Hypothetical: Testing the Internet “Kill Switch”
I’m a big fan of hypothetical situations. I propose them to my friends all the time. The more outlandish, the better. Here’s one I’ve had going for awhile now:
Suppose you are offered $500,000 to legally change your first name to Sham-Wow. Mind you, this name would have to appear on your resume, license, tombstone, etc. Would you accept the offer?
I’ll give you some time to think it over. In the meantime, here’s another hypothetical situation to ponder that’s a bit more testing-centric:
Suppose you are given the option to test a program designed to shut down the internet for a short period of time. You will be paid $1 billion if the program is launched successfully. However, there would be a 75% chance that the project would fail. If this happened, it would cause the worldwide web to be offline for the next five years and YOU would be held responsible. Would you accept that offer?
This question came to mind as I read about legislation currently being proposed in the the US senate. A bill introduced by Senator Joe Lieberman would allegedly grant the President broad emergency powers over the internet in times of national emergency. This would be done via the so-called internet “kill switch” – technology that would (theoretically, at least) allow the president to “shut down” the internet in certain situations.
Setting aside the moral and political implications of such powers, how would YOU go about testing such a program? What kind of tools would you use? What size staff would you need to employ? What size budget would be sufficient? There’s a real chance the bill could become law, and if it does, software testing will have to play a major role, will it not? A better question to ask might be whether such technology is even possible. Here’s an interesting perspective to consider from blogger Scott Evans:
The internet reacts to censorship attempts in much the same way that the human body reacts to a virus: it isolates the attempt and creates alternate paths to the sources of information being sought after. Ditto for any attempts by Washington to seize control of ISPs. There are ALWAYS alternative gateways to the worldwide web that are beyond government control, and tech-savvy Americans will ALWAYS find ways to exploit them.
As testers, I’d be interested to hear your thoughts on this matter.
Sincerely,
Sham-Wow Brown
Dear Sham-Wow
seems to me the “closest thing to reality” for testing this would be to setup a working scale model of the Internet (firewalled from the real world of course). That model itself would have to be setup and tested and a baseline established. Then start working on the kill switch. Not saying it would be cheap or easy but, hey, we are talking about the government.
Ha! What could be easier than creating a cheap, working scale model of the internet? I mean, it’s not exactly brain surgery
In fact, I have some time to kill this weekend. Maybe I’ll do it then.
Thanks for the comment Brad.
There are simply some things that just can’t be tested. The “kill switch” might be one of them. But, whether we pursue developing one (or something that’s equivalent) depends on what’s at stake if we’re unable to shut down the internet.
I imagine that the need for a “kill switch” would be to stop certain information from *leaving* the country and getting into the *wrong* hands. I think it would have to be information that could / would result in grave damage to our country. One obvious example would be information related to “national security.” Since there’s a lot of $$$ there, they might actually *try* to develop a “kill switch.”
But, regardless of how much $$$ is available and how talented some of our engineers are, a “kill switch” might not be able to be tested (assuming it could be built in the first place).
I’m guessing that someone thinking “outside the box” will come up with a far simpler and less expensive solution. And, something that won’t need to be tested b/c we’ve already seen its effects.
For example, instead of shutting down the internet, why not do just the opposite — flood the originator’s servers such that they can’t process any information they might receive in the first place (again, I’m on the national security topic).
Or, perhaps detonate an EMP 100 miles above the suspected country (try not to hit the wrong one though!). That would certainly stop any cyber attack in progress! Plus, it would be unlikely to result in casualties; certainly not on the order of magnitude that a destructive nuke would cause.
If you think about it, an analogy can be drawn with software testing. We could be given billions of dollars to test a certain app, but we all know that we can’t possibly find *all* the bugs. Or, at least we can’t *prove* that we did. All we can really *prove* is the existence of bugs, not their absence.
With that in mind, testing very complex software (e.g., operating systems) in an attempt to find *all* the *major* bugs might be impossible (depending on your definitions of course). We know that most Windows OSs have tens of thousands of bugs remaining (ha! Sorry Microsoft!), yet they’ve obviously shipped. And we don’t see too many bugs as we use the OSs (relatively speaking). Perhaps the bugs are lurking in the yet-to-be-executed code (which brings up the question about why that kind of code exists in the first place, and how we would identify it).
Comments?