[ISN] A Push From Homeland Security

From: InfoSec News (isnat_private)
Date: Tue Jul 01 2003 - 04:12:00 PDT

  • Next message: InfoSec News: "[ISN] Updated C4I.org page and call for donations..."

    http://www.nytimes.com/2003/06/30/technology/30NECO.html
    
    By STEVE LOHR
    June 30, 2003 
    
    ROBERT LISCOUSKI left his job as the head of information security at
    Coca-Cola three months ago to join a start-up. "I refer to it as
    DHS.com, and that's probably a good way to think about it," he said.
    
    The pace of work is frenetic, the organization is being built from the
    ground up, and, like a dot-com in the euphoria years, the new
    Department of Homeland Security - the DHS in Mr. Liscouski's locution
    - will have some serious money to spend.
    
    Mr. Liscouski, an assistant secretary at the department, who spoke at
    a conference last Wednesday, hit a nerve with his analogy. The
    computer executives at the gathering in Washington were suitably
    amused, nodding and smiling - wistfully no doubt. Nothing, of course,
    will bring back the dot-com heyday. But to much of Silicon Valley, the
    government's mandate to improve homeland security looks as if it could
    be the next-best thing - a technology push, stimulated by government,
    that is expected to create a lucrative market in computer hardware and
    software for surveillance, data collection, data analysis and
    cybersecurity.
    
    The government is shopping for high-technology tools capable of
    finding terrorists and defending against cyberattacks on the computer
    networks that run the nation's financial, transportation and
    communications systems.
    
    Dependence on the private sector was the mantra of the Bush
    administration officials who spoke at the conference, "Information
    Technology Leadership in a Security-Focused World." The gathering was
    sponsored by the Information Technology Industry Council, a trade
    organization, and the Center for Strategic and International Studies,
    a research group.
    
    As Paul Kurtz, the special assistant to the president on the White
    House Homeland Security Council, said at the conference, "We will take
    the best and brightest ideas in the private sector and apply them to
    homeland security."
    
    That stance is probably less a political philosophy than a pragmatic
    recognition of the technical realities of homeland security. About 85
    percent of the computers and networks connected to the Internet, for
    example, are owned and operated by companies.
    
    "The systems are designed and owned by the private sector," said Adam
    Golodner, an associate director at the Institute for Security
    Technology Studies at Dartmouth College. "That's a very different
    world from traditional defense, where if the Pentagon wants a new
    strike-force bomber it is totally built to the government's
    specifications."
    
    Yet relying so much on the industry for both equipment and ideas
    raises a policy issue. As the government and private sector adopt a
    dot-com enthusiasm for the "best and brightest" security technologies,
    will both sides lose perspective on what is truly in the public
    interest?
    
    There is a tension, for example, between the interests of homeland 
    security and personal privacy. Security and personal privacy are not 
    necessarily at odds; an individual's financial transactions over the 
    computer networks of modern banking systems, for instance, cannot be 
    private unless they are secure.
    
    Still, the drive toward homeland security seems fraught with privacy 
    peril. One broad approach being explored for improving security 
    involves collecting vast sets of personal information in computer 
    databases, then sorting and analyzing the data to look for suspicious 
    activities and possible terrorists.
    
    The optimistic view is that technology can sidestep any trade-off 
    between homeland security and personal privacy. "Information 
    technology will be a force for more security and more privacy, a force 
    for greater security and greater individual freedom," Bill Gates, the 
    chairman of Microsoft, said in a luncheon speech at the conference.
    
    Not everyone in attendance was convinced. "What he said is fine for 
    rhetoric, but I'm not sure it's true," said Lance J. Hoffman, a 
    computer scientist and security expert at George Washington 
    University.
    
    One concern, Mr. Hoffman said, is that the national effort to improve 
    homeland security will mean that all the investment and research goes 
    into computer security, while the privacy implications are given short 
    shrift. To prevent that, he advocates public investment on both sides 
    of the security-privacy ledger.
    
    As a possible model, Mr. Hoffman points to the National Human Genome 
    Research project. The government sets aside part of the project's 
    annual budget, 3 percent to 5 percent, for a research program into the 
    ethical, legal and social implications of genetic research.
    
    "In the short-term drive to improve security, we want to make sure 
    that whatever we do is consistent with a long-term balancing point of 
    preserving civil rights," Mr. Hoffman said. "You want those kinds of 
    decisions to have been considered and thought through."
    
    Speaking at the conference, John J. Hamre, the president of the Center 
    for Strategic and International Studies, made a somewhat different 
    argument for trying to strike a balance in homeland security policy. A 
    former deputy secretary of defense, Mr. Hamre said that there was no 
    complete answer to all security threats, so there were limits to what 
    technology could be expected to do.
    
    At the conference, industry executives spoke highly of the raft of 
    technologies that can and are being deployed in the quest for homeland 
    security - data-sifting software, artificial intelligence, probability 
    theory, iris recognition and digital-video surveillance gear. And most 
    people emphasized the need for clever software to integrate the 
    computer networks of federal, state and local law enforcement 
    agencies, so they can share information more easily.
    
    That is all potentially useful, Mr. Hamre said, but he added that the 
    effort to gather and sift through oceans of data might be misguided. 
    The appropriate metaphor for domestic surveillance, he said, was the 
    old one of looking for a needle in a haystack. By piling up the data, 
    "we're adding more hay to the stack," Mr. Hamre said.
    
    Before trying to integrate the thousands of federal, state and local 
    computer systems, Mr. Hamre said, it might be wise to spell out 
    clearer rules for sharing information on the roughly 40,000 people on 
    terrorist "watch lists" among the federal agencies that keep those 
    lists.
    
    "The problem is terrorists," Mr. Hamre said, "not lack of 
    information." 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 06:32:44 PDT