Computer Crime Research Center

US defends Web security plan

A new plan to prevent cyberattacks has raised concerns that the US government will be prying into individuals' online activities

Efforts to bolster Internet security will not lead to increased government scrutiny of individuals' online habits, the White House and industry sources said late last week.

As it finalises sweeping guidelines that aim to increase cybersecurity, the Bush administration said individual privacy would not be affected by efforts to prevent cyberattacks.

"The administration is not considering a proposal to monitor what individuals do on the Internet," a spokesman for the transition to the newly created Department of Homeland Security said.

High-tech companies, meanwhile, said they would resist government efforts to get involved in the day-to-day operation of the global computer network.

In a set of preliminary guidelines released in September, the White House said high-tech companies that keep an eye on the Internet should combine their efforts and work with the government to better defend against computer viruses, worms and other cyberattacks.

The New York Times in its Friday edition reported the White House is planning a bigger government role in the proposed centre that could possibly lead to surveillance of individual users.

But high-tech sources who had been briefed on the updated plans said they were not aware of any such change, and White House cybersecurity czar Richard Clarke assured high-tech firms the government only wanted them to set up an "early warning system" to keep an eye on the health of the Internet.

"This early warning system would, if companies chose to create it, involve only highly aggregated information on the overall health of the Internet," Clarke said in a letter.

Internet infrastructure firms such as AT&T and VeriSign already maintain such "network operating centres" on their own, keeping an eye out for unusual spikes in traffic that may signal a denial-of-service attack similar to ones that have temporarily disabled high-profile sites like Yahoo! and the White House.

But such centres cannot open emails or otherwise monitor content, industry experts say; the system could not be used to ferret out members of al Qaeda or other militant groups.

The head of a high-tech trade group said government involvement in this system is not needed as these companies are already in constant communication with each other.

"They already do it just fine, they don't need government help," said Harris Miller, president of the Information Technology Association of America. "There are so many people monitoring the system that nothing's going to fall through the cracks."

The system may be more like highway traffic cameras that watch for accidents rather than individual police stops, but government involvement is still worrisome, said Stewart Baker, former general counsel to the National Security Agency, who now represents Internet service providers (ISPs).

"Even if they're only able to do the sorts of searches you'd expect a network operating center to be able to do, it still raises these questions," Baker said. "When do they leave the room?"

ISPs -- which do handle individual communications -- are not likely to cooperate with government surveillance efforts unless commanded by court order, an industry source said, because it would discourage people from using the Internet.

A spokesman for America Online said the company had not seen the revised guidelines and thus could not comment, but said the popular access provider would work to balance privacy with security.

Privacy experts said they were not familiar with the revised version of the security plan, which is expected to be released early next year.


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 0612 220-12-83

Rambler's Top100 Rambler's Top100