[ISN] Cyber-security czar snubs ID plan, defends Govnet

Thu Nov 8 14:05:16 EST 2001

--- begin forwarded text

Status:  U
Date: Thu, 8 Nov 2001 06:11:42 -0600 (CST)
From: InfoSec News <isn at c4i.org>
To: isn at attrition.org
Subject: [ISN] Cyber-security czar snubs ID plan, defends Govnet
Sender: owner-isn at attrition.org
Reply-To: InfoSec News <isn at c4i.org>

http://www.forbes.com/technology/newmedia/newswire/2001/11/08/rtr418615.html

Reuters, 11.08.01, 3:20 AM ET
By Elinor Mills Abreu

PALO ALTO, Calif. (Reuters) - As technology companies promote the idea
of a national identification card, the president's special adviser on
cyber-security said Wednesday the idea has little support within the
Bush administration.

Richard Clarke said he couldn't name one official who supports the
idea as proposed, although conceding that the administration doesn't
yet have a formal position on the concept.

"Everyone I've talked to doesn't think it's a good idea," Clarke said
during a dinner speech hosted by Microsoft Corp. as part of its
three-day Trusted Computing conference.

The idea, raised in the wake of the Sept. 11 attacks, has drawn
criticism from civil libertarians who say it would violate individual
privacy.

Despite those concerns, Larry Ellison of Oracle Corp. was the first to
push ID cards, suggesting his company's database software should be
used. Sun Microsystems Inc.'s Scott McNealy was next, and earlier
Wednesday Siebel Systems Inc. announced "Homeland Security" software.

Clarke said it is not clear that the country needs to have a mandatory
identity card, but suggested there might be a use for credit
card-sized smart cards that contain data and microchips. Such cards
could be used for specific actions such as boarding airplanes and
crossing U.S. borders, he said.

"Not one national ID card that we force everybody to have," but
multiple, voluntary cards that could improve the efficiency of
activities, Clarke added.

GOVNET DEFENDED

Clarke also defended the idea he proposed in mid-October for the
government to consider creating a computer network, dubbed "Govnet,"
that is separate from the Internet and which would, as a result, be
less vulnerable to malicious attacks.

He described it as a set of departmental and agency "intranets," which
use Internet technologies, that would run on leased fiber optic cable
instead of passing through routers and switches connected to the
Internet.

"It would be impervious to even the most dangerous denial-of-service
attack," he said. Denial-of-service attacks are designed to
temporarily shut down Web servers or other equipment by bombarding
them with so much junk traffic that they can't handle the load.

Government employees would still use the Internet, but also have
computers linked to Govnet on their desks for internal communications
and critical operations, Clarke said. This might be particularly
useful for work such as manned space flight and air traffic control,
he added.

In response to criticisms that a separate network would not be immune
from viruses, he said it would at least get viruses "hours or days"
after they hit computers on the Internet.

Critics also have noted that Govnet couldn't prevent so-called
"insider threats," employees who intentionally or inadvertently create
security breaches, which make up about 40 percent of network
break-ins, Clarke said.

To minimize that risk the government could closely monitor employees
and require them to use technologies to prove their identity and
permission to access the system, he said.

"If it turns out to be vastly expensive then we won't do it," Clarke
said. "It's is not designed to be a silver bullet" that will solve all
the government's cyber-security problems, he added.

COST OF DOING BUSINESS

Legislation to boost the powers of law enforcement in combating
terrorism and the money being spent to provide more security for
buildings and digital assets is the cost of doing business going
forward, Clarke concluded.

"We're paying more for security than we were six weeks ago," he said.
"We now understand it is a cost of doing business."

The economic costs so far have been trivial, "a few billion dollars,"
which is minor compared to what the cost could be without the security
measures, Clarke noted.

In addition to money spent, Americans are having to give up some of
their freedoms to privacy.

The USA Patriot Act signed into law two weeks ago gives authorities
broader rights to tap phones and track Internet, e-mail and cell phone
usage, among other things. Under a "sunset provision," certain
provisions will expire in five years.

"If the administration abuses the law in any way," Clarke said, "Then
the law can be re-enacted. We haven't given up civil liberties and
privacy."

The new law will allow the government to find perpetrators more
quickly than they have in the past, he said.

In 1998 after the U.S. Air Force computer system was attacked right
before the Gulf War, it took officials four days to get nine search
warrants to investigate the case, he said.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo at attrition.org with 'unsubscribe isn' in the BODY
of the mail.

--- end forwarded text

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com