Privacy group to Senate: FIDNet must go

The head of the Electronic Privacy Information Center, a Washington, D.C.-based privacy advocacy organization, in a written statement on Tuesday told members of a Senate committee that the Clinton administration's plan to protect the nation's critical infrastructure from cyberattacks poses a significant risk to citizens' privacy and must be withdrawn.

Marc Rotenberg, executive director of EPIC, testified before the Senate Judiciary Committee that the government's plan to establish the Federal Intrusion Detection Network (FIDNet) as part of the overall National Plan for Information Systems Protection "must simply be withdrawn" because of the unprecedented electronic surveillance capabilities it would give the federal government.

The plan, released Jan 12, would establish a vast data sharing network between the Defense Department's Joint Task Force for Computer Network Defense and FIDNet that would monitor civilian agencies' information systems. In addition, private-sector analysis centers periodically would share information with DOD and FIDNet about illegal intrusions into critical infrastructures. The intrusion-detection systems within each of those sectors ultimately would be connected.

Although the Clinton plan for information systems protection discusses privacy issues at length, it falls far short "when compared with the enormous surveillance authority that will be given to the federal government," Rotenberg said. "It requests input from the privacy community but establishes no formal process to incorporate recommendations," he said. "The privacy section describes the need to review various privacy issues, but then focuses on such concepts as 'consent' and 'disclosure' that are clearly intended to facilitate government data collection and monitoring."

Rotenberg also called for the creation of a privacy agency within the federal government to review the plan and other similar proposals. Rotenberg recommended that the government set aside 3 percent of the "vast budget" being assembled "to erect all of these elaborate surveillance techniques" to fund the new agency.

In his statement, Rotenberg also alluded to "indications" contained in documents acquired by EPIC "that the [Critical Infrastructure Assurance Office] intends to make use of credit card records and telephone toll calls" as part of its overall intrusion-detection system. "It is impermissible in the United States to give a federal agency such extensive surveillance authority," he said.

Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected