|Date : August 16, 1999|
|Title : Author of Computer Surveillance Plan Tries to Ease Fears|
|Author : Tim Weiner|
|Source : New York Times (Technology)
Url Ref: http://search.nytimes.com/search/daily/bin/fastweb?getdoc+site+site+81924+0+wAAA+fidnet
WASHINGTON -- Congress has blocked money for a planned system to safeguard government computers, a prominent Republican has denounced the system as "Orwellian" and some civil libertarians are calling it a potential threat.
But the plan's author, a senior National Security Council official, says those are only temporary setbacks to a critically needed system that will be built if President Clinton wants it.
The proposed system, called Fidnet, is intended to protect government computers from hackers, whether they be precocious teen-agers or potential terrorists, administration officials say. It represents "the first attempt by any nation to develop a plan to defend its cyberspace," a draft plan by the security council says. The White House is seeking $1.5 billion in new spending for the program.
Although Fidnet has been in the works for more than a year, many in Congress learned about it on July 28, when The New York Times published details of the draft proposal.
The reaction was swift. Two days later, the House Appropriations Committee deleted $2 million in start-up money requested by the FBI to develop the system.
Then the House majority leader, Rep. Dick Armey, R-Texas, denounced Fidnet, saying it raised "the Orwellian possibility that unscrupulous government bureaucrats could one day use such a system to read our personal e-mail."
But the principal author of the plan, Richard Clarke, the National Security Council's counterterrorism czar, said Congress would assuredly finance the system once lawmakers understood it and Clinton gave it the go-ahead.
"If the president approves Fidnet, there'll be funding for it," he said in an interview.
Clarke, whose formal title is National Coordinator for Security, Infrastructure Protection and Counterterrorism, has been warning for years about the threat of an "electronic Pearl Harbor" in the form of an attack on government computers. He said that a cyberspace assault would be "as bad as being attacked by bombs," and that "an attack on American cyberspace is an attack on the United States" that should trigger a military response.
These fears led last year to a new initiative, called Presidential Decision Directive 63. Fidnet is one of the first major computer-security programs to grow out of the directive. It would cover civilian agencies, like the State Department and the IRS, and would be modeled on and linked to an existing Pentagon security system. Ultimately, the plan calls for private companies to create security links to the government's systems.
Clarke acknowledged that no one in Congress had been briefed on Fidnet, which has not yet been given a go-ahead by President Clinton, and that the draft plan had raised questions among civil libertarians who say it has a potential power to monitor innocent citizens. But he said Congress and the system's critics had the wrong idea about the planned surveillance network.
The critics among the civil libertarians question the FBI's role in the computer monitoring scheme. The bureau already has a centralized security operation called the National Infrastructure Protection Center, based in its headquarters, that has received technical support from the National Security Agency, the intelligence service that eavesdrops on the rest of the world, and from the CIA.
The New York Times reported that the Fidnet system, too, would be overseen by the FBI. Clarke's draft plan calls for the National Infrastructure Protection Center to play a role in analyzing and responding to any signs of intrusion. But Clarke said in the interview that while some funds requested for Fidnet were earmarked for the Justice Department and the bureau, the system "would not be run by the FBI."
Instead, he said, it would be established by the General Services Administration, an independent agency better known for furnishing government offices than for law enforcement. "It would not be monitoring privately owned and operated systems, only government computers," Clarke said. "And it would not violate people's privacy rights."
He conceded that failing to brief Congress was a mistake.
Because Congress already has a system to detect unauthorized intrusions into its information systems, it should realize that "all that Fidnet would be would be the same kind of thing for sensitive government computers," Clarke said.
"Congress has concerns about Justice being the funding source to pay for intrusion detection mechanisms," he said. "That's a legitimate concern. When they get the briefing they'll see there's a requirement to have something like Fidnet."