Feeds

US net snooping plans debunked

FIDNET not a threat after all. Well, not yet, anyway...

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Terror spread across the Net on Thursday when New York Times correspondent John Markoff broke the Big Story: a National Security Council draft proposal will put the FBI in control of "a sophisticated software system to monitor activities on non-military Government networks, and a separate system to track networks used in crucial industries." Ghastly. The body to be created will be called the Federal Intrusion Detection Network, or FIDNET. Big Brother by another name, no doubt. Libertarian alarmists and conspiracy paranoiacs dropped their daily meds and rose angrily, if unsteadily, to arms. "The plan... specifies that the data [FIDNET] collects will be gathered at the National Infrastructure Protection Center (NIPC), an interagency task force housed at the Federal Bureau of Investigation," the Times went on, adding that "the plan strikes at the heart of a growing controversy over how to protect the nation's computer systems while also protecting civil liberties -- particularly since it would put a new and powerful tool into the hands of the FBI." But it so happens that The Register has its own copy of the draftt proposal, and unlike the New York Times, we've actually read ours. Let's just have a peek at the text. The first observation we make is that the text states plainly, "the GSA (General Services Administration) is responsible for establishing the FIDNET Program Office: this includes creating an interagency management team from the defence, intelligence, technical, legal, and law-enforcement communities." According to our reading, FBI's NIPC team will come in later, when FIDNET data gathered by the GSA suggest criminal activity. Again we take the unconventional approach of consulting the text: "FIDNET will provide raw/filtered data from network sensors and the Federal Computer Incident Response Capability. NIPC will continue to be responsible for further data processing." We remain at a loss to explain why the NYT reported that FIDNET would "put a new and powerful tool into the hands of the FBI." On the contrary, it appears that the Bureau's NIPC will be a tool of the GSA, if and when it decides the government has been cracked. Michael Vadis, FBI's Director of NIPC, made it clear during testimony to the Senate Y2K Committee yesterday that the FBI will respond only where there is evidence of a federal crime. The only language we found in any way alarming was, "FIDNET will interface with the currently planned intrusion detection systems being developed for DOD (Department of Defence) and national security agencies." We didn't quite know what the pseudo-verb "interface" was intended to mean, but we know that American law enforcement and the military are forbidden to do a great deal in the way of "interfacing". As the very existence of America's Act of Posse Comitatus indicates a history of some difficulty in distinguishing between civil and military purviews, this little snippet naturally raised our eyebrows. On this matter the Department of Justice computer crimes division declined to be helpful. The level of interdependence between military and non-military bodies being contemplated is indeed a controversial issue, but it seems unlikely that the final product will initiate military involvement in civilian affairs enough to invite a popular backlash. Elections are coming up, after all; and the FIDNET system will present itself as a tempting target for cyberterrorists if its management becomes odious, thereby having the ironic effect of decreasing security for government systems. Assuming that the language of the proposal does get tidied up a bit, we can expect a much softer line in reference to DOD's role in FIDNET. This still leaves the matter of DOD participation in case of an emergency. The president is permitted by law to suspend the Act of Posse Comitatus in difficult circumstances, such as insurrection, mayhem in the streets, foreign invasion, or those the Y2K rollover might possibly present. A further bit of constitutional intrigue will undoubtedly emerge if a foreign military organization should attack a US civilian network related to banking, energy, transportation or some other essential service. It does not necessarily follow that the DOD would need access to civilian networks in order to reply on behalf of the USA. Vadis for one thinks an organised attack is inevitable. He declined to go into specifics, but left us with the strong impression that hostile military bodies overseas are developing the means to disable military, government and civilian networks remotely via an internet-based attack. Clinton's National Security Advisor, Sandy Berger, said on Thursday that there exist "governments that we know are developing systems to get access to our computer systems." Not an especially comforting thought. "We know that, in fact... there have been intrusions into sensitive systems," Berger added. Whether or not such an attack is being planned, it is certain that the US government expects one. We wonder if the increased level of connection among government systems needed for FIDNET to monitor them effectively might not lead to increased vulnerability. Whether it happens, or when it happens, it is sure to be a jurisdictional nightmare; and the FIDNET proposal does foreshadow that confusion with its own vague language. A crucial point here is that the proposal leaked to us is in draft form and now seven weeks old. The Register's contact on the White House National Security Council, who goes by the name of "an administration official," made it clear that the final draft will not be ready for submission to the President until September at the earliest. The FIDNET document is at present quite fluid, and on its way past numerous reviewers including the Department of Justice computer crimes division, the General Services Administration, the Department of Defence, the National Security Council and the FBI. Furthermore, our source at NSC tells us, the proposal currently being circulated does address and tighten up the unfortunately vague "interface" language. The level of involvement between DOD and non-military government agencies is intended to be little more than an advisory relationship and a sharing of new quirks, bugs and attack techniques much as "one police department might share tips with another in a different jurisdiction." The language which led to an assumption by many that FIDNET might one day monitor private-sector networks is also being clarified. NSC says that there will not be even an opt-in programme for private users to voluntarily choose such monitoring. FIDNET will, however, share its tricks with private enterprise, and leave it to them to implement what it chooses, on its own nickel. The Register will report fully and eagerly on the specific changes to the FIDNET proposal as soon as the latest version is leaked. It might actually make sense to withhold judgment on the piece until after it's been reviewed and polished. Just a thought. ®

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.