February 3, 2000 Web posted at: 9:59 a.m. EST (1459 GMT) by Jennifer Jones

From...

(IDG) -- Privacy advocates raised red flags before a U.S. Senate Judiciary Subcommittee looking into privacy implications of President Clinton's plan to safeguard critical systems against cyber attacks.

Critics of the plan charged specifically that the Clinton Administration is relying "too heavily on monitoring and surveillance" instead of simply focusing on making systems more secure, according to Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).

The Clinton Administration last month released its first "blueprint" for protecting critical government and private sector systems against hackers.

	MESSAGE BOARD
Insurgency

Called the National Plan for Information Systems Protection, the plan eventually will loop in critical systems for communications, transportation, and financial services.

"There is disagreement as to whether an intrusive, government-directed initiative that views computer security as almost solely defending 'our cyberspace' from foreign assault is the right way to go," Rotenberg said in prepared testimony.

EPIC officials especially took exception to the plan's inclusion of a Federal Intrusion Detection Network (FIDNET). Under the plan, a single government agency would be allowed to monitor communications across all federal networks.

Rotenberg argued that FIDNET would require notification to all users of federal systems, including government employees and the public, or would break various privacy statutes including wiretapping guidelines.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Network World Fusion home page

U.S. military launches cyber counter-offensive against people within the United States

Why does Clinton's defense plan feel wrong?

Hackers jump to their own defense

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

EPIC officials also said that the government's security policy overall has been inconsistent because it has prevented availability of some encryption and security tools. John Tritak, director of the President's Critical Infrastructure Assurance Office, however, countered that the plan, dubbed Version 1.0, is still in its preliminary stages.

"The plan is designated Version 1.0 and subtitled 'An Invitation to a Dialog' to indicate that it is still a work in progress and that a broader range of perspectives must be taken into account if the plan is truly to be national in scope and treatment," Tritak said.

Part of the unfolding plan calls for a partnership between Fortune 500 companies and all levels of government to work out details for safeguarding computers.

The U.S. Chamber of Commerce this month will hold an initial meeting on private sector contributions to and participation in the plan.

Privacy must play a key part in any efforts to hone details of the plan, Rotenberg warned.

"I urge you to proceed very cautiously. The government is just now digging itself out of the many mistakes that were made over the past decade with computer security policy. This is not the best time to be pushing an outdated approach to network security," Rotenberg said.