATRICIA VARGAS-LEÓN

In January 2011, the world witnessed how Egypt vanished from the global Internet for nine days through an action of the government. This form of control over the Internet is commonly known as an “Internet shutdown,” or an “Internet kill switch”—an action undertaken by a government to stop all Internet activity in a nation-state. Since 2005, numerous regimes have executed this maneuver citing reasons of national security.

Russia has discussed the subject since 2013. Following the Snowden revelations, Ruslan Gattarov, a member of the Russian Parliament, claimed that everyone, not only the U.S., should have access to the “master switch”—a reference to an alleged centralized system that gives the U.S. control over the global Internet. Such a device doesn’t exist. The legal basis for an Internet shutdown in Russia stems from a set of laws passed by the government between 2012 and 2018 to comprehensively regulate the Internet infrastructure in Russia, known as RuNet.

In September 2014, President Vladimir Putin and the Russian Security Council proposed a plan for the Kremlin to shut down RuNet, in the event of a national security threat, such as a military confrontation or anti-government protests. Dmitry Peskov, Putin’s press secretary, claimed that the government only intends to protect RuNet from “unpredictable actions” of the “West.”

In October 2015, Communications Minister Nikolay Nikiforov announced that tests would be conducted to prevent RuNet from being disconnected from the global Internet by another nation-state. Simultaneously, Russian ISPs claimed that Nikiforov ordered them to block traffic to foreign communications. The experiment failed because ISPs continued passing information out of Russia. By December 2016, German Klimenko, Putin's Internet adviser, asserted that the Russian government could disconnect RuNet from the global Internet to protect it from the “West”.

At its core, these series of developments indicate that Russia effectively has two distinct viewpoints about an Internet shutdown: the concern over the “West” imposing its will versus a distinctly Russian-owned action.   

Officials in the U.S. also debate the subject. Between 2009 and 2011, the U.S. Senate discussed three bills (S.773, S.3480 and S.413), in addition to a White House Proposal. These proposals would allow the President or another civil servant to shut down the Internet when the critical infrastructure (CI), interconnected via the Internet, is the target of a massive cyber attack.

The bills did not pass because of opposition by civil society activists concerned about the impact on freedom of speech and unclear limits of the president’s authority. However, while discussing the White House Proposal in 2011, Phillip R. Reitinger, at the time the Cybersecurity Chief at the Department of Homeland Security, stated that the CI is vital as it maintains the stability and functionality of the U.S. as a nation-state. Reitinger denied the U.S. government would be seeking authority to shut down the Internet, but stated that if something significant occurred, it should be able to respond appropriately. One legal basis for a shutdown stems from the war powers of the president as per the Communications Act of 1934. Additionally, both in 2015 and 2017, current U.S. President Donald Trump proclaimed that shutting down the Internet should be possible in the fight against terrorism.

More broadly, there is no agreement between legal scholars and policymakers whether an Internet shutdown should be legal or not. Defined as an action to be applied during a national security threat, limits of authority as to who decides over its application and its impact on civil liberties remain under debate. Additionally, some consequences of shutting down the Internet are self-evident owing to its inherent interconnectedness. Most of the world’s Internet traffic circulates through U.S. territory, and some nations of Eastern Europe are dependent on RuNet. Therefore, if the Internet is down in either country, there will be a severe knock-on effect.

Shutting down the Internet has been discussed as an immediate “remedy” against a major cyber attack. Nonetheless, if executed, the impact over the CI is unknown as such an event would be unprecedented. From an economic perspective, previous studies show adverse effects of Internet shutdowns on GDP, as evidenced in many African nation-states. From a technical perspective, varying opinions contend that isolating or disconnecting individual sectors, like electrical utilities and telecommunications lines from the Internet, is a better approach to protect the CI.

To date, governments that executed an Internet shutdown claimed they did it for reasons of national security, including Egypt, Cameroon and Algeria, among others. However, the national security concept is framed by governments according to the geopolitical circumstances specific to their national needs. The U.S. asserts that its goal is to protect its CI while the Russian government affirms they would take the step in the face of national protests and war.

While neither the U.S. nor Russia, has conducted an Internet shutdown, the subject clearly remains on each country’s political and legislative agenda. And that is significant, owing to the impact such an action may have—by either country—on economies, infrastructure and connectivity we depend on globally.    

Patricia Vargas-León is a fellow at the Information Society Project from Yale Law School. She holds a Ph.D. from the School of Information Studies at Syracuse University, and a law degree from the Pontifical Catholic University of Peru. She is based in the DC area and can be followed @patriciaavl.

The views expressed in this publication are solely those of the author and do not necessarily reflect the views of the EastWest Institute

Image: "IT Security Schloss vor Crypto-Hintergru" (CC BY-SA 2.0) by Christoph Scholz