[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] CDT zu Homeland Security Deptartment, incl. Cyber Security u. Privacy
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Das Center for Democracy and Technology (CDT) ist eine linksliberale
NGO, die sich viel um Datenschutz etc. kuemmert. Hier ein lesenswerter
Update zum Homeland Security Department. Interessant: Das
Stasi-aehnliche Programm "TIPS" wird wohl im Kongress scheitern...
RB
-------- Original Message --------
Subject: Policy Post 8.15: Homeland Security Dept. to Encompass Cyber
Security; Privacy Issues Addressed
Date: Wed, 24 Jul 2002 16:22:23 -0400
From: Michael Clark <mclark -!
- cdt -
org>
To: bendrath -!
- zedat -
fu-berlin -
de
CDT POLICY POST Volume 8, Number 15, July 24, 2002
A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
CONTENTS:
(1) Homeland Security Act Moves through Congress
(2) New Department Likely to Gain Authority over Cyber Security and
Infrastructure Protection
(3) H.R. 5005 Creates Broad New FOIA Exemption, Criminalizes Leaks
(4) Congress Proposes New Agency Have Internal Watchdog for Privacy and
Civil Rights
(5) House Bill Rejects TIPS Program, National ID Card
------------------------------------------------------------------------
(1) HOMELAND SECURITY ACT MOVES THROUGH CONGRESS
Congress is moving rapidly to enact legislation to create a new
Cabinet-level
Department of Homeland Security, with uncertain but potentially large
implications for privacy, cyber security and government accountability.
The
new agency will likely absorb the Coast Guard, the Customs Service, the
Secret
Service, part of the Immigration and Naturalization Service (INS), and
the
Federal Emergency Management Agency (FEMA), among nearly two dozen
offices
and agencies that will be consolidated to improve counter-terrorism
efforts.
Here's a brief status report:
* In the House, the bill is H.R. 5005. The latest action occurred on
Friday,
July 19, when a special select committee marked up and reported the
bill,
drawing on the recommendations of the various standing committees
(Judiciary,
Government Reform, Transportation, etc). The Rules Committee is
meeting today,
Wednesday, July 24, to craft a rule for Floor debate, and the full
House is
expected to consider the legislation on Thursday and/or Friday, July
25 and 26.
The full legislative history of H.R. 5005 will be available at
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:HR.5005: but Thomas is
lagging
a little, so you can access the latest version of the bill, the
version
reported by the select committee, at http://hsc.house.gov/
* In the Senate, the bill is S. 2452, introduced by Senator Joseph
Lieberman
(D-CT), chairman of the Governmental Affairs Committee, which is
marking-up
the bill today, Wednesday, July 24.
The Lieberman bill as introduced is posted at
http://www.senate.gov/~gov_affairs/072402bill.pdf
------------------------------------------------------------------------
(2) NEW DEPARTMENT LIKELY TO GAIN AUTHORITY OVER CYBER SECURITY AND
INFRASTRUCTURE PROTECTION
Both House and Senate bills would grant the Department of Homeland
Security
authority over cyber security and infrastructure protection.
Specifically,
the bills would transfer to the new department the functions of the
following
entities:
* the National Infrastructure Protection Center of the Federal Bureau
of
Investigation (excluding the Computer Investigations and Operations
Section);
* the National Communications System of the Department of Defense;
* the Critical Infrastructure Assurance Office of the Department of
Commerce;
* the National Infrastructure Simulation and Analysis Center of the
Department
of Energy;
* the Federal Computer Incident Response Center of the General Services
Administration.
Following objections by the high-tech industry and others, the House
bill would
not transfer the Computer Security Division of the National Institute of
Standards and Technology. The Senate bill as introduced would transfer
that
NIST component, along with the Energy Security and Assurance Program of
the
Department of Energy and the Federal Protective Service of the General
Services
Administration.
Both bills would leave the FBI and CIA untouched by the reshuffling
(with the
exception of the FBI's NIPC, as noted above).
------------------------------------------------------------------------
(3) H.R. 5005 CREATES BROAD NEW FOIA EXEMPTION, CRIMINALIZES LEAKS
H.R. 5005 contains a controversial provision carving out a new exception
to the
Freedom of Information Act (FOIA), the 1966 law that promotes government
accountability and effectiveness by requiring agencies to disclose
information
of public interest.
Under the bill that is moving through the House, the Department of
Homeland
Security could withhold information it receives voluntarily from
"non-Federal
entities or individuals that relates to" the vulnerability of a critical
infrastructure, including the computers that are at the heart of
communications,
banking, transportation, power and other infrastructures. Much of the
U.S.
infrastructure is privately owned, and no one has proposed requiring
companies
to disclose information about their systems to the government. The FOIA
exception has been justified as necessary to encourage industry to
voluntarily
share with the government information about the flaws and
vulnerabilities of
and attacks on these infrastructures. The language in H.R. 5005 is very
broad:
* The FOIA exception in H.R. 5005 is not limited to information which,
if
disclosed, could be used to harm a critical infrastructure - the
language
requires withholding of information even if the public interest and
the goal
of improving homeland security would benefit from its disclosure.
* H.R. 5005 preempts state open government laws, even for information
independently obtained by the states.
