> Security program threatens privacy
>
> By ROBYN E. BLUMNER
>
> =A9 St. Petersburg Times, published January 23, 2000
>
>
> When President Clinton announced his plan earlier this
> month to spend $2-billion to implement a massive
> cybersecurity program, the nation collectively
> yawned. Few newspapers thought it even momentous
> enough to editorialize on.
>
> But we ignore this initiative at our own peril. There
> are knowledgeable voices who say Clinton's computer
> infrastructure protection plan will be the
> further undoing of our liberty and privacy.
>
> The program touts itself as "Version 1.0" with future
> developments to come, but even as a first step it is
> clear the ultimate goal is to expand government
> surveillance of the computing public and influence
> the development of the private sector's computer
> security systems.
>
> The administration justifies its plan, with its huge
> expenditures and the creation of a new bureaucratic
> security establishment, by warning that: "The most
> vital sectors of our economy -- power generation,
> telecommunications, banking and finance, transportation
> and emergency services -- are potentially
> susceptible to disruptions from hackers, terrorists,
> criminals or nation states." But these fears are overblown
> at best. According to the watchdog group Electronic
> Privacy Information Center, the fears are also being fed
> by the National Security Agency, which is the secretive
> arm of the Defense Department. The NSA has convinced
> the administration that an "electronic Pearl Harbor" could
> happen at any time -- a notion some computer experts
> call "more Hollywood than hard fact."
>
> To defend against this eventuality, the plan gives the FBI
> along with the national security apparatus and the intelligence
> community a large preventive role, uncomfortably blurring the
> line between the military and domestic law enforcement. James
> Dempsey, senior staff counsel for the Washington-based
> Center for Democracy and Technology, says under the plan,
> "the philosophy, equipment and personnel of the military is being
> evoked domestically."
>
> A big piece of this program is the Federal Intrusion
> Detection Network, or FIDNet, a monitoring system in which
> thousands of computer software programs keep a constant
> watch on computer networks looking for odd behaviors. The
> administration calls it a kind of computer burglar alarm system.
>
> When information on FIDNet was initially leaked last year,
> enough concern was raised about its Big Brother potential
> that the administration beat a hasty retreat. Well, it's back, just
> somewhat repackaged. Rather than housed at the FBI, FIDNet's
> home will be the General Services Administration, and
> the constant monitoring will occur only on government
> computers, not sensitive private sector computers as
> originally contemplated.
>
> Yet, even with the changes, significant privacy questions
> remain about such a monster surveillance program. Barry
> Steinhardt, associate director of the American Civil Liberties
> Union, raises concerns about the ability of Americans to
> access government information without disclosing their identity:
> "You ought to be able to go to the Web site of the Internal Revenue
> Service or Commerce Department and get information on an
> anonymous basis without being tracked." Dempsey says the
> system will operate as one huge profiling program, raising flags
> when someone's on-line behavior is deemed suspicious.
>
> Then there's the part of the infrastructure protection program that
> involves the private sector. Since a significant part of what the
> Clinton plan identifies as critical infrastructure is owned and
> operated by private corporations -- mass communications, energy,
> banking and finance, etc. -- the plan encourages these businesses
> to share information on their computer security operations. Steinhardt
> says the government will pressure private businesses to "pull
> their punches" on privacy. Rather than develop strong systems
> of customer privacy that even the government can't breach,
> Steinhardt warns that business will be pressured to "build back
> doors into technology" so the government can more easily
> watch for suspicious activity.
>
> While Clinton pays lip service to privacy concerns -- he announced
> the initiative by saying "it is essential that we do not undermine
> liberty in the name of liberty" -- his administration has a shameful
> track record of protecting the privacy of Americans. Under Clinton's
> watch, the use of roving wiretaps has been approved, a huge worker
> database was established to track the movements of every employee
> in the country and the telecommunications industry was forced to
> retrofit its systems to give the FBI and law enforcement the opportunity
> to listen in.
>
> There is no reason to trust that the administration has suddenly
> been converted. For Clinton, a speculative menace has always
> been enough to trump real civil liberties. This time will be no different,
> but the mere size of the endeavor makes this threat to privacy that
> much greater.