Interior's Internet disconnect
- By Aliya Sternstein
- Oct 11, 2004
Did a federal judge overstep his bounds when he issued an order for Interior Department computers to be disconnected from the Internet?
The question came up in a recent debate about Cobell v. Norton, an 8-year-old class-action lawsuit against Interior officials. Some independent security experts and a law professor said the judge in the U.S. District Court for the District of Columbia may have been overreaching in his ruling. But the controversy that prompted the order is far from settled.
In 2001, U.S. District Judge Royce Lamberth, who is overseeing the case, ordered Interior officials to disable Internet connections on all computers that could be used to access Indian Trust Fund data. He has ordered two subsequent shutdowns. Internet access has returned to the department, following a federal appeals court ruling that blocked Lamberth's latest order.
Richard Pierce, a law professor at George Washington University, debated the court-ordered shutdown with Keith Harper, the plaintiff's counsel in the lawsuit against Interior officials. The debate at American University was timed to correspond with the opening of the National Museum of the American Indian on the National Mall in Washington, D.C.
Harper said Lamberth did the right thing by ordering Interior's computers to be disconnected from the Internet.
All computers are vulnerable to hacking, Pierce said. "Imagine if someone shut American University's law school computers down for four years," he said.
Responding to statements that a judge's employee was able to hack into computer systems at Interior, Pierce said disconnecting the department's computers from the Internet is as unreasonable as disconnecting all the computers at SunTrust Banks Inc. because of a single hacker attack.
But Harper said the department's computers are so interconnected that the only means to ensure data safety is to shut down all of them. "We're in a place where individuals' reparations for properties are at risk every day," Harper said. "No other trustee would ever allow their trust system to be so vulnerable to attacks."
The Federal Court of Appeals for the District of Columbia Circuit issued an emergency administrative stay March 25 that temporarily suspends Lamberth's latest shutdown order. Interior officials requested the injunction following his March 15 ruling.
The March 15 order was the third such court ruling since 2001, when investigators determined that hackers could easily break into American Indian trust funds and pillage accounts worth millions of dollars. The shutdown cut off Web access for about 50,000 students attending 180 schools run by the Bureau of Indian Affairs.
Some independent observers, who were not part of the recent debate, said Lamberth's order, while understandable, may have been too far-reaching. "I can understand how Judge Lamberth became exasperated with the way the department has handled this thing over the years," said Bruce McConnell, former chief of information technology policy at the Office of Management and Budget.
"That said, this is a unique situation," he said. "This is the first denial-of-service attack by a federal judge, leaving the department unable to do its job and affecting many innocent citizens."
McConnell said a more targeted remedy would have been preferable, such as isolating the bureau's systems.
Alan Paller, research director at the nonprofit SANS Institute, said, "The reality is that computer security isn't perfect." But he said computer security at Interior should be on a par with that of major banks.