* H.R. 5005 provides civil use immunity for information voluntarily
submitted
to the government, prohibiting the government from using in
litigation
information submitted to it, even if the information relates to a
faulty
system that the government owns.
* As we read section 724(h), the bill would also empower the
Administration
to grant antitrust immunity to selected industries.
* Most remarkably, section 724 of H.R. 5005 includes a provision making
it a
crime for government officials to disclose information about critical
infrastructure vulnerability.
The Senate bill as introduced contained no FOIA language, but at the
mark-up
today the Governmental Affairs Committee just adopted a FOIA amendment
offered
by Sen. Robert Bennett (R-UT). The Bennett language, negotiated with
FOIA
defender Sen Patrick Leahy (D-VT) is much more focused than the House
provision
and does not include the civil immunity provision, antitrust immunity or
any
criminal penalties.
------------------------------------------------------------------------
(4) CONGRESS PROPOSES NEW AGENCY HAVE INTERNAL WATCHDOGS FOR PRIVACY AND
CIVIL RIGHTS
On the surface of both bills, it appears that the Department will have
no new
intelligence collection authority, although many of the components being
transferred to it (Secret Service, Customs, Coast Guard, INS) have
intelligence
divisions and will carry their investigative and intelligence authority
with
them.
Moreover, the new Department will have access to the full range of
intelligence
information about terrorist threats collected domestically and overseas
by the
FBI, the CIA and other intelligence and law enforcement agencies. The
House
bill specifies the Department would have access to all reports,
assessments,
and analytical information and all information concerning the
vulnerability of
the US to terrorism, whether or not such information has been analyzed,
suggesting that the information obtained by the Department would include
raw
intelligence. Presumably, the Department also will be able to subscribe
to
private sector databases. The Senate bill as introduced would give the
new
Department authority to direct the intelligence agencies to provide (and
apparently collect) additional information on specific threats. The
Senate bill
would also expressly authorize the new Department to engage in data
mining and
to buy or otherwise obtain private sector databases for that purpose.
Clearly, therefore, the activities of the new Department will raise many
privacy
issues. As a step towards addressing those issues, the bills include
several
internal oversight mechanisms.
In the House bill --
* Section 205 requires the Secretary of the new Department to appoint a
senior
official to assume primary responsibility for privacy policy,
including
assuring that the use of information technologies sustains, and does
not
erode, privacy protections and conducting privacy impact assessments
of
proposed rules of the Department.
* Section 604 requires the Secretary to establish an Office for Civil
Rights
and Civil Liberties, whose Director shall review and assess
information
alleging abuses of civil rights, civil liberties and racial and
ethnic
profiling by the Department.
* Section 204 requires the Secretary to establish procedures on the use
of
information shared to limit its redissemination, ensure its security
and
confidentiality, and provide data integrity. These requirements
overlap
with the requirements of the Privacy Act, but could provide
additional
impetus within the Department for careful attention to privacy issues
in the handling of personal information.
Similarly, Sections 110 and 111 of the Senate bill would create a
Civil
Rights Officer and a Privacy Officer.
CDT believes that these provisions need to be fleshed out, either in
the
legislation or through subsequent Congressional oversight.
* In particular, it should be made clear that guidelines adopted by the
new
Department on data mining and information privacy should be adopted
following public and Congressional consultation and comment.
* Further, Congress should require public reporting of statistical
information
on sensitive issues, such as descriptions of data mining contracts
and
arrangements. Such descriptions should include the types of databases
"mined"
and approximate numbers of persons in each database.
------------------------------------------------------------------------
(5) HOUSE BILL REJECTS TIPS PROGRAM, NATIONAL ID CARD
At the urging of Rep, Richard Armey (R-TX), chairman of the House select
committee, the House bill would reject two privacy-threatening
initiatives:
* Section 779 of H.R. 5005 prohibits "any and all activities of the
Federal
Government to implement the proposed Operations TIPS (Terrorism
Information
and Prevention System)," which would have encouraged delivery men and
cable
guys to report anything they think may indicate terrorist activity.
* Section 815 states that "nothing in this Act shall be construed to
authorize
the development of a national identification system or card."
CDT has established a special page where we are indexing materials on
the
homeland security issue:
http://www.cdt.org/security/usapatriot/hearings.shtml
------------------------------------------------------------------------
Detailed information about online civil liberties issues may be found at
http://www.cdt.org/.
This document may be redistributed freely in full or linked to
http://www.cdt.org/publications/pp_8.15.shtml.
Excerpts may be re-posted with prior permission of ari -!
- cdt -
org
Policy Post 8.15 Copyright 2002 Center for Democracy and Technology
--
To subscribe to CDT's Activist Network, sign up at:
http://www.cdt.org/join/
If you ever wish to remove yourself from the list, unsubscribe at:
http://www.cdt.org/action/unsubscribe.shtml
If you just want to change your address, you should unsubscribe
yourself and then sign up again or contact: mclark -!
- cdt -
org
--
Michael Clark, Grassroots Webmaster
mclark -!
- cdt -
org
PGP Key available on keyservers
Center for Democracy and Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
http://www.cdt.org/
voice: 202-637-9800
fax: 202-637-0968
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.