This article is more than 1 year old
Why the US government reckons it should keep phone network kill-switches a secret
It all comes down to the word "any"
Analysis The US government has argued that the rules around how and when it is allowed to shutdown phone networks must remain secret because the disclosure could endanger lives.
In a court filing [PDF] this week, lawyers from the Department of Justice argued that public disclosure of Standard Operating Procedure 303 (SOP 303) "would enable bad actors to circumvent or interfere with a law enforcement strategy designed to prevent activation of improvised explosive devices by providing information about when shutdown procedures are used and how a shutdown is executed."
Those bad actors would be able to "insert themselves into the process of shutting down or reactivating wireless networks by appropriating verification methods and then impersonating officials designated for involvement in the verification process," the government claimed.
In other words, by knowing how the system works, people could disrupt the shutdown or prevent the restoration of cellphone networks to their own ends. But the situation that sparked a lawsuit to disclose the policy had nothing to do with explosive devices and bad actors.
In 2011, San Francisco's rail system BART flipped a cell network kill-switch in several subway stations amid a protest over a BART cop who shot and killed a drunk homeless man.
The fact that the network shutdown was ordered against a public demonstration raised immediate concerns over how the policy is written and can be implemented.
In response, the Electronic Privacy Information Center (EPIC) filed a Freedom of Information Act (FOIA) request for the text of SOP 303. It was refused under exemption 7F of the act, which states records do not have to be disclosed where release "could reasonably be expected to endanger the life or physical safety of any individual".
EPIC sued the government saying those grounds were not valid, and won. However, the government appealed the ruling, and then won in the appeals court. So EPIC filed for a rehearing of that appeal claiming that the grounds on which the decision was made were flawed. The latest filing is the government's explanation for why there shouldn't be a re-hearing.
In Uncle Sam's filing, lawyers representing the Department of Homeland Security (DHS) attempt to reduce the entire argument for public disclosure of SOP 303 down to the single word "any."
The exemption from public release (the 7f thing) that the DHS is using says, as mentioned above, publishing will "reasonably be expected to endanger the life or physical safety of any individual."
In essence, EPIC argues that this wording means the DHS would need to identify who exactly would be endangered. Since it can't, the exemption is not valid and the procedure should be published.
The DHS argues that it can't identify the exact individuals that could be endangered because it wouldn't know who was "within the blast radius of a remotely detonated bomb." In says that "any" in the exemption wording means anyone at all.
The filing then makes this same basic point in a number of different ways, while repeatedly going back to the fact the procedure is designed to cover emergency situations and in particular bombings (the procedure was developed directly in response to the London underground bombings in 2005).
Getting away from the specific wording that the case will likely revolve around, there is a much bigger issue.
The ability to shut down vital communications for large numbers of people without notice is something that requires significant safeguards, and it could be argued those safeguards are clearly insufficient when public transport police can decide a publicly announced demonstration is equivalent to imminent threats of improvised explosive devices.
The policy was developed swiftly in 2006 in response to the 7 July 2005 London bombings, and did not go through a full public process.
Rules produced rapidly in response to extraordinary efforts are rarely fully considered, and often written too broadly, creating numerous unintended consequences. There is good reason why important rules and laws require periodic review and approval to ensure they are fulfilling the purpose they were developed for.
That is seemingly not the case with SOP 303, which does not appear to have a review or reauthorization process (or one that we are aware of since the text is secret). And there is good reason to suspect that it has be used for purposes that it was not intended for, and so could be in future also.
While the DHS uses semantics to defend its effort to keep SOP 303 secret, the bigger question should be: why is such a powerful tool designed so poorly that simply knowing its broad details would enable someone to undermine it? ®