[Infowarrior] - Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan
Richard Forno
rforno at infowarrior.org
Sat Jul 25 16:57:55 UTC 2009
Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt.
Cybersecurity Plan
• By Kim Zetter
• July 24, 2009 |
• 5:44 pm |
• Categories: Cyber Warfare, Cybersecurity
http://www.wired.com/threatlevel/2009/07/senators-demand-cybersecurity/
The Senate Intelligence Committee is demanding that the Obama
administration supply it with the legal justifications it has produced
for conducting government cybersecurity operations, or face losing
funding for the projects, NextGov reports.
“During the next three years, the executive branch will begin new and
unprecedented cybersecurity programs with new technology,” the
senators write in a report (.pdf) released Wednesday, which
accompanies the senate’s version of the FY2010 Intelligence
Authorization Act, which will be voted on at an undetermined date.
These new technologies — which go beyond standard firewall and anti-
virus protection products, the senators write in their report — pose
new legal and “significant potential privacy implications,” which
makes “congressional and Executive oversight particularly important.”
The report mentions privacy concerns about e-mail or other electronic
communications intended for personnel in one government agency or
department but that is forwarded to another department — such as the
Department of Homeland Security or an intelligence agency — as part of
a cybersecurity program intended to protect government networks.
DHS is tasked with protecting non-military government networks, while
the National Security Agency has been tasked with protecting military
networks and providing advice to DHS about non-military networks.
Before the senators are willing to approve full funding for the
government’s Comprehensive National Cybersecurity Initiative (CNCI) —
the highly classified government cybersecurity plan established last
year by the Bush administration to protect government networks — the
committee wants the administration to provide any legal justifications
the Justice Department’s Office of Legal Counsel has produced for the
cybersecurity programs, any certifications of the programs’ legality,
as well as any privacy-impact assessments that have been conducted on
the programs and information about any plans for an independent audit
or review of the programs. The senators are asking for the same
documentation for any programs already in operation, to be submitted
within 30 days of the enactment of the Authorization Act.
The DoJ Office of Legal Counsel is the office where former deputy
assistant attorney general John Yoo produced constitutionally
questionable memos providing legal justification for the Bush
administration’s torture and warrantless wiretapping programs.
In addition to the documentation mentioned, the senate committee,
which is chaired by Senator Dianne Feinstein (D - California) also
wants the directors of the Office of National Intelligence and the
Department of Homeland Security to submit by January 1, 2010, a
comprehensive assessment of cybersecurity threats and vulnerabilities,
and calls on the Obama administration to create “a survivable
government communications network to sustain critical national
security functions under and following [a] major cyber attack.”
In the comments section of the report, the senators reveal that
because the secretive CNCI gave the intelligence community “key
national roles in cyber security,” the committee has expended much
effort in examining the issues around cybersecurity, including holding
six closed-door cyber hearings in the last two years and compiling
several six-month studies through its Technical Advisory Group.
They chastise the government’s “prior reluctance to invite Congress
into the cybersecurity debate in a timely manner” (presumably
referring to the Bush administration’s secrecy around the CNCI) and
assert that the administration must now make it a priority to clearly
communicate its cybersecurity plan to the public.
“Though some elements must be classified, it is important that the
U.S. people understand the government’s basic role in helping to
secure information networks,” they write. “The general rules and
expectations for government involvement, and how these may affect
privacy, must be clearly explained.”
Equally important is the government’s communication on the
international front with regard to cyber warfare and other activity.
The committee calls for strong international outreach with traditional
allies and other key nations to develop a consensus about what cyber
activities “will be promoted, tolerated and censured” and says that an
international framework for cyber warfare “is needed to govern this
rapidly growing field.”
Photo: Susan Walsh/AP
More information about the Infowarrior
mailing list