Return-Path: <sentto-279987-5055-1027791240-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 27 Jul 2002 10:37:09 -0700 (PDT) Received: (qmail 18106 invoked by uid 510); 27 Jul 2002 17:33:02 -0000 Received: from n30.grp.scd.yahoo.com (66.218.66.87) by all.net with SMTP; 27 Jul 2002 17:33:02 -0000 X-eGroups-Return: sentto-279987-5055-1027791240-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.201] by n30.grp.scd.yahoo.com with NNFMP; 27 Jul 2002 17:34:00 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 27 Jul 2002 17:34:00 -0000 Received: (qmail 21192 invoked from network); 27 Jul 2002 17:33:59 -0000 Received: from unknown (66.218.66.216) by m9.grp.scd.yahoo.com with QMQP; 27 Jul 2002 17:33:59 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 27 Jul 2002 17:34:00 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6RHaDo31260 for iwar@onelist.com; Sat, 27 Jul 2002 10:36:13 -0700 Message-Id: <200207271736.g6RHaDo31260@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 27 Jul 2002 10:36:12 -0700 (PDT) Subject: [iwar] [fc:Critics.Blast.IT.Loophole.in.Homeland.Security.Plan] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: Critics Blast IT Loophole in Homeland Security Plan By Brian Krebs washingtonpost.com Staff Writer Wednesday, July 24, 2002; 4:48 PM The White House proposal to create a Homeland Security department could allow corporate scofflaws to hide nefarious business activities from the public in the name of national security, critics warned today. The proposal would permit companies that own and operate critical computer systems to share information on network vulnerabilities and hacker attacks with federal investigators without fear that the data could be made public through Freedom of Information Act (FOIA) requests. The White House says it needs more cooperation from the private sector to identify and combat a flood of network attacks on government agencies, the military and the private sector. The administration believes that changing FOIA will encourage businesses to share that information. Opponents claim that such a change would allow companies to justify shielding nearly anything from public view, including the kinds of accounting and business practices that brought down Enron and WorldCom. They also say FOIA already bars the disclosure of information that reveals trade secrets, and that the new exemption amounts to an industry ploy to avoid liability for a range of corporate malfeasance. "The damage this exclusion could do is legion," said Rep. Janice Schakowsky (D-Ill.), ranking member of the House Government Reform subcommittee, which hosted a panel of administration officials today. "It astounds me that in a moment in history when transparency in business is in the headlines every day ... that we now want to offer a loophole big enough to drive any corporation and its secrets through," Schakowsky said. Schakowsky's sentiments have been echoed in recent weeks by consumer groups and scores of lawmakers on both sides of the aisle, including House Majority Leader Dick Armey (R-Texas). James X. Dempsey, deputy director for the Center for Democracy and Technology, charged that by dumping information with the Department of Homeland Security, companies could "shield vital health and safety information from the public, even if disclosure of the information would pose no threat whatsoever." The bill also would allow the administration to grant antitrust immunity to selected industries that voluntarily share vulnerability and attack information, Dempsey said. Administration officials defended the White House plan, saying the measures are needed to allow the government to respond quickly in the event of a concerted cyberterrorist attack on the nation's infrastructure. Ronald Dick, director of the FBI's National Infrastructure Protection Center, said that if private sector companies don't think the law is clear, then for all intents and purposes it is not. "We spend a good deal of time with the private sector trying to explain how current exemptions will protect the information they provide to us, but the problem is that if we're not able to convince them that (current FOIA) exemptions are adequate, that's still of concern to them." "Nobody intends this to become a mechanism by which people can foist their responsibilities off, or so that gross negligence can be buried in government," said John Tritak, director of the Commerce Department's Critical Infrastructure Assurance Office. "The real goal is to create an environment where dynamic information sharing is taking place and problems can be dealt with in real time." Scott Charney, chief security strategist for Microsoft Corp, said his company and many others fear that under current FOIA law, the hazy definition of what constitutes a "trade secret" would lead to endless litigation from FOIA seekers. Charney said Microsoft would almost certainly share more information with the federal government if the new exemptions were passed. "Does that mean if they pass a new FOIA exemption everyone shares every deepest and darkest secret? Probably not," he said. "Will it increase the flow of information? Yes." But Alan Paller, director of research for the SANS Institute, said most companies still won't share vulnerability and hacker data with the government, even if the new FOIA exemptions are enacted. "There's significant evidence that they won't share it unless they think you're part of the 'fix it immediately' camp, and the federal government is not usually considered part of that group," Paller said. Earlier today, the Senate Governmental Affairs Committee added the new exemptions to its legislation. The House of Representatives is expected to vote by the end of this week on its version of the bill, which also includes the changes. A spokesperson for Schakowsky said she plans to offer an amendment when the bill hits the floor that would remove the FOIA exceptions altogether. Schakowsky warned that if pushed into a corner, Congress could make such information disclosures mandatory. "I just want to suggest there is another option: that is to say that this information isn't voluntary -- that we require it," she said. "We could in fact just say that because this is so critical to national security, (we will) simply require this, rather than pander to the desires of businesses to keep information secret." © 2002 TechNews.com ------------------------ Yahoo! Groups Sponsor ---------------------~--> Will You Find True Love? Will You Meet the One? Free Love Reading by phone! http://us.click.yahoo.com/7dY7FD/R_ZEAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT