Intell's computer balancing act
- By Dan Verton
- Feb 06, 2000
The intelligence community has long been a leader in the development of
cutting-edge information technologies. But, as last week's events demonstrate,
that position is imperiled by the attempt to balance security and privacy
with better access to information.
The most glaring example is the recent case of former CIA director John
Deutch, who may have compromised thousands of pages of highly classified
material by storing the data on a home computer equipped with an unsecured
Internet connection. CIA director George Tenet called his former boss' actions
The Deutch example represents the ultimate insider threat, where people
use authorized access in unauthorized, or simply irresponsible, ways.
"What this whole fiasco really demonstrates is that the existing information
technology capabilities of the U.S. intelligence community, and the related
security constraints, make it impossible for anyone, even the director of
Central Intelligence, to work efficiently from home or anywhere else, with
due regard for security," said Robert Steele, a former CIA officer and chief
executive officer of Open Source Solutions Inc.
The disclosure of Deutch's blunder comes on the heels of the Energy
Department's effort to restructure agency security policy in light of the
indictment of former DOE physicist Wen Ho Lee. Lee is accused of downloading
nuclear weapons information onto an unclassified computer system and storing
that data on unsecured tape storage devices.
But the tendency to increase monitoring and bolster cyberdefenses comes
with its own set of problems, such as how cyberintelligence is balanced
with privacy. Marc Rotenberg, executive director of the Electronic Privacy
Information Center, pointed to the National Security Agency as a prime example.
"The problem is that the federal government has two very distinct views
of computer security," Rotenberg said in a statement delivered to Congress
last week. One view is securing your own communications and the other is
intercepting the electronic emanations of suspected criminals, he said.
"In no agency are the two notions more at odds than the [NSA]," which is
responsible for federal systems security standards and developing methods
to crack encryption codes and break into networks.