[ISN] Bush signs Homeland Security bill

From: InfoSec News (isnat_private)
Date: Mon Nov 25 2002 - 23:31:21 PST

  • Next message: InfoSec News: "[ISN] Government fights off 6,000 online attacks"

    http://news.com.com/2100-1023-975305.html?tag=fd_lede1_hed
    
    By Declan McCullagh 
    Staff Writer, CNET News.com
    November 25, 2002
    
    When President Bush signed a bill on Monday creating the Department of
    Homeland Security, he started a process that will reshuffle
    bureaucracies, permit greater Internet surveillance and refocus the
    government's computer security efforts.
    
    The authors of the massive law, which totals about 500 pages, envision
    a far greater role for the government when it comes to making sure
    operating systems, hardware and the Internet are secure. The law
    allocates $500 million for research into new technologies. It also
    classifies certain activities as new computer crimes, stiffens
    penalties and permits Internet providers to hand more information
    about subscribers to police.
    
    "The department will gather and focus all our efforts to face the
    challenge of cyberterrorism, and the even worse danger of nuclear,
    chemical and biological terrorism," Bush said during a White House
    ceremony Monday afternoon. "This department will be charged with
    encouraging research on new technologies that can detect these threats
    in time to prevent an attack."
    
    Bush nominated Tom Ridge, the former Pennsylvania governor who's
    currently a White House advisor, to run the new department.
    
    White House spokesman Ari Fleischer warned on Monday that it will take
    "a couple years" to integrate the 22 existing federal agencies that
    will make up the new department and to deal with culture clashes and
    incompatible computer systems. Together, these agencies--the list
    includes the Secret Service, the Immigration and Naturalization
    Service, the Coast Guard and the Border Patrol--employ about 170,000
    people.
    
    "In the process of bringing people together, there are, of course,
    going to be wrinkles that need to get ironed out," Fleischer said. "No
    transition is perfect. (But) this process will lead to enhanced
    homeland security for the American people."
    
    Privacy concerns
    
    The final law prohibits the Justice Department's proposed
    citizen-informant program called TIPS (terrorist information and
    prevention system) and rejects "the development of a national
    identification system or card."
    
    But civil liberties groups are concerned about the impact the law will
    have on privacy, especially when linked with a pair of controversial
    projects funded by the Defense Advanced Research Projects Agency
    (DARPA).
    
    The agency considered and abandoned a plan to curtail Internet
    anonymity by tagging browsing with unique markers for each person,
    while funding a mammoth database that would feature profiles of nearly
    all Americans' behaviors and spending habits.
    
    "Is it appropriate for the U.S. Department of Defense to pursue an
    aggressive program of (technology development) that can be used for
    surveillance of Americans?" asked Marc Rotenberg, the director of the
    Electronic Privacy Information Center.
    
    Rotenberg called for the ouster of former admiral John Poindexter, who
    runs DARPA's Total Information Awareness (TIA) program, saying
    Poindexter's past efforts to create similar databases made him
    unsuitable to head the project.
    
    Last week, Sen. Chuck Grassley of Iowa, asked the Defense Department's
    inspector general to conduct a "complete review" of DARPA's TIA
    program. Grassley will become chairman of the Senate Finance committee
    next year, at which time he'll be in a position to place a check on
    the program's funding.
    
    The details
    
    After the reorganization is complete, the new department will mash
    together five agencies that currently divvy up responsibility for
    "critical infrastructure protection." Those are the FBI's National
    Infrastructure Protection Center, the Defense Department's National
    Communications System, the Commerce Department's Critical
    Infrastructure Assurance Office, an Energy Department analysis center
    and the Federal Computer Incident Response Center.
    
    A last-minute addition to the Homeland Security bill was the 16-page
    Cyber Security Enhancement Act, which the House approved as a
    standalone bill in July. It expands the ability of police to conduct
    Internet or telephone eavesdropping without first obtaining a court
    order, grants Internet providers more latitude to disclose information
    about subscribers to police in emergency circumstances and says those
    convicted of malicious hacking face sentences as severe as life in
    prison.
    
    Another addition, which was opposed by open-government activists and
    journalist groups, says that information that businesses give the
    department that's related to "critical infrastructure" will not be
    subject to the Freedom of Information Act. That could include details
    on virus research, security holes in applications and operating system
    vulnerabilities.
    
    The law also establishes an office designed to become "the national
    focal point for work on law enforcement technology." Categories
    include computer forensics, tools for investigating computer crime,
    DNA identification technologies and the development of firearms that
    recognize their owner. The office also is charged with funding the
    creation of tools to help state and local law enforcement agencies
    thwart computer crime.
    
    The Department of Homeland Security law also creates a Directorate for
    Information Analysis and Infrastructure Protection that is charged
    with analyzing vulnerabilities in systems including the Internet,
    telephone networks and other critical infrastructures, and orders the
    creation of a "comprehensive national plan for securing the key
    resources and critical infrastructure of the United States" including
    information technology, financial networks and satellites.
    
    The law also...
    
    * requires all federal agencies, including the CIA, the Defense 
      Department and the National Security Agency, to provide the new 
      department with any "information concerning the vulnerability of the 
      infrastructure of the United States;" 
    
    * punishes any department employee with one year in prison for 
      disclosing details that are "not customarily in the public domain" 
      about critical infrastructures; 
    
    * creates a privacy representative and a civil liberties officer to 
      ensure that the department follows reasonable "privacy protections 
      relating to the use, collection and disclosure of personal 
      information;" 
    
    * allows the department to create a national corps of volunteers to 
      "assist local communities to respond and recover from attacks on 
      information systems and communications networks." 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 02:24:09 PST