http://www.forbes.com/technology/newmedia/newswire/2001/11/08/rtr418615.html Reuters, 11.08.01, 3:20 AM ET By Elinor Mills Abreu PALO ALTO, Calif. (Reuters) - As technology companies promote the idea of a national identification card, the president's special adviser on cyber-security said Wednesday the idea has little support within the Bush administration. Richard Clarke said he couldn't name one official who supports the idea as proposed, although conceding that the administration doesn't yet have a formal position on the concept. "Everyone I've talked to doesn't think it's a good idea," Clarke said during a dinner speech hosted by Microsoft Corp. as part of its three-day Trusted Computing conference. The idea, raised in the wake of the Sept. 11 attacks, has drawn criticism from civil libertarians who say it would violate individual privacy. Despite those concerns, Larry Ellison of Oracle Corp. was the first to push ID cards, suggesting his company's database software should be used. Sun Microsystems Inc.'s Scott McNealy was next, and earlier Wednesday Siebel Systems Inc. announced "Homeland Security" software. Clarke said it is not clear that the country needs to have a mandatory identity card, but suggested there might be a use for credit card-sized smart cards that contain data and microchips. Such cards could be used for specific actions such as boarding airplanes and crossing U.S. borders, he said. "Not one national ID card that we force everybody to have," but multiple, voluntary cards that could improve the efficiency of activities, Clarke added. GOVNET DEFENDED Clarke also defended the idea he proposed in mid-October for the government to consider creating a computer network, dubbed "Govnet," that is separate from the Internet and which would, as a result, be less vulnerable to malicious attacks. He described it as a set of departmental and agency "intranets," which use Internet technologies, that would run on leased fiber optic cable instead of passing through routers and switches connected to the Internet. "It would be impervious to even the most dangerous denial-of-service attack," he said. Denial-of-service attacks are designed to temporarily shut down Web servers or other equipment by bombarding them with so much junk traffic that they can't handle the load. Government employees would still use the Internet, but also have computers linked to Govnet on their desks for internal communications and critical operations, Clarke said. This might be particularly useful for work such as manned space flight and air traffic control, he added. In response to criticisms that a separate network would not be immune from viruses, he said it would at least get viruses "hours or days" after they hit computers on the Internet. Critics also have noted that Govnet couldn't prevent so-called "insider threats," employees who intentionally or inadvertently create security breaches, which make up about 40 percent of network break-ins, Clarke said. To minimize that risk the government could closely monitor employees and require them to use technologies to prove their identity and permission to access the system, he said. "If it turns out to be vastly expensive then we won't do it," Clarke said. "It's is not designed to be a silver bullet" that will solve all the government's cyber-security problems, he added. COST OF DOING BUSINESS Legislation to boost the powers of law enforcement in combating terrorism and the money being spent to provide more security for buildings and digital assets is the cost of doing business going forward, Clarke concluded. "We're paying more for security than we were six weeks ago," he said. "We now understand it is a cost of doing business." The economic costs so far have been trivial, "a few billion dollars," which is minor compared to what the cost could be without the security measures, Clarke noted. In addition to money spent, Americans are having to give up some of their freedoms to privacy. The USA Patriot Act signed into law two weeks ago gives authorities broader rights to tap phones and track Internet, e-mail and cell phone usage, among other things. Under a "sunset provision," certain provisions will expire in five years. "If the administration abuses the law in any way," Clarke said, "Then the law can be re-enacted. We haven't given up civil liberties and privacy." The new law will allow the government to find perpetrators more quickly than they have in the past, he said. In 1998 after the U.S. Air Force computer system was attacked right before the Gulf War, it took officials four days to get nine search warrants to investigate the case, he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 06:41:13 PST