[Infowarrior] - Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan

Richard Forno rforno at infowarrior.org
Sat Jul 25 16:57:55 UTC 2009 

Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt.  
Cybersecurity Plan
	• By Kim Zetter
	• July 24, 2009  |
	• 5:44 pm  |
	• Categories: Cyber Warfare, Cybersecurity

http://www.wired.com/threatlevel/2009/07/senators-demand-cybersecurity/
The Senate Intelligence Committee is demanding that the Obama  
administration supply it with the legal justifications it has produced  
for conducting government cybersecurity operations, or face losing  
funding for the projects, NextGov reports.

“During the next three years, the executive branch will begin new and  
unprecedented cybersecurity programs with new technology,” the  
senators write in a report (.pdf) released Wednesday, which  
accompanies the senate’s version of the FY2010 Intelligence  
Authorization Act, which will be voted on at an undetermined date.

These new technologies — which go beyond standard firewall and anti- 
virus protection products, the senators write in their report — pose  
new legal and “significant potential privacy implications,” which  
makes “congressional and Executive oversight particularly important.”

The report mentions privacy concerns about e-mail or other electronic  
communications intended for personnel in one government agency or  
department but that is forwarded to another department — such as the  
Department of Homeland Security or an intelligence agency — as part of  
a cybersecurity program intended to protect government networks.

DHS is tasked with protecting non-military government networks, while  
the National Security Agency has been tasked with protecting military  
networks and providing advice to DHS about non-military networks.

Before the senators are willing to approve full funding for the  
government’s Comprehensive National Cybersecurity Initiative (CNCI) —  
the highly classified government cybersecurity plan established last  
year by the Bush administration to protect government networks — the  
committee wants the administration to provide any legal justifications  
the Justice Department’s Office of Legal Counsel has produced for the  
cybersecurity programs, any certifications of the programs’ legality,  
as well as any privacy-impact assessments that have been conducted on  
the programs and information about any plans for an independent audit  
or review of the programs. The senators are asking for the same  
documentation for any programs already in operation, to be submitted  
within 30 days of the enactment of the Authorization Act.

The DoJ Office of Legal Counsel is the office where former deputy  
assistant attorney general John Yoo produced constitutionally  
questionable memos providing legal justification for the Bush  
administration’s torture and warrantless wiretapping programs.

In addition to the documentation mentioned, the senate committee,  
which is chaired by Senator Dianne Feinstein (D - California) also  
wants the directors of the Office of National Intelligence and the  
Department of Homeland Security to submit by January 1, 2010, a  
comprehensive assessment of cybersecurity threats and vulnerabilities,  
and calls on the Obama administration to create “a survivable  
government communications network to sustain critical national  
security functions under and following [a] major cyber attack.”

In the comments section of the report, the senators reveal that  
because the secretive CNCI gave the intelligence community “key  
national roles in cyber security,” the committee has expended much  
effort in examining the issues around cybersecurity, including holding  
six closed-door cyber hearings in the last two years and compiling  
several six-month studies through its Technical Advisory Group.

They chastise the government’s “prior reluctance to invite Congress  
into the cybersecurity debate in a timely manner” (presumably  
referring to the Bush administration’s secrecy around the CNCI) and  
assert that the administration must now make it a priority to clearly  
communicate its cybersecurity plan to the public.

“Though some elements must be classified, it is important that the  
U.S. people understand the government’s basic role in helping to  
secure information networks,” they write. “The general rules and  
expectations for government involvement, and how these may affect  
privacy, must be clearly explained.”

Equally important is the government’s communication on the  
international front with regard to cyber warfare and other activity.

The committee calls for strong international outreach with traditional  
allies and other key nations to develop a consensus about what cyber  
activities “will be promoted, tolerated and censured” and says that an  
international framework for cyber warfare “is needed to govern this  
rapidly growing field.”

Photo: Susan Walsh/AP

More information about the Infowarrior mailing list