Report: White House's cyberdefense too close for comfort

The Clinton administration’s efforts to fight cyberterrorism could infringe on the
civil liberties of citizens, a privacy advocate has charged.

The recommendations of the President’s Commission on Critical Infrastructure
Protection (PCCIP) constitute “a proposal to extend the reach of law enforcement, to
limit the means of government accountability, and to transfer more authority to the world
of classification and secrecy. These proposals are more of a threat to our system of
ordered liberty than any single attack on our infrastructure could ever be,” said
Marc Rotenberg, executive director of the Electronic Privacy Information Center of

EPIC last month issued a 54-page report detailing its objections to PCCIP
recommendations. The report noted that although PCCIP concluded there was no evidence
of an impending cyberattack, the administration nevertheless recommended a new security
bureaucracy with expansive authority.

“If not properly monitored and controlled, these new national security structures
… may … be used by the government and private corporations to further erode the
privacy of U.S. and foreign citizens,” the report said.

The EPIC report is critical of efforts by the National Security Agency and other
intelligence agencies to broaden their responsibilities from international intelligence to
domestic computer security.

“NSA will be the de facto security czar,” said Wayne Madsen, senior fellow at
EPIC and the principle author of the report, Critical Infrastructure Protection and the
Endangerment of Civil Liberties: An Assessment of the President’s Commission on
Critical Infrastructure Protection.

Rather than finding new ways to fight cyberterrorism, PCCIP relied on the failed
methods of the past, Rotenberg said, by pushing key-escrow plans despite widespread
objections from the private sector, technical experts and foreign governments.

The Clinton administration accepted many of the PCCIP recommendations [GCN, June 27, Page 6]. In May, Clinton issued Presidential
Decision Directive 63 assigning agencies to oversee efforts to secure the nation’s
critical infrastructure, including parts operated by the private sector. At the same time,
Clinton named Richard Clarke as the national coordinator for security, critical
infrastructure and counterterrorism.

The administration has also stepped up efforts to increase agency security. The
directive required 14 agencies to file vulnerability reports this month [GCN, Oct. 19, Page 3].

“We think we can defend computer systems without encroaching on privacy
rights,” Clarke said.

Elizabeth Rindskopf, an attorney with Bryan Cave LLP of Washington and former CIA
general counsel, said the EPIC report “does more harm than good.”

The EPIC report is available on the organization’s Web site at  


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected