Perspective: Say hello to Big Brother

This print version has been auto-generated from https://www.globalissues.org/article/391/perspective-say-hello-to-big-brother

Perspective: Say hello to Big Brother
By Declan McCullagh
18 November 2002
CNET News.com

When approved by Congress, perhaps as early as Monday, the massive new bureaucracy will become--among other things--the nation's clearinghouse for developing plans to prevent electronic attacks, thwart them when they occur and release advisories to the public.

According to the version of the bill approved² by the House last week, department analysts will have security clearances and work so closely with the CIA, FBI, National Security Agency and the Defense Intelligence Agency that they'll even share personnel.

The department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection." Those are the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center.

It's not yet clear whether this is a good idea or a bad idea. It hasn't been debated thoroughly so far. "I doubt more than 10 people in Congress know (what's) in the bill," Rep. Henry Waxman, D-Calif., said last week. And the bill could either increase or decrease existing levels of bureaucratic wrangling. For instance, President Bush's Critical Infrastructure Protection Board³ is also charged with developing a plan to secure the Internet, which could presage a turf battle between the new department and the White House.

That's one problem that has plagued the FBI's highly-touted National Infrastructure Protection Center (NIPC). In a blistering 108-page report⁴ released last year, government auditors said the NIPC has become a federal backwater that is surprisingly ineffective in pursuing malicious hackers or devising a plan to shield the Internet from attacks. NIPC representatives weren't able to get agreements from the Defense and Commerce departments on how to share data; the Secret Service pulled agents that had been posted at NIPC; the White House gave NIPC the cold shoulder; and the spy agencies refused to take the upstart seriously.

"We've heard of a lot of bad blood and conflict over the last few years between these organizations," says Will Rodger, director of public policy at the Computer and Communications Industry Association, whose members⁵ include AOL Time Warner, Sun Microsystems, Nortel Networks and Oracle. "We're hopeful that when these parties are under the same roof, they can put aside whatever differences they've had."

Washington's centralization of computer security could improve federal agencies' practices--and create a near-irresistible temptation to start telling American businesses what to do. "We right now don't feel that the bill threatens industry," Rodger says. "That said, we're definitely more watchful and definitely more vigilant because we're looking at a government that has taken more power upon itself."

The beltway bureaucracy's recent interest in computer security began in earnest with an executive order that President Clinton signed in May 1998. It created the NIPC and envisioned an "innovative framework for critical infrastructure protection." The denial-of-service attacks in February 2000 piqued more federal attention, and the Sept. 11, 2001, terrorist attacks made aggressive government involvement in computer security a certainty. It's no coincidence that Congress last week awarded⁶ $900 million over five years to universities for computer security research.

One little-noticed section of the Department of Homeland Security bill takes this involvement to a new level. It creates a Homeland Security Advanced Research Projects Agency (HSARPA), modeled after the Defense Advanced Research Projects Agency (DARPA), and hands it at least $500 million a year to fund the development of new technologies. According to the bill, HSARPA will "promote revolutionary changes in technologies that would promote homeland security, advance the development (of technologies), and accelerate the prototyping and deployment of technologies that would address homeland vulnerabilities."

What that means is anyone's guess, but one dark possibility is that this effort will link up with the Defense Department's Information Awareness Office⁷, run by former national security adviser John Poindexter, which is reportedly creating large-scale data warehouses to analyze everyday activities like credit card purchases and travel reservations.

One dismaying feature of the Department of Homeland Security is that the final version of the bill partially immunizes the new agency from the Freedom of Information Act (FOIA). Any information businesses give the department that's related to "critical infrastructure"--think details on viruses or operating system vulnerabilities--will not be subject to FOIA. According to the Society of Professional Journalists, this would "hide⁸ virtually all information submitted" to the department.

"The question is whether you create an additional exemption for information that could reveal vulnerabilities," says Marc Rotenberg of the Electronic Privacy Information Center⁹. "It's a complicated issue, but FOIA has in the past weighed in favor of openness." Rotenberg points out that the existing FOIA law already allows agencies to withhold information that's proprietary or could endanger national security.

Whether or not you agree with Rotenberg and the journalists' group--and I think they make a good point--the fact that the House Republican leadership inserted this wording in the bill at the last minute without telling anyone is worrisome. The Senate had come up with a reasonable compromise. But House Majority Leader Dick Armey, R-Texas, ditched it at the last minute, gave his colleagues only an hour or two to read a 484-page bill and then prevented anyone from amending the legislation once it came to a vote.

This move comes as the Bush administration is simultaneously increasing government secrecy and reducing Americans' privacy. Let's hope the new department can overcome the dismal circumstance of its birth.

Declan McCullagh is the Washington correspondent for CNET News.com, chronicling the ever-busier intersection between technology and politics. Before that, he worked for several years as Washington bureau chief for Wired News. He has also worked as a reporter for The Netly News, Time magazine and HotWired.

0 articles on “Perspective: Say hello to Big Brother”: