I'm pretty sure legally they can't because if they did they _would_ violate the law. As I understand it, the NSA gathers email (without looking at the content) and then conducts statistical tests on the legally unprotected metadata seeking to find suspiscious patterns of behaviour/network characteristics. It then takes those findings to the FISA court which issues warrants to allow them to look at the content of those emails. Citizenship is not reliably ascertained from metadata but from content. Therefore the NSA literally doesn't know how many Americans' emails it has collected and to ascertain that number it would have to violate individual privacy rights by viewing the content without a warrant.
Nuclear war was the shadow that loomed over the Cold War. Did we have a nuclear war? No. Are there nuclear weapons? Yes.
Cyberwar is a shadow that looms over us presently, even if we choose not to take note of it. Is there an observable well defined cyber war? Probably not though some attacks in Asia, the Middle East, and Europe come close. Attribution is really hard and most cybersecurity professionals are more concerned with closing the security hole and limiting the than figuring out who did what to whom. Are there cyber weapons? Yes, viruses, worms and hackers exist. Are governments developing them? Yes, there is good evidence that China, Russia, and the US are all developing cyberwar fighting capabilities.
So, do militaries develop weapons with the intent never to use them. Sort of. Nuclear, biological and chemical weapons are developed in the hope that they are never used but better to be prepared than caught unprepared. Those weapons are directly lethal. Their effects are acknowledged and constrained by international treaty because they are so devastating. Cyberweapons unknown effects allow them to remain outside the law because we prefer not to think of them. Russia is actively seeking an international agreement on cyberwar.
Countries do not seek to make treaties about non-existent threats.
You know, Redbox could avoid everything if they simply offered to buy used DVDs from the public and from resale shops. They don't have to buy new. Also, for those people interested in whole CDs, this would be an effective way of redistributing music without running afoul of any IP issues...
Even better, Redbox or another user of this kind of system could innoculate themselves from IP arguements further by freely offering a flat percentage of rental fees to the artist/studio etc...
The Economist is a well-established periodical with an affluent, loyal clientele. In a sense, they are the reverse of NPR. They were one of the first periodicals to raise subscription prices in the face of economic hardship and it worked. Their reporting is also all done by their staff, unlike many newspapers. I agree with the previous poster that without seeing the numbers ( and I'm sure The Economist is looking at the numbers) it is difficult to tell whether this strategy will be effective.
"Air Traffic Groundstop =/= Internet Communications Stop"
On the contrary, federal statute as it stands presently sees them in exactly the same way. The point I am making is not about whether a shutdown would be good policy or bad policy. Rather, The President already is legally empowered to do this and bill in Congress is oblivious to the truth on the ground.
I nor anyone that I know has modeled what would happen if you shut down the main MAE links and say 6-8 TLDNS's at the same time. Furthermore, no chopping would be required. The airlines cooperated with a ground stop. Are you seriously suggesting that (the heavily regulated) Tier 1 providers would not honor a request from the federal government? My guess is that it would probably not shutdown the Internet but would cripple it for a time. Your comment of being too little too late and even counter productive may be entirely correct. I just don't know.
As for effects of soft power, simply consider how much worse a natural disaster with the added difficulties of even minor hacking. A cyber 9/11 would likely not be simply a massive set of hacks, rather the perpetrators would combine them with some actual physical attacks. As for data backups, how long does it take a large organization to realize that its data has been tampered with? Sure if every record is worng but what if only a random 4-5% of records are altered. How quickly would an organization choose to do a full restore from a backup? moreover, how much doubt would that sow in other organizations?
As for the true skeptics, please note that no one seriously considered and even scoffed at the idea of people crashing a plane into a building for mass casualties. That being said, it was a theme in popular fiction. Anyone read any Tom Clancy? Previous non-existence is no guarantee of future non-existence.
Finally, I am aware of why the US was attacked on 9/11. I also realize that they haven't given up and that we're the the main enemy and the way to hurt us and change our policy is by altering the fundamental economics of the struggle. Publicly and horrificly destroying two buildings in our largest city has, to their minds, not changed our behaviour sufficiently. It has resulted in setbacks for them and a general tightening of physical security making their operations and communications harder and more dangerous. All that means is that they are looking for another way to influence US policy. A large scale cyberattack is simply one possibility and one which the current administration is taking far more seriously than previous administrations. The efforts they are putting into cybersecurity relative to previous administrations is, I believe, telling.
Following 9/11, the only surprise here is that Congress is putting it in writing. The President already has broad authority to manage US transportation and communications networks in time of national emergency. There is strong and long standing precedent for this (WWI and seizure of radio stations). President Bush ordered a full ground stop of air traffic on 9/11. In the face of a massive cyberattack upon US websites from forign locales, I would expect the government to do the same. It wouldn't be instantaneous but it would be pretty quick. There's only so many fiber optic cable landings in North America. Moreover, the White House, via the Department of Commerce and the National Telecommunications and Information Administration (NTIA), has oversight authority over ICANN. How many TLDNS's are there in the US? How crippled would the Internet be if they were all taken offline more or less simultaneously?
Don't get me wrong, I think that the President should have this power. But it is a power only to be used in extremis like on 9/11. Really, who among you even conceived of a total air traffic ground stop? How many of you objected to it? How many people questioned it in the aftermath? I'll wager very few. I would suggest to you that in a cyber 9/11 scenario, where unknown hackers systematicly disable SCADA systems wreaking havoc on utilities infrastructure and release a virus that randomly reassigns blood types in medical records, the President of that future day will cripple the Internet and you will be glad that he did.
With the first ship came the shipwreck...
Techdirt has not posted any stories submitted by jlaprise.