Privacy advocates Tuesday raised red flags before a U.S. Senate Judiciary Subcommittee looking into privacy implications of President Clinton's plan to safeguard critical systems against cyber attacks.
Critics of the plan charged specifically that the Clinton Administration is relying "too heavily on monitoring and surveillance" instead of simply focusing on making systems more secure, according to Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).
Advertisement: |
The Clinton Administration last month released its first "blueprint" for protecting critical government and private sector systems against hackers.
Called the National Plan for Information Systems Protection, the plan eventually will loop in critical systems for communications, transportation, and financial services.
"There is disagreement as to whether an intrusive, government-directed initiative that views computer security as almost solely defending 'our cyberspace' from foreign assault is the right way to go," Rotenberg said in prepared testimony.
EPIC officials especially took exception to the plan's inclusion of a Federal Intrusion Detection Network (FIDNET). Under the plan, a single government agency would be allowed to monitor communications across all federal networks.
Rotenberg argued that FIDNET would require notification to all users of federal systems, including government employees and the public, or would break various privacy statutes including wiretapping guidelines.
EPIC officials also said that the government's security policy overall has been inconsistent because it has prevented availability of some encryption and security tools.
John Tritak, director of the President's Critical Infrastructure Assurance Office, however, countered that the plan, dubbed Version 1.0, is still in its preliminary stages.
"The plan is designated Version 1.0 and subtitled 'An Invitation to a Dialog' to indicate that it is still a work in progress and that a broader range of perspectives must be taken into account if the plan is truly to be national in scope and treatment," Tritak said.
Part of the unfolding plan calls for a partnership between Fortune 500 companies and all levels of government to work out details for safeguarding computers.
The U.S. Chamber of Commerce this month will hold an initial meeting on private sector contributions to and participation in the plan.
Privacy must play a key part in any efforts to hone details of the plan, Rotenberg warned.
"I urge you to proceed very cautiously. The government is just now digging itself out of the many mistakes that were made over the past decade with computer security policy. This is not the best time to be pushing an outdated approach to network security," Rotenberg said.
The U.S. Senate Judiciary Committee's Subcommittee on Technology, Terrorism, and Government Information, in Washington, is at www.senate.gov/~judiciary. The Electronic Privacy Information Center, in Washington, is at www.epic.org. The National Information Protection Center, in Washington, is at www.fbi.gov/nipc.
This story from Infoworld.com Copyright © 2000 InfoWorld Media Group, Inc.
RELATED LINKS
Network World, 01/17/00.
IETF - security savior or privacy violator?
Network World Fusion Focus on Security, 10/25/99.
Reinforcing paranoia
Network World, 09/06/99
Senators introduce E-Privacy bill
Network World Fusion, 5/12/98.
White House plan for surveillance system draws fire
Network World, 08/02/99.
RELATED LINKS
