[ISN] Bush supports limits on disclosing details of hacking

From: InfoSec News (isnat_private)
Date: Fri Oct 19 2001 - 11:23:29 PDT

  • Next message: InfoSec News: "[ISN] SafeWeb ain't all that"

    http://www.nandotimes.com/technology/story/147053p-1435336c.html
    
    By TED BRIDIS, Associated Press 
    
    WASHINGTON (October 18, 2001 9:39 p.m. EDT) - An administration expert
    in computer security confirmed Thursday that the White House will
    support proposals to withhold details about electronic attacks against
    the nation's most important computer networks.
    
    The proposed changes, meant to encourage corporate victims of hackers
    to report crimes, would restrict government agencies' disclosures
    about attacks under the Freedom of Information Act. The proposal seeks
    to overcome traditional reluctance by industries, especially
    technology, to reveal potentially embarrassing details without fear of
    disclosure.
    
    In a letter to the chairman of the National Security and
    Telecommunications Advisory Committee, President Bush said he will
    "support a narrowly crafted exception ... to protect information about
    corporations' and other organizations' vulnerabilities to information
    warfare and malicious hacking."
    
    Bush sent the letter three weeks ago to Daniel Burnham, chairman of
    Raytheon Co., who heads the advisory committee. The Associated Press
    obtained the letter Thursday.
    
    John Tritak, director of the federal Critical Infrastructure Assurance
    Office, confirmed during a Thursday speech to technology executives
    the administration's support for such a "narrowly crafted" exemption
    to the information act. Tritak cautioned that any change must be
    "fully protective of open government and privacy."
    
    Other officials, including Ron Dick, director of the FBI's National
    Infrastructure Protection Center, privately have expressed support for
    an FOIA exemption to encourage broader sharing of threat information
    between industries and the government.
    
    "This is a much stronger, more-clear message from the administration,"
    said Harris Miller, head of the Information Technology Association of
    America, a trade group that supports the new limits.
    
    Support by President Bush marks a shift from the Clinton
    administration, which said existing restrictions on FOIA disclosures
    were adequate for protecting sensitive corporate information.
    
    In a different move to limit information available under the U.S.
    information law, Attorney General John Ashcroft ordered federal
    agencies this week to review more closely which documents they
    release. Ashcroft's new policy allows officials to withhold
    information on any "sound legal basis." Under looser policies issued
    in 1993, agencies could hold back information to prevent "foreseeable
    harm." Ashcroft cited the Sept. 11 terrorist attacks against New York
    and Washington as reasons for the change.
    
    Currently, Sens. Robert Bennett, R-Utah, and Jon Kyl, R-Ariz., and
    Reps. Tom Davis, R-Va., and James Moran, D-Va., have introduced bills
    to limit government disclosures about hacking attacks.
    
    "If you do not pass this bill, industry will not tell government"
    about hacking incidents against important networks, Bennett said
    Thursday.
    
    President Bush responded with support for the new FOIA exemption after
    a request from Raytheon's Burnham over the summer on behalf of the
    telecommunications advisory committee. Burnham wrote that "barriers to
    sharing (information) must be removed" and asked the president also to
    limit legal liabilities facing companies that make such disclosures.
    
    Burnham's letter to Bush was originally obtained this week by the
    Washington-based Electronic Privacy Information Center, which contends
    that existing limits under the information law are adequate to
    protecting disclosures about hacking attacks.
    
    EPIC lawyer David Sobel charged Thursday that technology companies
    want liability protections for hardware and software products that
    might be flawed in ways that could allow security breaches. "Most of
    us have concluded that companies really want the ability to unload
    this information on the government, then wash their hands of it,"
    Sobel said.
    
    A White House official, who asked not to be identified, said Bush has
    not committed to supporting any liability limits.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:26:57 PDT