FC: White House plans to propose Total Internet Monitoring plan

From: Declan McCullagh (declanat_private)
Date: Fri Dec 20 2002 - 03:36:00 PST

  • Next message: Declan McCullagh: "FC: Great idea for 802.11 security tool: Emails the insecure"

    ---
    
    From: "Danny Yavuzkurt" <ayavuzkat_private>
    To: <declanat_private>
    Subject: The other shoe drops: White House now proposing centralized 
    Internet monitoring
    Date: Fri, 20 Dec 2002 05:03:53 -0500
    
    http://www.nytimes.com/2002/12/20/technology/20MONI.html
    White House to Propose System for Wide Monitoring of Internet
    
    Aha.. so, we wondered what good TIA will be without good databases, and with
    the commercial databases so lacking in accuracy and realtime data?.. well,
    according to a report recently finalized by the Critical Infrastructure
    Protection Board, called, naturally, "The National Strategy to Secure
    Cyberspace," the solution isn't to use just 'existing databases' as IAO was
    claiming, but creating new, larger databases out of all the network traffic
    in the country (along with the building of a huge national 'network
    operations center,' presumably to store the petabytes of data such a system
    might conceivably accumulate.. that is, if they're actually going to be
    archiving net traffic and datamining it, which I would assume is their
    goal..)
    
    The article doesn't specifically mention IAO or TIA, but it's transparently
    obvious to me that the Bush administration knows exactly what's going on
    with DARPA and IAO, are probably actively sponsoring them, and intends to
    make it easier than ever for them to monitor and store surveillance data on
    everyone who uses the internet, in addition to all the other databases
    they'd have centralized archives of.. I'm betting that unless there's a
    large-scale public outcry against this kind of large-scale government
    intrusion, we'll see *all* ISPs (except possibly for BBSes, etc, which would
    of course still be monitored through the phone companies..) forced to
    register, keep records, and install government surveillance equipment - so,
    in effect, there could soon be no privacy from the government's prying eyes
    for any unencrypted data on the net, warrant or not..
    
    In fact, I see in all of these 'security' proposals not a genuine interest
    in protecting the citizenry from harm, but instead a massive power grab by
    the executive branch, pushing the courts (which will no longer be consulted
    for warrants, apparently, except possibly as a symbolic gesture), and of
    course the legislature (which is *supposed* to handle any new laws and
    regulations, *especially* those which clearly violate guidelines set by past
    laws), to the sidelines.  It seems the "Patriot" act has in effect
    authorized the president and his henchmen to do whatever they want, whenever
    they want, and wave the flag of 'national security' and 'the war on terror'
    whenever anyone questions them, dooming anyone who dares make a peep to
    political suicide - whenever we turn on the TV, what's the first opinion the
    media seeks on *any* new political or legal issue?.. Bush's.  They've set
    the guy on a pedestal where he apparently decides the fate of every
    government employee, from the peons to the Senators (like Lott, who seems to
    be breathing easier now that the White House has said it won't press for his
    resignation.. as if the White House had any authority to fire members of the
    Senate!.. not that he's a good senator, but the implied authority of the
    Presidency is starting to smack of monarchy..)
    
    Anyway, until we mortals are permitted to see the full report ourselves
    (long after the government makes its decision on it, of course, that's
    always the way it is.. you only know after it already applies to you..), we
    can only go on what these unnamed sources say of what they've seen of the
    report.. and it already doesn't look good.. sure, they say in the article
    that the proposal is only meant to gauge the 'overall' state of the
    network.. there's nothing to stop them from using these potential
    uber-Carnivore boxes to scan whatever they want, down to the packet level..
    encryption may become a necessity, soon.. until it's outlawed, of course, or
    keys are legally required to be 'registered' with the government.. little by
    little, they slip the thin end of the crowbar in the door of freedom, always
    claiming they'll stop after just a little more.. but once they've wedged it
    in there far enough, there'll be nothing to stop them from breaking it in.
    
    -Danny
    
    Article text follows:
    
    December 20, 2002
    White House to Propose System for Wide Monitoring of Internet
    By JOHN MARKOFF and JOHN SCHWARTZ
    
    The Bush administration is planning to propose requiring Internet service
    providers to help build a centralized system to enable broad monitoring of
    the Internet and, potentially, surveillance of its users.
    
    The proposal is part of a final version of a report, "The National Strategy
    to Secure Cyberspace," set for release early next year, according to several
    people who have been briefed on the report. It is a component of the effort
    to increase national security after the Sept. 11 attacks.
    
    The President's Critical Infrastructure Protection Board is preparing the
    report, and it is intended to create public and private cooperation to
    regulate and defend the national computer networks, not only from everyday
    hazards like viruses but also from terrorist attack. Ultimately the report
    is intended to provide an Internet strategy for the new Department of
    Homeland Security.
    Such a proposal, which would be subject to Congressional and regulatory
    approval, would be a technical challenge because the Internet has thousands
    of independent service providers, from garage operations to giant
    corporations like American Online, AT&T, Microsoftand Worldcom.
    
    The report does not detail specific operational requirements, locations for
    the centralized system or costs, people who were briefed on the document
    said.
    While the proposal is meant to gauge the overall state of the worldwide
    network, some officials of Internet companies who have been briefed on the
    proposal say they worry that such a system could be used to cross the
    indistinct border between broad monitoring and wiretap.
    
    Stewart Baker, a Washington lawyer who represents some of the nation's
    largest Internet providers, said, "Internet service providers are concerned
    about the privacy implications of this as well as liability," since
    providing access to live feeds of network activity could be interpreted as a
    wiretap or as the "pen register" and "trap and trace" systems used on phones
    without a judicial order.
    Mr. Baker said the issue would need to be resolved before the proposal could
    move forward.
    
    Tiffany Olson, the deputy chief of staff for the President's Critical
    Infrastructure Protection Board, said yesterday that the proposal, which
    includes a national network operations center, was still in flux. She said
    the proposed methods did not necessarily require gathering data that would
    allow monitoring at an individual user level.
    
    But the need for a large-scale operations center is real, Ms. Olson said,
    because Internet service providers and security companies and other online
    companies only have a view of the part of the Internet that is under their
    control.
    
    "We don't have anybody that is able to look at the entire picture," she
    said. "When something is happening, we don't know it's happening until it's
    too late."
    The government report was first released in draft form in September, and
    described the monitoring center, but it suggested it would likely be
    controlled by industry. The current draft sets the stage for the government
    to have a leadership role.
    
    The new proposal is labeled in the report as an "early-warning center" that
    the board says is required to offer early detection of Internet-based
    attacks as well as defense against viruses and worms.
    But Internet service providers argue that its data-monitoring functions
    could be used to track the activities of individuals using the network.
    An official with a major data services company who has been briefed on
    several aspects of the government's plans said it was hard to see how such
    capabilities could be provided to government without the potential for
    real-time monitoring, even of individuals.
    
    "Part of monitoring the Internet and doing real-time analysis is to be able
    to track incidents while they are occurring," the official said.
    The official compared the system to Carnivore, the Internet wiretap system
    used by the F.B.I., saying: "Am I analogizing this to Carnivore? Absolutely.
    But in fact, it's 10 times worse. Carnivore was working on much smaller
    feeds and could not scale. This is looking at the whole Internet."
    One former federal Internet security official cautioned against drawing
    conclusions from the information that is available so far about the Securing
    Cyberspace report's conclusions.
    
    Michael Vatis, the founding director of the National Critical Infrastructure
    Protection Center and now the director of the Institute for Security
    Technology Studies at Dartmouth, said it was common for proposals to be cast
    in the worst possible light before anything is actually known about the
    technology that will be used or the legal framework within which it will
    function.
    "You get a firestorm created before anybody knows what, concretely, is being
    proposed," Mr. Vatis said.
    
    A technology that is deployed without the proper legal controls "could be
    used to violate privacy," he said, and should be considered carefully.
    But at the other end of the spectrum of reaction, Mr. Vatis warned, "You end
    up without technology that could be very useful to combat terrorism,
    information warfare or some other harmful act." 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q=declan
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:00:57 PST