Privacy group to Senate: FIDNet must go

The head of the Electronic Privacy Information Center, a Washington, D.C.-based privacy advocacy organization, in a written statement on Tuesday told members of a Senate committee that the Clinton administration's plan to protect the nation's critical infrastructure from cyberattacks poses a significant risk to citizens' privacy and must be withdrawn.

Marc Rotenberg, executive director of EPIC, testified before the Senate Judiciary Committee that the government's plan to establish the Federal Intrusion Detection Network (FIDNet) as part of the overall National Plan for Information Systems Protection "must simply be withdrawn" because of the unprecedented electronic surveillance capabilities it would give the federal government.

The plan, released Jan 12, would establish a vast data sharing network between the Defense Department's Joint Task Force for Computer Network Defense and FIDNet that would monitor civilian agencies' information systems. In addition, private-sector analysis centers periodically would share information with DOD and FIDNet about illegal intrusions into critical infrastructures. The intrusion-detection systems within each of those sectors ultimately would be connected.

Although the Clinton plan for information systems protection discusses privacy issues at length, it falls far short "when compared with the enormous surveillance authority that will be given to the federal government," Rotenberg said. "It requests input from the privacy community but establishes no formal process to incorporate recommendations," he said. "The privacy section describes the need to review various privacy issues, but then focuses on such concepts as 'consent' and 'disclosure' that are clearly intended to facilitate government data collection and monitoring."

Rotenberg also called for the creation of a privacy agency within the federal government to review the plan and other similar proposals. Rotenberg recommended that the government set aside 3 percent of the "vast budget" being assembled "to erect all of these elaborate surveillance techniques" to fund the new agency.

In his statement, Rotenberg also alluded to "indications" contained in documents acquired by EPIC "that the [Critical Infrastructure Assurance Office] intends to make use of credit card records and telephone toll calls" as part of its overall intrusion-detection system. "It is impermissible in the United States to give a federal agency such extensive surveillance authority," he said.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected