Interesting People mailing list archives
IP: Buried within the fast-tracked Bush Administration¹s Homeland Security Department enabling legislation is a provision with extremely far-reaching implications.
From: Dave Farber <dave () farber net>
Date: Fri, 12 Jul 2002 17:35:56 -0400
------ Forwarded Message From: Newmedia () aol com Date: Fri, 12 Jul 2002 15:49:18 -0400 (EDT) To: dave () farber net Dave: This proposed Op-Ed on Homeland Security and Freedom of Information has gone out to the NYTimes, the SJMerc and the Cleveland Plain Dealer and will circulate to the American Society of Newspaper Editors next week. At the moment, no one has committed to run it. <g> Maybe those on your list would find it worthwhile? Best, Mark Homeland Security: Are We Heading Over the Cliff? Buried within the fast-tracked Bush Administration¹s Homeland Security Department enabling legislation is a provision with extremely far-reaching implications. Although the headlines focus on whether this or that agency will or will not be shuffled into or out-of the Department, it is widely recognized that what is new, not what is old, is what matters. With this legislation, the very fabric and functions of the U.S. government will be remade, an event that echoes the establishment of the Department of Defense and the entire modern intelligence community following World War II. At the core of the new Department will sit an Office of Information Analysis and Infrastructure Protection. This Office will be newly crafted, not lifted from existing agencies. It will collect intelligence from the FBI, the CIA and, potentially, every other conceivable source including non-government databases. It will engage in unprecedented ³information sharing² about all aspects of the nation¹s ³infrastructure² with the private sector. Indeed, this Office will merge public and private interests to a degree never before experienced in this country¹s history. To accomplish this remarkable ³fusion² of the private and the public interests, a provision was included in the Bush Administration¹s Bill that could shield those who are responsible for developing, deploying and installing our inherently insecure computing and telecommunications infrastructure from revealing the problems that they have created. If they ³voluntarily² disclose this information to the government, these disclosures would gain a special exemption from the Freedom of Information Act (FOIA). All in the interest of protecting our critical infrastructure, which is largely designed, built and owned by those outside of the government. Moreover, if this Bill¹s ³immunity² provisions are expanded to include the additional amnesties of other freestanding legislation or the alternatives to the language in the original Bill now being considered as it goes through Congressional markup, these same purveyors of insecurity could be broadly protected from being held responsible for the problems they have created by also becoming exempt from anti-trust investigation/prosecution and even from liability lawsuits that might arise from any damages caused by these (all too often) flawed systems. Apparently, these extraordinary immunities have been demanded by those in the private sector as their reward for participation. But, is any of this necessary? Are these provisions needed to protect this critical information from would-be ³terrorists?² No, there are ample legal protections for sensitive information today. Among them, there are well-established FOIA national security and trade secret exemptions (complete with years of tested precedents and procedures) as well as very well exercised classification systems along with stiff penalties for unauthorized disclosures. Are these provisions needed to ensure that the ³actors² will come clean and ³volunteer² the details of their (all too often) deeply flawed infrastructure? No, despite the claims by various representatives of technology manufacturers, the U.S. government has a long history of voluntary collaboration with suppliers and owners of the technology (and other elements) that makes the U.S. economy function. Official bodies like the National Security Telecommunications Advisory Committee (NSTAC formed in 1982) and the Senate Select Intelligence Committee¹s Technical Advisory Group (TAG formed in 1997) have functioned at a very high level for many years, as have hundreds of more informal liaisons and contacts. Many of these were set up in the past five years with very modern technologies in mind following the 1997 President¹s Commission on Critical Infrastructure Protection (PCCIP). In addition to the proposed FOIA and other immunities, the Bush Bill (H.R 5005) also exempt related Advisory Committees (where the private sector meets the government) from the provisions of the Federal Advisory Committee Act (FACA). Remarkably, the carefully crafted ³sunshine² provisions in force today might not shine at all on the workings of the new Homeland Security Department. To the contrary, it almost looks as if provisions like Section 204 of the proposed Homeland Security Act of 2002 (and the more broadly defined immunities in Senate bill S.1456, the so-called Bennett-Kyl legislation) are being introduced with little debate at a moment of particularly heightened concerns over security following the attacks of September 11, 2001 and their aftermath. It¹s as if no one will notice or, at least, object too strongly. But, is granting such sweeping immunity to the private sector good security policy? No, it is not. Many of the same executives who are now being called to appear in front of Congress to answer for their self-dealing (and potentially criminal) behavior at Enron, Global Crossing and Worldcom (among others) are very deeply involved in the same infrastructure that we need to thoroughly protect. Indeed, Worldcom executives are already claiming that they cannot be allowed to fail wrapping themselves in a protective ³national security² blanket as others take the 5th and refuse to testify. Yes, it is these executives who will be asked to advise the Homeland Security Department. Until his recent departure as chairman and CEO of Qwest under a cloud of accusations and investigation, Joe Nacchio was also the vice-chairman of NSTAC. Indeed, NSTAC and its parent the National Communications System (NCS) are currently slated to be transferred from the DoD into the new Homeland Security Department. Let the security professionals with their broad experience and ample legal and procedural toolbox secure our infrastructure, not the executives of the high-technology firms that build and own that infrastructure. The security professionals are the ones who know and should be held accountable to carry out -- what needs to be done in this highly interdependent and often dangerous undertaking. Much more importantly, encourage the technology community to build entirely new systems architectures unlike those based on 1960/70¹s designs which treat security as an afterthought which will be crucially needed to replace today¹s inherently insecure infrastructure, if we are to ever hope for a secure cyber-future. Granting immunity to those who created many of these insecurity problems in the first place will neither make us more secure nor better prepared to face the challenges of the 21st century. Clearly, granting immunity to these executives and their companies (among others) can only open a vast Pandora¹s Box of potential conflicts. Exempting the private sector from the carefully balanced FOIA disclosure procedures robs the public of its Constitutionally affirmed right to know. These immunity provisions should not be signed into law. In our deep concern to secure the homeland, we must be sure to not head over the cliff into the dangers of a shadowy public-private ³fusion² which potentially places itself beyond accountability and outside of the law.
Attachment:
_bin
Description:
Current thread:
- IP: Buried within the fast-tracked Bush Administration¹s Homeland Security Department enabling legislation is a provision with extremely far-reaching implications. Dave Farber (Jul 12)