http://www.nytimes.com/2003/06/30/technology/30NECO.html By STEVE LOHR June 30, 2003 ROBERT LISCOUSKI left his job as the head of information security at Coca-Cola three months ago to join a start-up. "I refer to it as DHS.com, and that's probably a good way to think about it," he said. The pace of work is frenetic, the organization is being built from the ground up, and, like a dot-com in the euphoria years, the new Department of Homeland Security - the DHS in Mr. Liscouski's locution - will have some serious money to spend. Mr. Liscouski, an assistant secretary at the department, who spoke at a conference last Wednesday, hit a nerve with his analogy. The computer executives at the gathering in Washington were suitably amused, nodding and smiling - wistfully no doubt. Nothing, of course, will bring back the dot-com heyday. But to much of Silicon Valley, the government's mandate to improve homeland security looks as if it could be the next-best thing - a technology push, stimulated by government, that is expected to create a lucrative market in computer hardware and software for surveillance, data collection, data analysis and cybersecurity. The government is shopping for high-technology tools capable of finding terrorists and defending against cyberattacks on the computer networks that run the nation's financial, transportation and communications systems. Dependence on the private sector was the mantra of the Bush administration officials who spoke at the conference, "Information Technology Leadership in a Security-Focused World." The gathering was sponsored by the Information Technology Industry Council, a trade organization, and the Center for Strategic and International Studies, a research group. As Paul Kurtz, the special assistant to the president on the White House Homeland Security Council, said at the conference, "We will take the best and brightest ideas in the private sector and apply them to homeland security." That stance is probably less a political philosophy than a pragmatic recognition of the technical realities of homeland security. About 85 percent of the computers and networks connected to the Internet, for example, are owned and operated by companies. "The systems are designed and owned by the private sector," said Adam Golodner, an associate director at the Institute for Security Technology Studies at Dartmouth College. "That's a very different world from traditional defense, where if the Pentagon wants a new strike-force bomber it is totally built to the government's specifications." Yet relying so much on the industry for both equipment and ideas raises a policy issue. As the government and private sector adopt a dot-com enthusiasm for the "best and brightest" security technologies, will both sides lose perspective on what is truly in the public interest? There is a tension, for example, between the interests of homeland security and personal privacy. Security and personal privacy are not necessarily at odds; an individual's financial transactions over the computer networks of modern banking systems, for instance, cannot be private unless they are secure. Still, the drive toward homeland security seems fraught with privacy peril. One broad approach being explored for improving security involves collecting vast sets of personal information in computer databases, then sorting and analyzing the data to look for suspicious activities and possible terrorists. The optimistic view is that technology can sidestep any trade-off between homeland security and personal privacy. "Information technology will be a force for more security and more privacy, a force for greater security and greater individual freedom," Bill Gates, the chairman of Microsoft, said in a luncheon speech at the conference. Not everyone in attendance was convinced. "What he said is fine for rhetoric, but I'm not sure it's true," said Lance J. Hoffman, a computer scientist and security expert at George Washington University. One concern, Mr. Hoffman said, is that the national effort to improve homeland security will mean that all the investment and research goes into computer security, while the privacy implications are given short shrift. To prevent that, he advocates public investment on both sides of the security-privacy ledger. As a possible model, Mr. Hoffman points to the National Human Genome Research project. The government sets aside part of the project's annual budget, 3 percent to 5 percent, for a research program into the ethical, legal and social implications of genetic research. "In the short-term drive to improve security, we want to make sure that whatever we do is consistent with a long-term balancing point of preserving civil rights," Mr. Hoffman said. "You want those kinds of decisions to have been considered and thought through." Speaking at the conference, John J. Hamre, the president of the Center for Strategic and International Studies, made a somewhat different argument for trying to strike a balance in homeland security policy. A former deputy secretary of defense, Mr. Hamre said that there was no complete answer to all security threats, so there were limits to what technology could be expected to do. At the conference, industry executives spoke highly of the raft of technologies that can and are being deployed in the quest for homeland security - data-sifting software, artificial intelligence, probability theory, iris recognition and digital-video surveillance gear. And most people emphasized the need for clever software to integrate the computer networks of federal, state and local law enforcement agencies, so they can share information more easily. That is all potentially useful, Mr. Hamre said, but he added that the effort to gather and sift through oceans of data might be misguided. The appropriate metaphor for domestic surveillance, he said, was the old one of looking for a needle in a haystack. By piling up the data, "we're adding more hay to the stack," Mr. Hamre said. Before trying to integrate the thousands of federal, state and local computer systems, Mr. Hamre said, it might be wise to spell out clearer rules for sharing information on the roughly 40,000 people on terrorist "watch lists" among the federal agencies that keep those lists. "The problem is terrorists," Mr. Hamre said, "not lack of information." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 06:32:44 PDT