[ISN] Feds invoked national security to speed key Internet change

From: InfoSec News (isnat_private)
Date: Mon Dec 16 2002 - 03:19:58 PST

  • Next message: InfoSec News: "[ISN] All eyes on Total Info Awareness"

    http://www.siliconvalley.com/mld/siliconvalley/4750152.htm
    
    December 16, 2002   
    
    WASHINGTON (AP) - The Bush administration sped approval for moving one
    of the Internet's 13 traffic-management computers after a prominent
    technology company urged the government to ``declare some kind of
    national security threat and blow past the process,'' according to
    federal officials' e-mails.
    
    The correspondence provides a window into how U.S. corporations invoke
    national security to expedite business requests.
    
    In this case, the Commerce Department approved in just two days
    Verisign Inc.'s request at the end of October to move one of the 13
    computer servers that manage global Internet traffic. Verisign
    operates two of the world's ``root servers,'' which contain lists of
    directories that control e-mail delivery and Web surfing.
    
    The company's lobbyists had argued that waiting additional days or
    weeks for approval ``is a problem and could impact national
    security,'' according to e-mails among U.S. officials obtained by The
    Associated Press under the Freedom of Information Act.
    
    Leading technology experts and senior government officials said the
    change was appropriate to correct a poor design decision made five
    years earlier. They said holding off for days or weeks would not have
    jeopardized either national security or the Internet.
    
    Watchdog groups say it is an increasingly popular, and successful,
    argument for companies to claim requests need approval to avoid risks
    to national security.
    
    So far, it has helped win liability protection for airlines and
    pharmaceutical companies and financial help for insurance companies.
    
    ``It's become the mantra. Industries are using the national security
    threat to get a lot of regulations they want,'' said Larry Noble,
    executive director for the Center for Responsive Politics. ``The
    problem for government is to sort out the legitimate claims and what
    are cover stories.''
    
    Banks, utilities and technology companies warned Congress this year
    that they feared telling U.S. officials too much about their security
    problems because the information might be disclosed publicly and risk
    national security. The result: President Bush signed new exemptions
    from open records laws last month.
    
    The Commerce Department said it never had been convinced by Verisign's
    lobbying that national security would be threatened unless the server
    were moved quickly to a new location in northern Virginia to protect
    it better from natural disasters or hacker attacks. The last such
    change was in 1997.
    
    Commerce spokesman Clyde Ensslin said the department worked to approve
    the request ``as quickly as possible, but there was no known national
    security threat to the root server system and therefore no need to
    proceed on an emergency basis.''
    
    The department approved the decision two days after the request was
    presented through the Internet Corp. for Assigned Names and Numbers,
    an organization that oversees Web addresses. The change originally was
    to have taken place after some of the organization's top experts made
    recommendations in mid-November.
    
    With Verisign pressing, there was some confusion inside the Commerce
    Department, according to the e-mails.
    
    In one series of e-mails, the head of Commerce's National
    Telecommunications and Information Administration, Nancy Victory, and
    another NTIA official were reported to have spoken with a Verisign
    lobbyist on Oct. 30 and ``asked them to invoke the emergency
    procedures.''
    
    ``This will allow the change to happen ASAP,'' wrote Robyn Layton, the
    Commerce agency's associate administrator.
    
    Another Commerce employee at headquarters responded minutes later in
    an e-mail, asking: ``So, what does this mean -- invoke the emergency
    procedures? Do I have to do anything on this end?''
    
    This employee lamented a lack of instructions for making changes to
    the 13 most important computers managing the world's Internet traffic.  
    She followed up the next morning with another e-mail that ``things are
    under control once again.''
    
    The Commerce Department said Victory never approved emergency
    procedures as Verisign's lobbyists had sought.
    
    Verisign spokesman Brian O'Shaughnessy said the company ``never
    officially asked for emergency procedures.'' But a second spokesman,
    Tom Galvin, acknowledged, ``We really wanted it done as soon as it
    could be.''
    
    Several Commerce officials' e-mails describe a series of contacts from
    Verisign lobbyists making the plea for urgency.
    
    The company wants ``to push us to declare some kind of national
    security threat and blow past the process,'' one e-mail said. The
    subject line of another message described the company's ``request for
    immediate authority to effect address change.''
    
    One Commerce official predicted that Verisign's Washington lobbyist
    ``will call again today with the same `national security' concern he
    had before. ... If you want me to fend him off, then I need to know
    what to say.''
    
    Lobbying experts said companies must cautiously decide when to invoke
    national security.
    
    ``Any good lobbyist always tries to fairly and accurately represent
    his client's position and do so in a truthful way,'' said Wright
    Andrews, a former president of the American League of Lobbyists.  
    ``It's unethical and just plain dumb to go in and make a
    misrepresentation.''
    
    Vinton Cerf, board chairman for the ICANN organization, said the
    change was planned for months and that nothing in recent weeks -- not
    even an unusual hacker attack Oct. 21 against all 13 servers --
    justified special urgency.
    
    ``I do not think this was a consequence of the attack,'' Cerf said.
    
    ``I really don't think there was a national security issue,'' agreed
    Stephen Crocker of Bethesda, Md., an early Internet expert and head of
    an advisory committee on the security and stability of these 13
    computer servers. ``I think this was more a desire to make it happen
    and an opportunity to cut through some of the normal bureaucracy.''
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:57:36 PST