Publish to Newswire
Add an EventFrom the Open-Publishing Calendar
From the Open-Publishing Newswire
Indybay Feature
Bush to have ISP's spy on users
The Bush administration is planning to propose requiring Internet service providers to help build a centralized system to enable broad monitoring of the Internet and, potentially, surveillance of its users.
December 20, 2002
Bush Administration to Propose System for Monitoring Internet
By JOHN MARKOFF and JOHN SCHWARTZ
The Bush administration is planning to propose requiring Internet service providers to help build a centralized system to enable broad monitoring of the Internet and, potentially, surveillance of its users.
The proposal is part of a final version of a report, "The National Strategy to Secure Cyberspace," set for release early next year, according to several people who have been briefed on the report. It is a component of the effort to increase national security after the Sept. 11 attacks.
The President's Critical Infrastructure Protection Board is preparing the report, and it is intended to create public and private cooperation to regulate and defend the national computer networks, not only from everyday hazards like viruses but also from terrorist attack. Ultimately the report is intended to provide an Internet strategy for the new Department of Homeland Security.
Such a proposal, which would be subject to Congressional and regulatory approval, would be a technical challenge because the Internet has thousands of independent service providers, from garage operations to giant corporations like American Online, AT&T, Microsoft and Worldcom.
The report does not detail specific operational requirements, locations for the centralized system or costs, people who were briefed on the document said.
While the proposal is meant to gauge the overall state of the worldwide network, some officials of Internet companies who have been briefed on the proposal say they worry that such a system could be used to cross the indistinct border between broad monitoring and wiretap.
Stewart Baker, a Washington lawyer who represents some of the nation's largest Internet providers, said, "Internet service providers are concerned about the privacy implications of this as well as liability," since providing access to live feeds of network activity could be interpreted as a wiretap or as the "pen register" and "trap and trace" systems used on phones without a judicial order.
Mr. Baker said the issue would need to be resolved before the proposal could move forward.
Tiffany Olson, the deputy chief of staff for the President's Critical Infrastructure Protection Board, said yesterday that the proposal, which includes a national network operations center, was still in flux. She said the proposed methods did not necessarily require gathering data that would allow monitoring at an individual user level.
But the need for a large-scale operations center is real, Ms. Olson said, because Internet service providers and security companies and other online companies only have a view of the part of the Internet that is under their control.
"We don't have anybody that is able to look at the entire picture," she said. "When something is happening, we don't know it's happening until it's too late."
The government report was first released in draft form in September, and described the monitoring center, but it suggested it would likely be controlled by industry. The current draft sets the stage for the government to have a leadership role.
The new proposal is labeled in the report as an "early-warning center" that the board says is required to offer early detection of Internet-based attacks as well as defense against viruses and worms.
But Internet service providers argue that its data-monitoring functions could be used to track the activities of individuals using the network.
An official with a major data services company who has been briefed on several aspects of the government's plans said it was hard to see how such capabilities could be provided to government without the potential for real-time monitoring, even of individuals.
"Part of monitoring the Internet and doing real-time analysis is to be able to track incidents while they are occurring," the official said.
The official compared the system to Carnivore, the Internet wiretap system used by the F.B.I., saying: "Am I analogizing this to Carnivore? Absolutely. But in fact, it's 10 times worse. Carnivore was working on much smaller feeds and could not scale. This is looking at the whole Internet."
One former federal Internet security official cautioned against drawing conclusions from the information that is available so far about the Securing Cyberspace report's conclusions.
Michael Vatis, the founding director of the National Critical Infrastructure Protection Center and now the director of the Institute for Security Technology Studies at Dartmouth, said it was common for proposals to be cast in the worst possible light before anything is actually known about the technology that will be used or the legal framework within which it will function.
"You get a firestorm created before anybody knows what, concretely, is being proposed," Mr. Vatis said.
A technology that is deployed without the proper legal controls "could be used to violate privacy," he said, and should be considered carefully.
But at the other end of the spectrum of reaction, Mr. Vatis warned, "You end up without technology that could be very useful to combat terrorism, information warfare or some other harmful act."
http://www.nytimes.com/2002/12/20/technology/20MONI.html?pagewanted=print&position=top
registration required
http://www.ciao.gov/publicaffairs/about.html
Bush Administration to Propose System for Monitoring Internet
By JOHN MARKOFF and JOHN SCHWARTZ
The Bush administration is planning to propose requiring Internet service providers to help build a centralized system to enable broad monitoring of the Internet and, potentially, surveillance of its users.
The proposal is part of a final version of a report, "The National Strategy to Secure Cyberspace," set for release early next year, according to several people who have been briefed on the report. It is a component of the effort to increase national security after the Sept. 11 attacks.
