IP: Buried within the fast-tracked Bush Administration¹s Homeland Security Department enabling legislation is a provision with extremely far-reaching implications.

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Newmedia () aol com
Date: Fri, 12 Jul 2002 15:49:18 -0400 (EDT)
To: dave () farber net

Dave:

This proposed Op-Ed on Homeland Security and Freedom of Information has gone
out to the NYTimes, the SJMerc and the Cleveland Plain Dealer and will
circulate to the American Society of Newspaper Editors next week.

At the moment, no one has committed to run it. <g>

Maybe those on your list would find it worthwhile?

Best,

Mark
Homeland Security: Are We Heading Over the Cliff?

 

Buried within the fast-tracked Bush Administration¹s Homeland Security
Department enabling legislation is a provision with extremely far-reaching
implications.

 

Although the headlines focus on whether this or that agency will or will not
be shuffled into or out-of the Department, it is widely recognized that what
is new, not what is old, is what matters.  With this legislation, the very
fabric and functions of the U.S. government will be remade, an event that
echoes the establishment of the Department of Defense and the entire modern
intelligence community following World War II.

 

At the core of the new Department will sit an Office of Information Analysis
and Infrastructure Protection.  This Office will be newly crafted, not
lifted from existing agencies.  It will collect intelligence from the FBI,
the CIA and, potentially, every other conceivable source ­ including
non-government databases.  It will engage in unprecedented ³information
sharing² about all aspects of the nation¹s ³infrastructure² with the private
sector.  Indeed, this Office will merge public and private interests to a
degree never before experienced in this country¹s history.

 

To accomplish this remarkable ³fusion² of the private and the public
interests, a provision was included in the Bush Administration¹s Bill that
could shield those who are responsible for developing, deploying and
installing our inherently insecure computing and telecommunications
infrastructure from revealing the problems that they have created.  If they
³voluntarily² disclose this information to the government, these disclosures
would gain a special exemption from the Freedom of Information Act (FOIA).
All in the interest of protecting our critical infrastructure, which is
largely designed, built and owned by those outside of the government.

 

Moreover, if this Bill¹s ³immunity² provisions are expanded to include the
additional amnesties of other freestanding legislation or the alternatives
to the language in the original Bill now being considered as it goes through
Congressional markup, these same purveyors of insecurity could be broadly
protected from being held responsible for the problems they have created by
also becoming exempt from anti-trust investigation/prosecution and even from
liability lawsuits that might arise from any damages caused by these (all
too often) flawed systems.

 

Apparently, these extraordinary immunities have been demanded by those in
the private sector as their reward for participation.  But, is any of this
necessary?  Are these provisions needed to protect this critical information
from would-be ³terrorists?²

 

No, there are ample legal protections for sensitive information today.
Among them, there are well-established FOIA national security and trade
secret exemptions (complete with years of tested precedents and procedures)
as well as very well exercised classification systems along with stiff
penalties for unauthorized disclosures.

 

Are these provisions needed to ensure that the ³actors² will come clean and
³volunteer² the details of their (all too often) deeply flawed
infrastructure?

 

No, despite the claims by various representatives of technology
manufacturers, the U.S. government has a long history of voluntary
collaboration with suppliers and owners of the technology (and other
elements) that makes the U.S. economy function.

 

Official bodies like the National Security Telecommunications Advisory
Committee (NSTAC ­ formed in 1982) and the Senate Select Intelligence
Committee¹s Technical Advisory Group (TAG ­ formed in 1997) have functioned
at a very high level for many years, as have hundreds of more informal
liaisons and contacts. Many of these were set up in the past five years ­
with very modern technologies in mind ­ following the 1997 President¹s
Commission on Critical Infrastructure Protection (PCCIP).

 

In addition to the proposed FOIA and other immunities, the Bush Bill (H.R
5005) also exempt related Advisory Committees (where the private sector
meets the government) from the provisions of the Federal Advisory Committee
Act (FACA).  Remarkably, the carefully crafted ³sunshine² provisions in
force today might not shine at all on the workings of the new Homeland
Security Department.

 

To the contrary, it almost looks as if provisions like Section 204 of the
proposed Homeland Security Act of 2002 (and the more broadly defined
immunities in Senate bill S.1456, the so-called Bennett-Kyl legislation) are
being introduced with little debate at a moment of particularly heightened
concerns over security following the attacks of September 11, 2001 and their
aftermath.  It¹s as if no one will notice or, at least, object too strongly.

 

But, is granting such sweeping immunity to the private sector good security
policy?

 

No, it is not.

 

Many of the same executives who are now being called to appear in front of
Congress to answer for their self-dealing (and potentially criminal)
behavior at Enron, Global Crossing and Worldcom (among others) are very
deeply involved in the same infrastructure that we need to thoroughly
protect.  Indeed, Worldcom executives are already claiming that they cannot
be allowed to fail ­ wrapping themselves in a protective ³national security²
blanket ­ as others take the 5th and refuse to testify.

 

Yes, it is these executives who will be asked to advise the Homeland
Security Department. Until his recent departure as chairman and CEO of Qwest
under a cloud of accusations and investigation, Joe Nacchio was also the
vice-chairman of NSTAC.  Indeed, NSTAC and its parent the National
Communications System (NCS) are currently slated to be transferred from the
DoD into the new Homeland Security Department.

 

Let the security professionals ­ with their broad experience and ample legal
and procedural toolbox ­ secure our infrastructure, not the executives of
the high-technology firms that build and own that infrastructure.  The
security professionals are the ones who know ­ and should be held
accountable to carry out -- what needs to be done in this highly
interdependent and often dangerous undertaking.

 

Much more importantly, encourage the technology community to build entirely
new systems architectures ­ unlike those based on 1960/70¹s designs which
treat security as an afterthought ­ which will be crucially needed to
replace today¹s inherently insecure infrastructure, if we are to ever hope
for a secure cyber-future.

 

Granting immunity to those who created many of these insecurity problems in
the first place will neither make us more secure nor better prepared to face
the challenges of the 21st century.  Clearly, granting immunity to these
executives and their companies (among others) can only open a vast Pandora¹s
Box of potential conflicts. Exempting the private sector from the carefully
balanced FOIA disclosure procedures robs the public of its Constitutionally
affirmed right to know.

 

These immunity provisions should not be signed into law.  In our deep
concern to secure the homeland, we must be sure to not head over the cliff
into the dangers of a shadowy public-private ³fusion² which potentially
places itself beyond accountability and outside of the law.

Attachment: _bin
Description: