A new bill has been passed in the US which gives the government watchdog powers over the Net
A massive new bureaucracy will play a major role in securing software, hardware and the Net
The overwhelming vote by the Senate on Tuesday approving a Homeland Security Department has cleared the way for massive reorganisation of the federal government that will have a dramatic impact on computer and network security in the US.
The bill -- which sets the stage for the largest federal reorganisation since the Defence Department was formed in 1947 -- does more than reshuffle government agencies. It gives the government a major role in securing operating systems, hardware and the Internet, including allowing for more police surveillance of the Net; punishing malicious computer hackers with up to life in prison; establishing a national clearinghouse for computer and network security work; and spending at least half a billion dollars a year for homeland security research.
President Bush is expected to sign the bill by the end of the month. "The United States Congress has taken a historic and bold step forward to protect the American people by passing legislation to create the Department of Homeland Security," Bush said after the vote. "This landmark legislation, the most extensive reorganisation of the federal government since the 1940s, will help our nation meet the emerging threats of terrorism in the 21st century."
Attorney General John Ashcroft heralded the Senate's 90-9 vote for the massive new bureaucracy, which combines about 170,000 employees from 22 existing agencies, as beginning "a new era of cooperation and coordination in the nation's homeland defence."
Earlier on Tuesday, the Senate voted 52-47, largely along party lines, to reject Democratic amendments to the bill.
The final bill prohibits the Justice Department's proposed citizen-informant program called TIPS (Terrorist Information and Prevention System) and rejects "the development of a national identification system or card." But privacy advocates and civil libertarians remain worried about the negative consequences of such a sweeping reorganisation of law enforcement functions with little oversight.
In a statement calling for more supervision of law enforcement practices, the Centre for Democracy and Technology said the plan "raises serious concerns about the privacy of Americans" by granting the government "substantial -- and potentially invasive -- authorities to compile, analyse and mine the personal information of millions of Americans".
Technology companies, on the other hand, praised the plan, which promises to be a cash cow for businesses that develop security products.
AeA, a trade group representing technology companies, in particular applauded a provision that would require the government to focus on small businesses.
"Some of the most cutting-edge technologies are being developed in smaller firms, but we are frequently lost in the shadow of the big guys," Michele Wong, chief executive officer of Synergex and an AeA board member, said in a statement.
Meanwhile, Microsoft is one of many large technology companies looking to further expand its government contracts into the homeland security arena. The company has named a new internal federal director of homeland security to work with the government on information technology issues.
After the federal reorganisation is complete, the new department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection." Those are the FBI's National Infrastructure Protection Centre, the Defence Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis centre, and the Federal Computer Incident Response Centre.
Policing the Net
A last-minute addition to the bill last week, before the House approved it by a 299-121 vote, is the 16-page Cyber Security Enhancement Act. It stiffens prison terms for hackers, expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, and grants Internet providers more latitude to disclose information about subscribers to police.
Another addition, which was opposed by open-government activists and journalist groups, says that information businesses give the department that's related to "critical infrastructure" will not be subject to the Freedom of Information Act. That could include details on virus research, security holes in applications, or operating system vulnerabilities.
Included in the bill is a Homeland Security Advanced Research Projects Agency (HSARPA), modelled after the Defence Advanced Research Projects Agency, which will receive at least $500m (£323m) a year to fund the development of new technologies. According to the bill, HSARPA will "promote revolutionary changes in technologies that would promote homeland security, advance the development (of technologies), and accelerate the prototyping and deployment of technologies that would address homeland vulnerabilities".
The final version of the mammoth, 484-page bill also does the following:
* Establishes an office that is designed to become "the national focal point for work on law enforcement technology". Categories include computer forensics, tools for investigating computer crime, firearms that recognise their owner, and DNA identification technologies. The office also is charged with funding the development of tools to help state and local law enforcement agencies thwart computer crime.
* Creates a Directorate for Information Analysis and Infrastructure Protection that is charged with analysing vulnerabilities in systems including the Internet, telephone networks, and other critical infrastructures.
* Orders the creation of "a comprehensive national plan for securing the key resources and critical infrastructure of the United States" including information technology, financial networks and satellites.
* Requires all federal agencies, including the CIA, the Defence Department, and National Security Agency, to provide the new department with any "information concerning the vulnerability of the infrastructure of the United States."
* Punishes any department employee with one year in prison for disclosing details that are "not customarily in the public domain" about critical infrastructures.
* Creates a privacy representative and a civil liberties officer to ensure that the department follows reasonable "privacy protections relating to the use, collection and disclosure of personal information."
* Orders the department to provide technical assistance and confidential warnings of potential vulnerabilities to companies that operate "critical information systems."
* Allows the department to create a national corps of volunteers to "assist local communities to respond and recover from attacks on information systems and communications networks."
* Creates a Homeland Security Institute to perform systems analysis, risk analysis, and simulation and modelling to determine the vulnerabilities of critical infrastructures, including the Internet.
The nine senators who voted against the bill were Democrats Robert Byrd of West Virginia, Paul Sarbanes of Maryland, Daniel Akaka and Daniel Inouye of Hawaii, Edward Kennedy of Massachusetts, Russ Feingold of Wisconsin, Fritz Hollings of South Carolina, and Carl Levin of Michigan. Democratic-leaning independent James Jeffords of Vermont also opposed the bill.