Privacy group to Senate: FIDNet must go
- By Dan Verton
- Feb 03, 2000
The head of the Electronic Privacy Information Center, a Washington, D.C.-based privacy advocacy organization, in a written statement on Tuesday told members of a Senate committee that the Clinton administration's plan to protect the nation's critical infrastructure from cyberattacks poses a significant risk to citizens' privacy and must be withdrawn.
Marc Rotenberg, executive director of EPIC, testified before the Senate Judiciary Committee that the government's plan to establish the Federal Intrusion Detection Network (FIDNet) as part of the overall National Plan for Information Systems Protection "must simply be withdrawn" because of the unprecedented electronic surveillance capabilities it would give the federal government.
The plan, released Jan 12, would establish a vast data sharing network between the Defense Department's Joint Task Force for Computer Network Defense and FIDNet that would monitor civilian agencies' information systems. In addition, private-sector analysis centers periodically would share information with DOD and FIDNet about illegal intrusions into critical infrastructures. The intrusion-detection systems within each of those sectors ultimately would be connected.
Although the Clinton plan for information systems protection discusses privacy issues at length, it falls far short "when compared with the enormous surveillance authority that will be given to the federal government," Rotenberg said. "It requests input from the privacy community but establishes no formal process to incorporate recommendations," he said. "The privacy section describes the need to review various privacy issues, but then focuses on such concepts as 'consent' and 'disclosure' that are clearly intended to facilitate government data collection and monitoring."
Rotenberg also called for the creation of a privacy agency within the federal government to review the plan and other similar proposals. Rotenberg recommended that the government set aside 3 percent of the "vast budget" being assembled "to erect all of these elaborate surveillance techniques" to fund the new agency.
In his statement, Rotenberg also alluded to "indications" contained in documents acquired by EPIC "that the [Critical Infrastructure Assurance Office] intends to make use of credit card records and telephone toll calls" as part of its overall intrusion-detection system. "It is impermissible in the United States to give a federal agency such extensive surveillance authority," he said.