[iwar] [fc:Congress.blasts.Feds.on.cyber-terror.FOIA.games]

From: Fred Cohen (fc@all.net)
Date: 2002-07-27 10:58:00


Return-Path: <sentto-279987-5065-1027792547-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 27 Jul 2002 10:59:07 -0700 (PDT)
Received: (qmail 18945 invoked by uid 510); 27 Jul 2002 17:54:48 -0000
Received: from n33.grp.scd.yahoo.com (66.218.66.101) by all.net with SMTP; 27 Jul 2002 17:54:48 -0000
X-eGroups-Return: sentto-279987-5065-1027792547-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.196] by n33.grp.scd.yahoo.com with NNFMP; 27 Jul 2002 17:55:47 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 27 Jul 2002 17:55:47 -0000
Received: (qmail 82011 invoked from network); 27 Jul 2002 17:55:47 -0000
Received: from unknown (66.218.66.216) by m3.grp.scd.yahoo.com with QMQP; 27 Jul 2002 17:55:47 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 27 Jul 2002 17:55:47 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6RHw0T31756 for iwar@onelist.com; Sat, 27 Jul 2002 10:58:00 -0700
Message-Id: <200207271758.g6RHw0T31756@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sat, 27 Jul 2002 10:58:00 -0700 (PDT)
Subject: [iwar] [fc:Congress.blasts.Feds.on.cyber-terror.FOIA.games]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

Congress blasts Feds on cyber-terror FOIA games
By Thomas C Greene in Washington
Posted: 26/07/2002 at 07:10 GMT

There was a fabulous explosion Wednesday during an otherwise typical
cyberterror dog-and-pony show on the Hill when House Government Reform
Subcommittee Ranking Member Jan Schakowsky (Democrat, Illinois) lost her
composure during a discussion of new Freedom of Information Act (FOIA)
modifications proposed by the GB Junior Administration as part of its
Homeland Defense initiative.

After a couple of hours filled with warnings about widespread infrastructure
vulnerabilities and exploitable bugs in numerous control systems, it came
time for Critical Infrastructure Assurance Office (CIAO) Director John
Tritak and National Infrastructure Protection Center (NIPC) Director Ronald
Dick to make the pitch for a controversial exemption from the FOIA applying
to all government records submitted by the industry.

The government has been disappointed in the amount of critical information
flowing to it from the Information Sharing and Analysis Centers (ISACs)
which the Clinton Administration set up for private-sector vulnerability
shoptalk. Industry fears that government records of their incompetence could
end up in the hands of outraged citizens and journalists, leading to an
unfortunate tarnishing of the sterling reputations enjoyed by the nation's
mega-corporations.

Uncle Sam would like to be told more about vulnerabilities and risks and
terrorist targets in the real world out there, and is perfectly willing to
gut the FOIA if that's what it takes to get brought up to speed.

Schakowsky just about had a fit on hearing this. Why, she wondered, if the
terrorist threat is as real as the government claims, are we kissing big
business' ass and essentially pleading with them to cooperate? Why not just
force them?

"This is a time of a war on terrorism; we're calling on individuals and
businesses to be patriotic," she said. "Because this is so critical to our
national security, we could simply require this rather than pander to the
desires of businesses to keep information secret, an item that has been on
their agenda for many years."

"It astounds me that at a moment in history when transparency in business is
in the headlines every day -- the need for us to know what is going on in
our private sector, which has deprived many of our citizens of their ability
to retire, and employees of their retirement plans, set the stock market
diving because of this lack of transparency, cooking the books -- that now
we want to offer...not a narrowly-constructed exemption, but a loophole big
enough drive any corporation and its secrets through," she sputtered.

"If a company wants to protect information from public view, they can dump
it into the Department of Homeland Security and say, 'we don't want anyone
to have access to it because it's critical information,' yet it could be
something that communities need to know."

She wanted to know if the government had given businesses any assistance in
dealing with sensitive data under the FOIA as it exists.

NIPC Director Ronald Dick rushed to defend the proposed amendments. "If
there is a request for [trade secrets information] the industry would have
to come forward and discuss in court what it had done to protect that
information," he explained. "So therefore they would have to go into court
and prove, I assume beyond some standard, that they had adequately protected
it in the first place."

That was a bit of a slip, that bit about how the new FOIA will essentially
protect information the companies haven't bothered to protect for
themselves. But the government often rewards incompetence, so it's hardly
surprising.

"We're talking about information that the private sector believes is
sensitive and are concerned about it being disclosed," Dick continued. "And
they have questions as to whether the government can adequately protect it.
What we're recommending is not some broad loophole, but a measured response
in the language that will provide some of the assurances that will provide
better information sharing."

Schakowsky read from the Junior Administration's proposed language, making
it clear that Uncle Sam is prepared to exempt from public knowledge
absolutely anything that relates to infrastructure vulnerabilities in any
way.

Asked why such broad language should be needed, Dick made the mistake of
answering, "the private sector is concerned that if they share
[vulnerability information] then it will become public, and therefore the
bad guys will know it and attack them."

Schakowsky tore into the logical flaw. "So they believe that if they provide
information that's critical to terrorists, this government under its current
laws is just going to let that information out," she said sarcastically. "It
is precisely for that reason that the existing exemptions were crafted."

Dick never quite replied to that one. It's obvious to any fool that the
government would never willingly release any such information. The private
sector is of course solely concerned with embarrassing revelations of how
badly they're managing their security defenses, and the liabilities their
publication would invite.

Schakowsky knows that Uncle Sam needs and desperately wants this data and
will bend over backwards to coax it from business while steamrolling the
rights of citizens to sue for it, regardless of public interests buried
along the way. She had a couple of good rants; and I have to say it was
refreshing to see a Member of Congress actually understand something for a
change. But the government rationale is fairly well accepted on the Hill,
and these days the word 'terror' works absolute magic in all political
negotiations. It looks like the FOIA is set become another casualty of the
war on terror.

Which is no surprise, really. As occasional Reg contributor George Smith
points out, Cyberwar is Hell. ®

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Will You Find True Love?
Will You Meet the One?
Free Love Reading by phone!
http://us.click.yahoo.com/7dY7FD/R_ZEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT