[ga] FYI: White House to Propose System for Wide Monitoring of Internet

[Jeff Williams <jwkckid1@ix.netcom.com>]

All former GA members,

  See:  http://www.nytimes.com/2002/12/20/technology/20MONI.html

  I had to laugh when I read this article in it's entirity...

Excerpts:
The Bush administration is planning to propose requiring Internet
service providers to help build a centralized system to enable 
broad monitoring of the Internet and, potentially, surveillance 
of its users.

The proposal is part of a final version of a report, "The National
Strategy to Secure Cyberspace," set for release early next year, 
according to several people who have been briefed on the report. 
It is a component of the effort to increase national security 
after the Sept. 11 attacks.

The President's Critical Infrastructure Protection Board is preparing
the report, and it is intended to create public and private cooperation
to regulate and defend the national computer networks, not only from
everyday hazards like viruses but also from terrorist attack. 
Ultimately the report is intended to provide an Internet strategy 
for the new Department of Homeland Security.  Such a proposal, 
which would be subject to Congressional and regulatory
approval, would be a technical challenge because the Internet has
thousands of independent service providers, from garage 
operations to giant corporations like American Online, AT&T, 
Microsoftand Worldcom.

The report does not detail specific operational requirements, locations
for the centralized system or costs, people who were briefed on the 
document said.

While the proposal is meant to gauge the overall state of the worldwide
network, some officials of Internet companies who have been briefed on
the proposal say they worry that such a system could be used to cross
the indistinct border between broad monitoring and wiretap.

Stewart Baker, a Washington lawyer who represents some of the nation's
largest Internet providers, said, "Internet service providers are
concerned about the privacy implications of this as well as liability,"
sinceproviding access to live feeds of network activity could be 
interpreted as a wiretap or as the "pen register" and "trap and trace" 
systems used on phones without a judicial order. Mr. Baker said the 
issue would need to be resolved before the proposal could move forward.

Tiffany Olson, the deputy chief of staff for the President's Critical
Infrastructure Protection Board, said yesterday that the proposal, 
which includes a national network operations center, was still in flux.
She saidthe proposed methods did not necessarily require gathering 
data that would allow monitoring at an individual user level.

But the need for a large-scale operations center is real, Ms. Olson
said, because Internet service providers and security companies and
other online companies only have a view of the part of the Internet 
that is under their control.

"We don't have anybody that is able to look at the entire picture," she
said. "When something is happening, we don't know it's happening until
it's too late." The government report was first released in draft 
form in September, and described the monitoring center, but it 
suggested it would likely be controlled by industry. The current 
draft sets the stage for the government to have a leadership role.

The new proposal is labeled in the report as an "early-warning center"
that the board says is required to offer early detection of
Internet-based attacks as well as defense against viruses and worms.

But Internet service providers argue that its data-monitoring functions
could be used to track the activities of individuals using the network.
An official with a major data services company who has been briefed on
several aspects of the government's plans said it was hard to see how
such capabilities could be provided to government without the potential 
for real-time monitoring, even of individuals.

"Part of monitoring the Internet and doing real-time analysis is to be
able to track incidents while they are occurring," the official said.
The official compared the system to Carnivore, the Internet wiretap
system used by the F.B.I., saying: "Am I analogizing this to Carnivore?
Absolutely. But in fact, it's 10 times worse. Carnivore was working 
on much smaller feeds and could not scale. This is looking at the whole 
Internet." One former federal Internet security official cautioned 
against drawing conclusions from the information that is available 
so far about the Securing Cyberspace report's conclusions.

Michael Vatis, the founding director of the National Critical
Infrastructure Protection Center and now the director of the 
Institute for Security Technology Studies at Dartmouth, said 
it was common for proposals to be cast in the worst possible 
light before anything is actually known about the technology 
that will be used or the legal framework within which it will
function. "You get a firestorm created before anybody knows 
what, concretely, is being proposed," Mr. Vatis said.

A technology that is deployed without the proper legal controls "could
be used to violate privacy," he said, and should be considered
carefully. But at the other end of the spectrum of reaction, 
Mr. Vatis warned, "You end up without technology that could be 
very useful to combat terrorism, information warfare or some 
other harmful act."


Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html