dr wooo on Mon, 2 Aug 1999 05:02:43 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> us gov, monitoring of computer systems

> New York Times
> July 28, 1999
> U.S. Drafting Plan for Computer Monitoring System
> The Clinton Administration has developed a plan for an extensive
> computer monitoring system, overseen by the Federal Bureau of
> Investigation, to protect the nation's crucial data networks from
> intruders.
> The plan, an outgrowth of the Administration's anti-terrorism program,
> has already raised concerns from civil liberties groups. 
> A draft prepared by officials at the National Security Council last
> month, which was provided to The New York Times by a civil liberties
> group, calls for a sophisticated software system to monitor activities
> on nonmilitary Government networks and a separate system to track
> networks used in crucial industries like banking, telecommunications and
> transportation. 
> The effort, whose details are still being debated within the
> Administration, is intended to alert law enforcement officials to
> attacks that might cripple Government operations or the nation's
> economy. 
> But because of the increasing power of the nation's computers and their
> emerging role as a backbone of the country's commerce, politics and
> culture, critics of the proposed system say it could become a building
> block for a surveillance infrastructure with great potential for misuse. 
> They also argue that such a network of monitoring programs could itself
> be open to security breaches, giving intruders or unauthorized users a
> vast window into Government and corporate computer systems. 
> Government officials said the changing nature of military threats in the
> information age had altered the nature of national security concerns and
> created a new sense of urgency to protect the nation's information
> infrastructure. 
> "Our concern about an organized cyberattack has escalated dramatically,"
> Jeffrey Hunker, the National Security Council's director of information
> protection, who is overseeing the plan, said Tuesday. "We do know of a
> number of hostile foreign governments that are developing sophisticated
> and well-organized offensive cyber attack capabilities, and we have good
> reason to believe that terrorists may be developing similar
> capabilities." 
> As part of the plan, networks of thousands of software monitoring
> programs would constantly track computer activities looking for
> indications of computer network intrusions and other illegal acts. 
> The plan calls for the creation of a Federal Intrusion Detection
> Network, or Fidnet, and specifies that the data it collects will be
> gathered at the National Infrastructure Protection Center, an
> interagency task force housed at the Federal Bureau of Investigation. 
> Such a system, to be put fully in place by 2003, is meant to permit
> Government security experts to track "patterns of patterns" of
> information and respond in a coordinated manner against intruders and
> terrorists. 
> The plan focuses on monitoring data flowing over Government and national
> computer networks. That means the systems would potentially have access
> to computer-to-computer communications like electronic mail and other
> documents, computer programs and remote log-ins. 
> But an increasing percentage of network traffic, like banking and
> financial information, is routinely encrypted and would not be visible
> to the monitor software. Government officials argue that they are not
> interested in eavesdropping, but rather are looking for patterns of
> behavior that suggest illegal activity. 
> Over the last three years, the Pentagon has begun to string together
> entire network surveillance systems using filters that report data to a
> central site, much as a burglar alarm might be reported at the local
> police station. 
> Officials said such a system might have protected against intrusions
> recently reported in computers at the Bureau of Labor Statistics, which
> produces information like the consumer price index that can affect the
> performance of the stock market. 
> The draft of the plan, which has been circulated widely within the
> executive branch, has generated concern among some officials over its
> privacy implications. Several officials involved in the debate over the
> plan said that the situation was "fluid" and that many aspects were
> still not final. 
> The report is vague on several crucial points, including the kinds of
> data to be collected and the specific Federal and corporate computer
> networks to be monitored. The report also lacks details about the ways
> information collected in non-Governmental agencies would be maintained
> and under what conditions it would be made available to law enforcement
> personnel. 
> Government officials said that the National Security Council was
> conducting a legal and technical review of the plan and that a final
> version is to be released in September, subject to President Clinton's
> approval. 
> The plan was created in response to a Presidential directive in May 1998
> requiring the Executive Branch to review the vulnerabilities of the
> Federal Government's computer systems in order to become a "model of
> information and security." 
> In a cover letter to the draft Clinton writes: "A concerted attack on
> the computers of any one of our key economic sectors or Governmental
> agencies could have catastrophic effects." 
> But the plan strikes at the heart of a growing controversy over how to
> protect the nation's computer systems while also protecting civil
> liberties -- particularly since it would put a new and powerful tool
