[iwar] [fc:Bush.supports.limits.on.disclosing.details.of.hacking]

From: Fred Cohen (fc@all.net)
Date: 2001-10-20 07:02:48
Next message: Fred Cohen: "[iwar] [fc:New.focus.on.infrastructure.protection.emerging]"
Previous message: Fred Cohen: "[iwar] [risks] Risks Digest 21.70 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110201402.f9KE2m013381@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Sat, 20 Oct 2001 07:02:48 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Bush.supports.limits.on.disclosing.details.of.hacking]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Bush supports limits on disclosing details of hacking 
By Ted Bridis, Associated Press, 10/19/2001
<a href="http://www.nandotimes.com/technology/story/147053p-1435336c.html">http://www.nandotimes.com/technology/story/147053p-1435336c.html>

WASHINGTON (October 18, 2001 9:39 p.m.  EDT) - An administration expert
in computer security confirmed Thursday that the White House will
support proposals to withhold details about electronic attacks against
the nation's most important computer networks. 

The proposed changes, meant to encourage corporate victims of hackers to
report crimes, would restrict government agencies' disclosures about
attacks under the Freedom of Information Act.  The proposal seeks to
overcome traditional reluctance by industries, especially technology, to
reveal potentially embarrassing details without fear of disclosure. 

In a letter to the chairman of the National Security and
Telecommunications Advisory Committee, President Bush said he will
"support a narrowly crafted exception ...  to protect information about
corporations' and other organizations' vulnerabilities to information
warfare and malicious hacking."

Bush sent the letter three weeks ago to Daniel Burnham, chairman of
Raytheon Co., who heads the advisory committee.  The Associated Press
obtained the letter Thursday. 

John Tritak, director of the federal Critical Infrastructure Assurance
Office, confirmed during a Thursday speech to technology executives the
administration's support for such a "narrowly crafted" exemption to the
information act.  Tritak cautioned that any change must be "fully
protective of open government and privacy."

Other officials, including Ron Dick, director of the FBI's National
Infrastructure Protection Center, privately have expressed support for
an FOIA exemption to encourage broader sharing of threat information
between industries and the government. 

"This is a much stronger, more-clear message from the administration,"
said Harris Miller, head of the Information Technology Association of
America, a trade group that supports the new limits. 

Support by President Bush marks a shift from the Clinton administration,
which said existing restrictions on FOIA disclosures were adequate for
protecting sensitive corporate information. 

In a different move to limit information available under the U.S. 
information law, Attorney General John Ashcroft ordered federal agencies
this week to review more closely which documents they release. 
Ashcroft's new policy allows officials to withhold information on any
"sound legal basis." Under looser policies issued in 1993, agencies
could hold back information to prevent "foreseeable harm." Ashcroft
cited the Sept.  11 terrorist attacks against New York and Washington as
reasons for the change. 

Currently, Sens.  Robert Bennett, R-Utah, and Jon Kyl, R-Ariz., and
Reps.  Tom Davis, R-Va., and James Moran, D-Va., have introduced bills
to limit government disclosures about hacking attacks. 

"If you do not pass this bill, industry will not tell government" about
hacking incidents against important networks, Bennett said Thursday. 

President Bush responded with support for the new FOIA exemption after a
request from Raytheon's Burnham over the summer on behalf of the
telecommunications advisory committee.  Burnham wrote that "barriers to
sharing (information) must be removed" and asked the president also to
limit legal liabilities facing companies that make such disclosures. 

Burnham's letter to Bush was originally obtained this week by the
Washington-based Electronic Privacy Information Center, which contends
that existing limits under the information law are adequate to
protecting disclosures about hacking attacks. 

EPIC lawyer David Sobel charged Thursday that technology companies want
liability protections for hardware and software products that might be
flawed in ways that could allow security breaches.  "Most of us have
concluded that companies really want the ability to unload this
information on the government, then wash their hands of it," Sobel said. 

A White House official, who asked not to be identified, said Bush has
not committed to supporting any liability limits. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:New.focus.on.infrastructure.protection.emerging]"
Previous message: Fred Cohen: "[iwar] [risks] Risks Digest 21.70 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST