IP: Cybersecurity czar frowns on national ID card proposal

[David Farber <dave () farber net>]

PALO ALTO, Calif. (Reuters) - As technology companies promote the idea of a 
national identification card, the president's special adviser on 
cyber-security said on Wednesday the idea has little support within the 
Bush administration.
Richard Clarke said he couldn't name one official who supports the idea as 
proposed, although conceding that the administration doesn't yet have a 
formal position on the concept.
``Everyone I've talked to doesn't think it's a good idea,'' Clarke said 
during a dinner speech hosted by Microsoft Corp. as part of its three-day 
Trusted Computing conference.
The idea, raised in the wake of the Sept. 11 attacks, has drawn criticism 
from civil libertarians who say it would violate individual privacy.
Despite those concerns, Larry Ellison of Oracle Corp. was the first to push 
ID cards, suggesting his company's database software should be used. Sun 
Microsystems Inc's Scott McNealy was next, and earlier on Wednesday Siebel 
Systems Inc. announced ``Homeland Security'' software.
Clarke said it is not clear that the country needs to have a mandatory 
identity card, but suggested there might be a use for credit card-sized 
smart cards that contain data and microchips. Such cards could be used for 
specific actions such as boarding airplanes and crossing U.S. borders, he 
said.
``Not one national ID card that we force everybody to have,'' but multiple, 
voluntary cards that could improve the efficiency of activities, Clarke added.
GOVNET DEFENDED
Clarke also defended the idea he proposed in mid-October for the government 
to consider creating a computer network, dubbed ``Govnet,'' that is 
separate from the Internet and which would, as a result, be less vulnerable 
to malicious attacks.
He described it as a set of departmental and agency ``intranets,'' which 
use Internet technologies, that would run on leased fibre optic cable 
instead of passing through routers and switches connected to the Internet.
``It would be impervious to even the most dangerous denial-of-service 
attack,'' he said. Denial-of-service attacks are designed to temporarily 
shut down Web servers or other equipment by bombarding them with so much 
junk traffic that they can't handle the load.
Government employees would still use the Internet, but also have computers 
linked to Govnet on their desks for internal communications and critical 
operations, Clarke said. This might be particularly useful for work such as 
manned space flight and air traffic control, he added.
In response to criticisms that a separate network would not be immune from 
viruses, he said it would at least get viruses ``hours or days'' after they 
hit computers on the Internet.
Critics also have noted that Govnet couldn't prevent so-called ``insider 
threats,'' employees who intentionally or inadvertently create security 
breaches, which make up about 40 percent of network break-ins, Clarke said.
To minimise that risk the government could closely monitor employees and 
require them to use technologies to prove their identity and permission to 
access the system, he said.
``If it turns out to be vastly expensive then we won't do it,'' Clarke 
said. ``It's is not designed to be a silver bullet'' that will solve all 
the government's cyber-security problems, he added.
COST OF DOING BUSINESS
Legislation to boost the powers of law enforcement in combating terrorism 
and the money being spent to provide more security for buildings and 
digital assets is the cost of doing business going forward, Clarke concluded.
``We're paying more for security than we were six weeks ago,'' he said. 
``We now understand it is a cost of doing business.''
The economic costs so far have been trivial, ``a few billion dollars,'' 
which is minor compared to what the cost could be without the security 
measures, Clarke noted.
In addition to money spent, Americans are having to give up some of their 
freedoms to privacy.
The USA Patriot Act signed into law two weeks ago gives authorities broader 
rights to tap phones and track Internet, e-mail and cell phone usage, among 
other things. Under a ``sunset provision,'' certain provisions will expire 
in five years.
``If the administration abuses the law in any way,'' Clarke said, ``Then 
the law can be re-enacted. We haven't given up civil liberties and privacy.''
The new law will allow the government to find perpetrators more quickly 
than they have in the past, he said.
In 1998 after the U.S. Air Force computer system was attacked right before 
the Gulf War, it took officials four days to get nine search warrants to 
investigate the case, he said.


For archives see:
http://www.interesting-people.org/archives/interesting-people/