Perspective: Say hello to Big Brother

The following article is from the popular technology news web site CNET It looks at the role of Washington role in computer and network security. You can see the original article at

Perspective: Say hello to Big Brother
By Declan McCullagh
18 November 2002

WASHINGTON--Like it or not, the proposed Department of Homeland Security firmly establishes Washington's central role in computer and network security.

When approved by Congress, perhaps as early as Monday, the massive new bureaucracy will become--among other things--the nation's clearinghouse for developing plans to prevent electronic attacks, thwart them when they occur and release advisories to the public.

According to the version of the bill approved by the House last week, department analysts will have security clearances and work so closely with the CIA, FBI, National Security Agency and the Defense Intelligence Agency that they'll even share personnel.

The department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection." Those are the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center.

It's not yet clear whether this is a good idea or a bad idea. It hasn't been debated thoroughly so far. "I doubt more than 10 people in Congress know (what's) in the bill," Rep. Henry Waxman, D-Calif., said last week. And the bill could either increase or decrease existing levels of bureaucratic wrangling. For instance, President Bush's Critical Infrastructure Protection Board is also charged with developing a plan to secure the Internet, which could presage a turf battle between the new department and the White House.

That's one problem that has plagued the FBI's highly-touted National Infrastructure Protection Center (NIPC). In a blistering 108-page report released last year, government auditors said the NIPC has become a federal backwater that is surprisingly ineffective in pursuing malicious hackers or devising a plan to shield the Internet from attacks. NIPC representatives weren't able to get agreements from the Defense and Commerce departments on how to share data; the Secret Service pulled agents that had been posted at NIPC; the White House gave NIPC the cold shoulder; and the spy agencies refused to take the upstart seriously.

"We've heard of a lot of bad blood and conflict over the last few years between these organizations," says Will Rodger, director of public policy at the Computer and Communications Industry Association, whose members include AOL Time Warner, Sun Microsystems, Nortel Networks and Oracle. "We're hopeful that when these parties are under the same roof, they can put aside whatever differences they've had."

Washington's centralization of computer security could improve federal agencies' practices--and create a near-irresistible temptation to start telling American businesses what to do. "We right now don't feel that the bill threatens industry," Rodger says. "That said, we're definitely more watchful and definitely more vigilant because we're looking at a government that has taken more power upon itself."

The beltway bureaucracy's recent interest in computer security began in earnest with an executive order that President Clinton signed in May 1998. It created the NIPC and envisioned an "innovative framework for critical infrastructure protection." The denial-of-service attacks in February 2000 piqued more federal attention, and the Sept. 11, 2001, terrorist attacks made aggressive government involvement in computer security a certainty. It's no coincidence that Congress last week awarded $900 million over five years to universities for computer security research.

One little-noticed section of the Department of Homeland Security bill takes this involvement to a new level. It creates a Homeland Security Advanced Research Projects Agency (HSARPA), modeled after the Defense Advanced Research Projects Agency (DARPA), and hands it at least $500 million a year to fund the development of new technologies. According to the bill, HSARPA will "promote revolutionary changes in technologies that would promote homeland security, advance the development (of technologies), and accelerate the prototyping and deployment of technologies that would address homeland vulnerabilities."

What that means is anyone's guess, but one dark possibility is that this effort will link up with the Defense Department's Information Awareness Office, run by former national security adviser John Poindexter, which is reportedly creating large-scale data warehouses to analyze everyday activities like credit card purchases and travel reservations.

One dismaying feature of the Department of Homeland Security is that the final version of the bill partially immunizes the new agency from the Freedom of Information Act (FOIA). Any information businesses give the department that's related to "critical infrastructure"--think details on viruses or operating system vulnerabilities--will not be subject to FOIA. According to the Society of Professional Journalists, this would "hide virtually all information submitted" to the department.

"The question is whether you create an additional exemption for information that could reveal vulnerabilities," says Marc Rotenberg of the Electronic Privacy Information Center. "It's a complicated issue, but FOIA has in the past weighed in favor of openness." Rotenberg points out that the existing FOIA law already allows agencies to withhold information that's proprietary or could endanger national security.

Whether or not you agree with Rotenberg and the journalists' group--and I think they make a good point--the fact that the House Republican leadership inserted this wording in the bill at the last minute without telling anyone is worrisome. The Senate had come up with a reasonable compromise. But House Majority Leader Dick Armey, R-Texas, ditched it at the last minute, gave his colleagues only an hour or two to read a 484-page bill and then prevented anyone from amending the legislation once it came to a vote.

This move comes as the Bush administration is simultaneously increasing government secrecy and reducing Americans' privacy. Let's hope the new department can overcome the dismal circumstance of its birth.

Declan McCullagh is the Washington correspondent for CNET, chronicling the ever-busier intersection between technology and politics. Before that, he worked for several years as Washington bureau chief for Wired News. He has also worked as a reporter for The Netly News, Time magazine and HotWired.

General Fair Use Notice

This reposted page may contain copyrighted material whose use has not been specifically authorized by the copyright owner. is making this article available in efforts to advance the understanding of the workings, impact and direction of various global issues. I believe that this constitutes a “fair use” of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond “fair use,” you must obtain permission from the copyright owner.

Where next?

This article is part of the following collection:

Other options

Author and Page Information

  • Posted: Saturday, November 23, 2002

Back to top