Modernizing Authentication — What It Takes to Transform Secure Access
The White House scrambled over the weekend to alleviate privacy violation fears raised by its proposal to build a monitoring system as an "early warning center" to track Internet use in the U.S. The proposal is part of the final version of "The National Strategy to Secure Cyberspace," expected to be released in early 2003.
According to reports last week, the Bush Administration would require Internet service providers (ISPs) to build the system and to track their users. Few details were released by the White House. The proposal immediately raised concerns from privacy advocates who said the idea may cross a line regarding current corporate and personal privacy laws.
The sticking point is not government protection against viruses and hacker attacks on the nation's information infrastructure, but rather the method, techniques and communications process between the government, private companies and individual users. Currently, there are strict laws concerning telephone wire taps, and it is unclear if those same protections will be extended for new government Internet monitoring techniques.
In response to the privacy violation concerns, a Department of Homeland Security official said the administration does not plan to monitor what individuals do on the Internet, and Richard Clarke, the Bush administration's cybersecurity advisor, stressed that, "this early warning system would, if companies chose to create it, involve only highly aggregated information on the overall health of the Internet."
Andrew Schulman, an independent software litigation consultant based in Santa Rosa, Calif., said last week, "It sounds like they are planning a grand version of some sort of pattern matching software that will examine streams of e-mail, instant messages and Web site addresses." Schulman said the software could be a help in tracking terrorist threats, but would alter current corporate and surveillance rules.
There are still unanswered questions about what "real-time" monitoring technology will be used, and what opportunities it may provide for information security software vendors.
"The concern is obviously we have Fourth amendment protections in terms of search and seizure, and there can only be reasonable, articulated and particularized searches. The danger of a system like this is that it is not based on suspicion of specific information, it's a sweep without suspicion," Schulman added.
While the White House proposal alludes to ISPs shouldering some of the responsibility to implement the new system, there are no details regarding whether ISPs will have to pay, or will be subsidized by government grants. It is also possible that ISPs will need to revise their existing contracts with users, if more intrusive surveillance practices are put in place.