Return-Path: <sentto-279987-4333-1011281904-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 17 Jan 2002 07:40:08 -0800 (PST) Received: (qmail 12753 invoked by uid 510); 17 Jan 2002 15:38:31 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by all.net with SMTP; 17 Jan 2002 15:38:31 -0000 X-eGroups-Return: sentto-279987-4333-1011281904-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.162] by n15.groups.yahoo.com with NNFMP; 17 Jan 2002 15:37:52 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 17 Jan 2002 15:38:24 -0000 Received: (qmail 85287 invoked from network); 17 Jan 2002 15:38:21 -0000 Received: from unknown (216.115.97.172) by m8.grp.snv.yahoo.com with QMQP; 17 Jan 2002 15:38:21 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta2.grp.snv.yahoo.com with SMTP; 17 Jan 2002 15:38:20 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0HFcMg14048 for iwar@onelist.com; Thu, 17 Jan 2002 07:38:22 -0800 Message-Id: <200201171538.g0HFcMg14048@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 17 Jan 2002 07:38:20 -0800 (PST) Subject: [iwar] [fc:Industry.counters.criticism.of.cybersecurity.info-sharing.bills] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Industry counters criticism of cybersecurity info-sharing bills By Drew Clark, National Journal's Technology Daily, 1/16/02 <a href="http://www.govexec.com/dailyfed/0102/011502td1.htm">http://www.govexec.com/dailyfed/0102/011502td1.htm> The heads of eight technology and other industry groups seeking legislation designed to spur the disclosure of cybersecurity information are pushing the Bush administration to play a more active role in supporting the measure. In a letter late last year to President Bush, the groups--which include the U.S. Chamber of Commerce, Americans for Computer Privacy, the Information Technology Association of America and the National Association of Manufacturers--attempted to counter what they termed "misunderstandings of the legislation by some critics." Groups that favor open public records and defend civil liberties have protested the pair of bills, S. 1456 and H.R. 2435, each of which would grant businesses exemptions from the Freedom of Information Act (FOIA), antitrust prosecution and lawsuits that could stem from the voluntary disclosure of cybersecurity information to regulatory and enforcement agencies. In December, more than a dozen environmental groups joined in that criticism and sent a letter to senators arguing that the bill "does not fulfill its stated purpose of protecting critical infrastructure information." Instead, they said it would profoundly undermine the ability of the Environmental Protection Agency to sue polluters and argued that Congress should not append the bill to other legislation, a strategy being pondered by bill sponsors, without a hearing. The bill would apply to information about power plants' physical, as well as cyber, security. But technology industry groups have been nonplussed at criticisms of the measure, arguing that the scenarios critics imagine are far-fetched and extremely unlikely. "This legislative package has only to do with disclosure of computer-attack data and critical infrastructure protection," read the letter, addressing the environmental groups' criticisms. "Normal regulatory information-gathering will proceed unimpeded, as it should." The executives also argued that even though they believe existing FOIA law would protect cyber-attack information provided to the federal government from further disclosure, the risk that a judge could rule against them and mandate its disclosure under FOIA was "unacceptably high. Corporations should not be required to accept such risks, or the costs of litigation, when reporting significant cyber events in an attempt to protect the public interest." The White House is "supportive in concept, but we haven't had any indication that they are supportive of the specific language," said Joe Rubin, director of congressional affairs for the U.S. Chamber of Commerce. "So we are working with them to get support for specific language." The letter also outlines why the legislation's antitrust exemption would facilitate information sharing within industry. Although the Justice Department already has said that businesses' cooperation with Information Sharing and Analysis Centers (ISACs) does not violate the law, a change is necessary to protect corporations that participate rather than the ISAC itself. The letter also was signed by the heads of the Edison Electric Institute, the Financial Services Roundtable and the Internet Security Alliance, a partnership of the Electronic Industries Alliance at Carnegie Mellon University's Software Engineering Institute and its CERT Coordination Center. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST