________________________________________________________________________________ [http://www.wired.com/news/news/politics/story/20994.html] Surveillance Network Draws Fire by Declan McCullagh 3:00 a.m. 29.Jul.99.PDT WASHINGTON -- A White House plan to monitor the Internet for suspicious activities will intrude on Americans' privacy, congressional critics said Wednesday. The proposed surveillance system is intended to shield government and industry computer networks by monitoring them for intruders. It is endorsed by President Clinton, but some Democratic and Republican legislators charge that it is too secretive. "This administration has no respect for privacy. I find that very disturbing," Senator Conrad Burns (R-Montana) said in an interview. Burns said law enforcement officials should obtain court orders. "If you suspect something, I would suggest to you that you go through the same steps as if you wanted a phone tap, but not getting into people's computers and this monitoring business." Senator Ron Wyden (D-Oregon) joined Burns in a statement that called the Federal Intrusion Detection Network (Fidnet) proposal ill-conceived> He questioned what would happen to email and other personal information vacuumed into the system. The Fidnet proposal, as first reported Wednesday by The New York Times, comes from the White House National Security Council (NSC), which has devoted increasing attention to the security of computer networks. "A number of nations that are hostile to the [United States] and several well-financed terrorist groups, and quite arguably a number of organized crime groups, are systematically developing capabilities to attack US information systems. That's something both new and frightening," Jeffrey Hunker, NSC's director of information protection who is overseeing the Fidnet, said earlier this month. Prominent House Republicans found a lot to complain about and asked for more information if the plan, still tentative, is to proceed. "I am concerned the National Security Council is vastly underestimating the level of public concern about electronic privacy. The Clinton Administration has made this mistake before: proposing the much-reviled and now-discredited Know Your Customer plan," Representative Bob Barr (R-Georgia) said in a letter to Sandy Berger, Clinton's national security advisor. Barr said that if the White House intends "to move forward with this plan, I request a full briefing on its structure, focusing specifically on its cost and privacy implications." House Majority Leader Dick Armey said in a statement that the Fidnet could grow into an "Orwellian" system. "I am deeply concerned about reports that the Administration is trying to set up a new Washington bureaucracy to protect the private sector from hackers and computer terrorists," Armey said. "What we really need is protection from government Peeping Toms." For the past few years, law enforcement representatives have taken every opportunity to warn about hackers, and say that increased funding is necessary to combat the threat. The Justice Department's fiscal year 2000 budget request earmarks US$2 million from Attorney General Janet Reno's counterterrorism fund for the Fidnet. It says, "the Fidnet will provide all federal agencies with intrusion detection systems, as well as a centralized capability to analyze unauthorized entries. The Counterterrorism Fund will also be used to support the initial design of the system." When Reno testified before a Senate appropriations subcommittee in February, she said that the DOJ needed $27 million for the fund. The money would be used in part, she said, "[to] provide for costs associated with design of the Federal Intrusion Detection Network." Although the Fidnet will be housed at the FBI, the Defense Department will also be involved in its operation, which worries civil libertarians. ================================================================================ Intelligence Newsletter July 8, 1999 SECTION: COMMUNITY WATCH; UNITED STATES; N. 362 LENGTH: 744 words HEADLINE: World-Wide Internet Security Scheme [AUTHOR: Wayne Madsen] BODY: Washington is intent on creating a massive domestic and international Internet monitoring system, according to Intelligence Newsletter sources close to the National Security Council (NSC) who cited a copy of the United States National Plan for Information Systems Protection that is listed "for official use only." The plan has been withheld from public distribution pending a decision by the National Security Council (NSC) and Richard Clarke, the national coordinator for security, infrastructure protection and counter-terrorism, on whether to eliminate references to protection of the global information infrastructure. The NSC is believed to feel that references to a coordinated effort to protect international information infrastructures could run counter to the plans of the NSA and CIA to conduct offensive information warfare. In its present version, the plan calls for the establishment of a Federal Intrusion Detection Network (FIDNET) to keep watch on network activity involving all civil departments of the government and to maintain links with a similar system in the Pentagon known as the Joint Task Force-Computer Network Defense (JTF-CND). The project also aims to establish a link between FIDNET, JTF-CND and the private sector through the intermediary of Information Sharing and Assessment Centers (ISAC) networks. ISACs will monitor network activity in the telecommunications, banking, transportation and other sectors. One of the key purposes of monitoring, the plan says, was to create, maintain and dovetail "robust law enforcement and intelligence capabilities to protect critical information systems." The plan also calls for a White House-sponsored review of the Freedom of Information Act (FOIA) to consider changes to prevent certain information shared by the private sector with the government from being released as a result of FOIA requests. In addition, the plan advocates a bigger role for the Pentagon in protecting information infrastructure abroad. Specifically, it states the DoD "will ensure the availability, integrity, survivability and adequacy of those assets, both domestic and foreign, whose capabilities are deemed critical to DoD force readiness and operations across the military operational spectrum. On the technical level, it is foreseen that automated sensors will be deployed in Internet Protocol (IP)-compatible Ethernet and FDDI networks to provide "automated detection, correlation, warning and reporting for integrated threat warning and attack assessment." In addition, NSA and CIA personnel will assess the security of civil government agencies, joining forces in Expert Review Teams (ERTs). The FBI's National Infrastructure Protection Center (NIPC) will be given extra staff for its Analysis and Information Sharing Unit (AISU) and its Watch and Warning Unit (WWU). The latter will be relocated next to the FBI's expanded Strategic Information and Operations Center. Once more defense department, CIA, DIA and NSA personnel are brought on board NIPC will operate around the clock seven days as opposed to its current schedule of five days a week and 16 hours per day. The plan also describes the functions of a new NSA body called the National Security Incident Response Center (NSIRC) and indeed stresses that NSA is essential to the whole monitoring enterprise because it is the "only organization positioned to link intrusion data to signals intelligence." The new NSIRC will consist of four sections: an Information Protection Cell working around the clock seven days a week within the National Security Operations Center (NSOC); the Reporting and Analysis of Network Exploitation Division, providing all-source analysis of incidents; the Network Intrusion Analysis Capability department, providing information on hacker methods; and the Threat Assessment Division, which weighs threats to U.S. telecommunications and information systems. The plan named several private business figures who are to ensure liaison with government agencies. Representing the information and communications sector will be Harris Miller, president of the Information Technology Association (ITA); Matthew Flanigan, president of the Telecommunications Industry Association (TIA) and Roy Neel, president of the U.S. Telephone Association and former top aide to vice president Al Gore. Representing banking and finance is Stephen Katz, vice president for information security at Citigroup. ### ================================================================================ more: http://www.nettime.org/~rolux/archive/00000196.txt ________________________________________________________________________________ no copyright 1999 rolux.org - no commercial use without permission. is a moderated mailing list for the advancement of minor criticism. more information: mail to: majordomo@rolux.org, subject line: , message body: info. further questions: mail to: rolux-owner@rolux.org. archive: http://www.rolux.org