The President's Critical Infrastructure Protection Board is preparing the report, and it is intended to create public and private cooperation to regulate and defend the national computer networks, not only from everyday hazards like viruses but also from terrorist attack. Ultimately the report is intended to provide an Internet strategy for the new Department of Homeland Security.
Such a proposal, which would be subject to Congressional and regulatory approval, would be a technical challenge because the Internet has thousands of independent service providers, from garage operations to giant corporations like American Online, AT&T, Microsoft and Worldcom.
The report does not detail specific operational requirements, locations for the centralized system or costs, people who were briefed on the document said.
While the proposal is meant to gauge the overall state of the worldwide network, some officials of Internet companies who have been briefed on the proposal say they worry that such a system could be used to cross the indistinct border between broad monitoring and wiretap.
Stewart Baker, a Washington lawyer who represents some of the nation's largest Internet providers, said, "Internet service providers are concerned about the privacy implications of this as well as liability," since providing access to live feeds of network activity could be interpreted as a wiretap or as the "pen register" and "trap and trace" systems used on phones without a judicial order.
Mr. Baker said the issue would need to be resolved before the proposal could move forward.
Tiffany Olson, the deputy chief of staff for the President's Critical Infrastructure Protection Board, said yesterday that the proposal, which includes a national network operations center, was still in flux. She said the proposed methods did not necessarily require gathering data that would allow monitoring at an individual user level.
But the need for a large-scale operations center is real, Ms. Olson said, because Internet service providers and security companies and other online companies only have a view of the part of the Internet that is under their control.
"We don't have anybody that is able to look at the entire picture," she said. "When something is happening, we don't know it's happening until it's too late."
The government report was first released in draft form in September, and described the monitoring center, but it suggested it would likely be controlled by industry. The current draft sets the stage for the government to have a leadership role.
The new proposal is labeled in the report as an "early-warning center" that the board says is required to offer early detection of Internet-based attacks as well as defense against viruses and worms.
But Internet service providers argue that its data-monitoring functions could be used to track the activities of individuals using the network.
An official with a major data services company who has been briefed on several aspects of the government's plans said it was hard to see how such capabilities could be provided to government without the potential for real-time monitoring, even of individuals.
"Part of monitoring the Internet and doing real-time analysis is to be able to track incidents while they are occurring," the official said.
The official compared the system to Carnivore, the Internet wiretap system used by the F.B.I., saying: "Am I analogizing this to Carnivore? Absolutely. But in fact, it's 10 times worse. Carnivore was working on much smaller feeds and could not scale. This is looking at the whole Internet."
One former federal Internet security official cautioned against drawing conclusions from the information that is available so far about the Securing Cyberspace report's conclusions.
Michael Vatis, the founding director of the National Critical Infrastructure Protection Center and now the director of the Institute for Security Technology Studies at Dartmouth, said it was common for proposals to be cast in the worst possible light before anything is actually known about the technology that will be used or the legal framework within which it will function.
"You get a firestorm created before anybody knows what, concretely, is being proposed," Mr. Vatis said.
A technology that is deployed without the proper legal controls "could be used to violate privacy," he said, and should be considered carefully.
But at the other end of the spectrum of reaction, Mr. Vatis warned, "You end up without technology that could be very useful to combat terrorism, information warfare or some other harmful act."
http://www.nytimes.com/2002/12/20/technology/20MONI.html?pagewanted=print&position=top
registration required
http://www.ciao.gov/publicaffairs/about.html
We are 100% volunteer and depend on your participation to sustain our efforts!
Donate
$120.00 donated
in the past month
Get Involved
If you'd like to help with maintaining or developing the website, contact us.
Publish
Publish your stories and upcoming events on Indybay.
Topics
More
Search Indybay's Archives
Advanced Search
►
▼
IMC Network
Bush is trying to subvert the freedom of the internet.
I would be interested in hearing from anyone who
has ideas for mounting a global campaign to keep
the internet free (if there isn't already one - I'm very new to the internet).
gET IN TOUCH
Maybe somebody could make a banner ad that sez something like "How Much Are You Willing To Pay An ISP that monitors your online activities for Big Brother"? People who are opposed to this snoop plan could put it on their websites, Perhaps the banner ad could point to a website with more info on this BS if clicked. Maybe if ISPs fear losing revenue, they'll refuse to take part in this.
I've decided I'll probably be dumping my highspeed Internet access soon, and go to something cheap or free like Juno just for email from relatives and whatnot who like to keep in touch that way. If i absolutely have to research something on the 'net, i can always go to the library.
I don't plan to fork over good money to an ISP, just to have them keep track of all the content i access, and turn it over to bureaucratic busybodies. It already pisses me off that tax dollars go to fund this kinda shit.