RENO — Nevada could become the first state in the nation to mandate the physical route government data takes as it travels the Internet under a bill being considered by the Nevada Legislature.
The bill’s sponsors, Assembly Majority Leader Paul Anderson, R-Las Vegas, and Sen. Mo Denis, D-Las Vegas, argue their measure is critical for cybersecurity because it would keep government Internet traffic confined to the state, instead of allowing that data to travel traditional paths that often include out-of-state connection points.
But both critics of the bill and independent Internet security experts said the measure would do just the opposite, creating a single-point bottleneck that could make data more vulnerable to attack and would defeat the Internet’s greatest strength, that it is decentralized with an almost infinite number of traffic routes.
“I don’t see much security advantage or technical advantage,” said Mehmet Gunes, a computer science and engineering professor at the University of Nevada, Reno and an expert in network security. “It might have economical advantage, but I’m not an economics professor.”
Although the concept itself is simple enough — keep Nevada data in Nevada — the actual means to accomplish the goal delves into the complexities of how data is routed between the various networks maintained by major Internet service companies. The process is called peering and involves a voluntary agreement between companies to allow each other’s data to pass through their pipes.
The West Coast has a handful of major peering locations where the physical connection occurs, most notably One Wilshire Boulevard in Los Angeles. Other connection hubs are in Salt Lake City and Phoenix.
Such peering agreements are necessary for, say, an email sent from a Charter Communications customer to reach a Cox Communications customer. When that happens, the data is most often routed through an out-of-state peering connection, even if both customers are physically located in Nevada.
“We want to be able to have this traffic happening here and then we can better protect it,” Denis said.
Cybersecurity experts, however, said data isn’t more or less vulnerable to attack if it’s routed through California or Utah than if it were routed solely through Nevada.
“I don’t have much concern that it’s going through California,” Gunes said. “If you said it goes through Mexico, then I would be concerned.”
To make matters worse, the data traffic could be more vulnerable to a single-point failure if it was mandated to travel through Nevada.
“The whole purpose of the Internet is to have redundancy in the system,” Reno-based Internet security expert Todd Shipley said. “If you build a silo with just your stuff and it breaks down you’ve defeated the purpose.
“If every state said we want you to set up something in this state solely for use in the state, you’re defeating the purpose of the Internet anyway,” Shipley added.
Denis said traffic could still be quickly routed through out-of-state peering sites if something happened to Nevada’s peering locations. The goal would be to create a primary Internet hub in Nevada and relegate California to secondary backup status.
Denis and the bill’s co-sponsor Anderson argue such a hub could drive economic development, making Nevada a more attractive spot for companies large and small to both store data and route traffic.
That ancillary economic activity could also benefit Switch, which is in the process of building a fiber optic line to connect Reno and Las Vegas.
Switch, whose founder Rob Roy was mentioned in Gov. Brian Sandoval’s state of the state address, is also seeking a major tax incentive to build a data center in Reno. The company contributed $10,000 to Anderson’s campaign and $5,000 to Denis’s campaign, according to state documents.
Switch wouldn’t be the only company positioned to house the peering connections. Other large communications companies such as Charter, AT&T and Cox could house their own peering connections, industry experts said. Denis said a non-profit company could also be created to act as an independent operator of the peering connections.
Still, most major Internet and phone carriers are opposing the legislation, saying it would needlessly interfere in a system that works.
“This bill would be somewhat analogous to saying everybody who visits Las Vegas has to go through the Sierras first,” said Mike Eifert, executive director of the Nevada Telecommunications Assoc., which opposes the bill.
Such a requirement would either compel Internet service providers to stop contracting with government customers or could significantly increase the cost for the services.
“Well, of course it’s going to increase the cost,” Shipley said. “You’d be making them do something that’s not normal for them to do. They’ll have to jack up the cost to compensate.”
Lawmakers on the committee in charge of the bill also seemed skeptical of the approach, questioning why the government should be in the business of mandating Internet traffic flow.
“If it’s speed you want that would be the place you would go do business anyway,” Sen. Pete Goicoechea, chairman of the Government Affairs committee, said, questioning why it would need to be “statutorily mandated.”
The bill must be passed out of committee by today or it dies.