Report: White House's cyberdefense too close for comfort

The Clinton administration’s efforts to fight cyberterrorism could infringe on the
civil liberties of citizens, a privacy advocate has charged.


The recommendations of the President’s Commission on Critical Infrastructure
Protection (PCCIP) constitute “a proposal to extend the reach of law enforcement, to
limit the means of government accountability, and to transfer more authority to the world
of classification and secrecy. These proposals are more of a threat to our system of
ordered liberty than any single attack on our infrastructure could ever be,” said
Marc Rotenberg, executive director of the Electronic Privacy Information Center of
Washington.


EPIC last month issued a 54-page report detailing its objections to PCCIP
recommendations. The report noted that although PCCIP concluded there was no evidence
of an impending cyberattack, the administration nevertheless recommended a new security
bureaucracy with expansive authority.


“If not properly monitored and controlled, these new national security structures
… may … be used by the government and private corporations to further erode the
privacy of U.S. and foreign citizens,” the report said.


The EPIC report is critical of efforts by the National Security Agency and other
intelligence agencies to broaden their responsibilities from international intelligence to
domestic computer security.


“NSA will be the de facto security czar,” said Wayne Madsen, senior fellow at
EPIC and the principle author of the report, Critical Infrastructure Protection and the
Endangerment of Civil Liberties: An Assessment of the President’s Commission on
Critical Infrastructure Protection.


Rather than finding new ways to fight cyberterrorism, PCCIP relied on the failed
methods of the past, Rotenberg said, by pushing key-escrow plans despite widespread
objections from the private sector, technical experts and foreign governments.


The Clinton administration accepted many of the PCCIP recommendations [GCN, June 27, Page 6]. In May, Clinton issued Presidential
Decision Directive 63 assigning agencies to oversee efforts to secure the nation’s
critical infrastructure, including parts operated by the private sector. At the same time,
Clinton named Richard Clarke as the national coordinator for security, critical
infrastructure and counterterrorism.


The administration has also stepped up efforts to increase agency security. The
directive required 14 agencies to file vulnerability reports this month [GCN, Oct. 19, Page 3].


“We think we can defend computer systems without encroaching on privacy
rights,” Clarke said.


Elizabeth Rindskopf, an attorney with Bryan Cave LLP of Washington and former CIA
general counsel, said the EPIC report “does more harm than good.”


The EPIC report is available on the organization’s Web site at
http://www.epic.org.  

inside gcn

  • cloud environment

    Microsoft brings Azure Stack to Government Cloud

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above