http://www.nandotimes.com/technology/story/147053p-1435336c.html By TED BRIDIS, Associated Press WASHINGTON (October 18, 2001 9:39 p.m. EDT) - An administration expert in computer security confirmed Thursday that the White House will support proposals to withhold details about electronic attacks against the nation's most important computer networks. The proposed changes, meant to encourage corporate victims of hackers to report crimes, would restrict government agencies' disclosures about attacks under the Freedom of Information Act. The proposal seeks to overcome traditional reluctance by industries, especially technology, to reveal potentially embarrassing details without fear of disclosure. In a letter to the chairman of the National Security and Telecommunications Advisory Committee, President Bush said he will "support a narrowly crafted exception ... to protect information about corporations' and other organizations' vulnerabilities to information warfare and malicious hacking." Bush sent the letter three weeks ago to Daniel Burnham, chairman of Raytheon Co., who heads the advisory committee. The Associated Press obtained the letter Thursday. John Tritak, director of the federal Critical Infrastructure Assurance Office, confirmed during a Thursday speech to technology executives the administration's support for such a "narrowly crafted" exemption to the information act. Tritak cautioned that any change must be "fully protective of open government and privacy." Other officials, including Ron Dick, director of the FBI's National Infrastructure Protection Center, privately have expressed support for an FOIA exemption to encourage broader sharing of threat information between industries and the government. "This is a much stronger, more-clear message from the administration," said Harris Miller, head of the Information Technology Association of America, a trade group that supports the new limits. Support by President Bush marks a shift from the Clinton administration, which said existing restrictions on FOIA disclosures were adequate for protecting sensitive corporate information. In a different move to limit information available under the U.S. information law, Attorney General John Ashcroft ordered federal agencies this week to review more closely which documents they release. Ashcroft's new policy allows officials to withhold information on any "sound legal basis." Under looser policies issued in 1993, agencies could hold back information to prevent "foreseeable harm." Ashcroft cited the Sept. 11 terrorist attacks against New York and Washington as reasons for the change. Currently, Sens. Robert Bennett, R-Utah, and Jon Kyl, R-Ariz., and Reps. Tom Davis, R-Va., and James Moran, D-Va., have introduced bills to limit government disclosures about hacking attacks. "If you do not pass this bill, industry will not tell government" about hacking incidents against important networks, Bennett said Thursday. President Bush responded with support for the new FOIA exemption after a request from Raytheon's Burnham over the summer on behalf of the telecommunications advisory committee. Burnham wrote that "barriers to sharing (information) must be removed" and asked the president also to limit legal liabilities facing companies that make such disclosures. Burnham's letter to Bush was originally obtained this week by the Washington-based Electronic Privacy Information Center, which contends that existing limits under the information law are adequate to protecting disclosures about hacking attacks. EPIC lawyer David Sobel charged Thursday that technology companies want liability protections for hardware and software products that might be flawed in ways that could allow security breaches. "Most of us have concluded that companies really want the ability to unload this information on the government, then wash their hands of it," Sobel said. A White House official, who asked not to be identified, said Bush has not committed to supporting any liability limits. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 13:26:57 PDT