US: The emerging centralized state
Source Sabri Oncu
Date 02/12/21/23:14

New York Times

December 20, 2002
Bush Administration to Propose System for Monitoring Internet

The Bush administration is planning to propose requiring Internet
service providers to help build a centralized system to enable
broad monitoring of the Internet and, potentially, surveillance
of its users.

The proposal is part of a final version of a report, "The
National Strategy to Secure Cyberspace," set for release early
next year, according to several people who have been briefed on
the report. It is a component of the effort to increase national
security after the Sept. 11 attacks.

The President's Critical Infrastructure Protection Board is
preparing the report, and it is intended to create public and
private cooperation to regulate and defend the national computer
networks, not only from everyday hazards like viruses but also
from terrorist attack. Ultimately the report is intended to
provide an Internet strategy for the new Department of Homeland

Such a proposal, which would be subject to Congressional and
regulatory approval, would be a technical challenge because the
Internet has thousands of independent service providers, from
garage operations to giant corporations like American Online,
AT&T, Microsoft and Worldcom.

The report does not detail specific operational requirements,
locations for the centralized system or costs, people who were
briefed on the document said.

While the proposal is meant to gauge the overall state of the
worldwide network, some officials of Internet companies who have
been briefed on the proposal say they worry that such a system
could be used to cross the indistinct border between broad
monitoring and wiretap.

Stewart Baker, a Washington lawyer who represents some of the
nation's largest Internet providers, said, "Internet service
providers are concerned about the privacy implications of this as
well as liability," since providing access to live feeds of
network activity could be interpreted as a wiretap or as the "pen
register" and "trap and trace" systems used on phones without a
judicial order.

Mr. Baker said the issue would need to be resolved before the
proposal could move forward.

Tiffany Olson, the deputy chief of staff for the President's
Critical Infrastructure Protection Board, said yesterday that the
proposal, which includes a national network operations center,
was still in flux. She said the proposed methods did not
necessarily require gathering data that would allow monitoring at
an individual user level.

But the need for a large-scale operations center is real, Ms.
Olson said, because Internet service providers and security
companies and other online companies only have a view of the part
of the Internet that is under their control.

"We don't have anybody that is able to look at the entire
picture," she said. "When something is happening, we don't know
it's happening until it's too late."

The government report was first released in draft form in
September, and described the monitoring center, but it suggested
it would likely be controlled by industry. The current draft sets
the stage for the government to have a leadership role.

The new proposal is labeled in the report as an "early-warning
center" that the board says is required to offer early detection
of Internet-based attacks as well as defense against viruses and

But Internet service providers argue that its data-monitoring
functions could be used to track the activities of individuals
using the network.

An official with a major data services company who has been
briefed on several aspects of the government's plans said it was
hard to see how such capabilities could be provided to government
without the potential for real-time monitoring, even of

"Part of monitoring the Internet and doing real-time analysis is
to be able to track incidents while they are occurring," the
official said.

The official compared the system to Carnivore, the Internet
wiretap system used by the F.B.I., saying: "Am I analogizing this
to Carnivore? Absolutely. But in fact, it's 10 times worse.
Carnivore was working on much smaller feeds and could not scale.
This is looking at the whole Internet."

One former federal Internet security official cautioned against
drawing conclusions from the information that is available so far
about the Securing Cyberspace report's conclusions.

Michael Vatis, the founding director of the National Critical
Infrastructure Protection Center and now the director of the
Institute for Security Technology Studies at Dartmouth, said it
was common for proposals to be cast in the worst possible light
before anything is actually known about the technology that will
be used or the legal framework within which it will function.

"You get a firestorm created before anybody knows what,
concretely, is being proposed," Mr. Vatis said.

A technology that is deployed without the proper legal controls
"could be used to violate privacy," he said, and should be
considered carefully.

But at the other end of the spectrum of reaction, Mr. Vatis
warned, "You end up without technology that could be very useful
to combat terrorism, information warfare or some other harmful

[View the list]

InternetBoard v1.0
Copyright (c) 1998, Joongpil Cho