> into the hands of the F.B.I. 
> Increasingly, data flowing over the Internet is becoming a vital tool
> for law enforcement, and civil liberties experts said law enforcement
> agencies would be under great temptation to expand the use of the
> information in pursuit of suspected criminals. 
> The draft of the plan "clearly recognizes the civil liberties
> implications," said James X. Dempsey, staff counsel for the Center for
> Democracy and Technology, a Washington civil liberties group, "But it
> brushes them away." 
> The draft states that because Government employees, like those of many
> private companies, must consent to the monitoring of their computer
> activities, "the collection of certain data identified as anomalous
> activity or a suspicious event would not be considered a privacy issue." 
> Dempsey conceded the legal validity of the point, but said there was
> tremendous potential for abuse. 
> "My main concern is that Fidnet is an ill-defined monitoring system of
> potentially broad sweep," he said. "It seems to place monitoring and
> surveillance at the center of the Government's response to a problem
> that is not well suited to such measures." 
> The Federal Government is making a concerted effort to insure that civil
> liberties and privacy rights are not violated by the plan, Hunker said. 
> He said that data gathered from non-Government computer networks will be
> collected separately from the F.B.I.-controlled monitoring system at a
> separate location within a General Services Administration building. He
> said that was done to keep non-Government data at arm's length from law
> enforcement. 
> The plan also has drawn concern from civil libertarians because it
> blends civilian and military functions in protecting the nation's
> computer networks. The draft notes that there is already a Department of
> Defense "contingent" working at the F.B.I.'s infrastructure protection
> center to integrate intelligence, counterintelligence and law
> enforcement efforts in protecting Pentagon computers. 
> "The fight over this could make the fight over encryption look like
> nothing," said Mary Culnan, a professor at Georgetown University who
> served on a Presidential commission whose work led to the May 1998
> directive on infrastructure protection. 
> "The conceptual problem is that there are people running this program
> who don't understand how citizens feel about privacy in cyberspace." 
> The Government has been discussing the proposal widely with a number of
> industry security committees and associations in recent months. 
> Several industry executives said there is still reluctance on the part
> of industry to directly share information on computer intrusions with
> law enforcement. 
> "They want to control the decision making process," said Mark Rasch,
> vice president and general counsel of Global Integrity, a company in
> Reston, Va., coordinating computer security for the financial services
> industries. 
> One potential problem in carrying out the Government's plan is that
> intrusion-detection software technology is still immature, industry
> executives said. 
> "The commercial intrusion detection systems are not ready for prime
> time," said Peter Neumann, a computer scientist at SRI International in
> Menlo Park, Calif., and a pioneer in the field of intrusion detection
> systems. 
> Current systems tend to generate false alarms and thus require many
> skilled operators. 
> But a significant portion of the $1.4 billion the Clinton Administration
> has requested for computer security for fiscal year 2000 is intended to
> be spent on research, and Government officials said they were hopeful
> that the planned effort would be able to rely on automated detection
> technologies and on artificial intelligence capabilities. 
> For several years computer security specialists have used software
> variously known as packet filters, or "sniffers," as monitoring devices
> to track computer intruders. Like telephone wiretaps, such tools can be
> used to reconstruct the activities of a computer user as if a videotape
> were made of his computer display. 
> At the same time, however, the software tools are routinely misused by
> illicit computer network users in stealing information such as passwords
> or other data. 
> Commercial vendors are beginning to sell monitoring tools that combine
> packet filtering with more sophisticated and automated intrusion
> detection software that tries to detect abuse by looking for behavior
> patterns or certain sequences of commands.
> --------- End Forwarded Message ---------
> ***********************************
> chickclick.com
> http://www.chickclick.com
> girl sites that don't fake it.
> http://www.chickmail.com
> sign up for your free email.
> ***********************************
> --------- End Forwarded Message ---------
> Angelfire for your free web-based e-mail. http://www.angelfire.com
> ______________________________________________________________________
> To unsubscribe, write to no2wto-unsubscribe@listbot.com
> MSN Messenger Service lets you stay in touch instantly with
> your family & friends - Visit http://messenger.msn.com

Get FREE voicemail, fax and email at http://voicemail.excite.com
Talk online at http://voicechat.excite.com

#  distributed via nettime-l: no commercial use without permission of author
#  <nettime> is a moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  un/subscribe: majordomo@bbs.thing.net and
# "un/subscribe nettime-l you@address" in the msg body
#  archive: http://www.nettime.org/ contact: <nettime@bbs.thing.net>