US residents: big shrub may be watching you

Bush Administration to Propose System for Monitoring Internet


The Bush administration is planning to propose requiring Internet
service providers to help build a centralized system to enable broad
monitoring of the Internet and, potentially, surveillance of its

The proposal is part of a final version of a report, "The National
Strategy to Secure Cyberspace," set for release early next year,
according to several people who have been briefed on the report. It
is a component of the effort to increase national security after the
Sept. 11 attacks.

The President's Critical Infrastructure Protection Board is preparing
the report, and it is intended to create public and private
cooperation to regulate and defend the national computer networks,
not only from everyday hazards like viruses but also from terrorist
attack. Ultimately the report is intended to provide an Internet
strategy for the new Department of Homeland Security.

Such a proposal, which would be subject to Congressional and
regulatory approval, would be a technical challenge because the
Internet has thousands of independent service providers, from garage
operations to giant corporations like American Online, AT&T,
Microsoft and Worldcom.

The report does not detail specific operational requirements,
locations for the centralized system or costs, people who were
briefed on the document said.

While the proposal is meant to gauge the overall state of the
worldwide network, some officials of Internet companies who have been
briefed on the proposal say they worry that such a system could be
used to cross the indistinct border between broad monitoring and

Stewart Baker, a Washington lawyer who represents some of the
nation's largest Internet providers, said, "Internet service
providers are concerned about the privacy implications of this as
well as liability," since providing access to live feeds of network
activity could be interpreted as a wiretap or as the "pen register"
and "trap and trace" systems used on phones without a judicial order.

Mr. Baker said the issue would need to be resolved before the
proposal could move forward.

Tiffany Olson, the deputy chief of staff for the President's Critical
Infrastructure Protection Board, said yesterday that the proposal,
which includes a national network operations center, was still in
flux. She said the proposed methods did not necessarily require
gathering data that would allow monitoring at an individual user

But the need for a large-scale operations center is real, Ms. Olson
said, because Internet service providers and security companies and
other online companies only have a view of the part of the Internet
that is under their control.

"We don't have anybody that is able to look at the entire picture,"
she said. "When something is happening, we don't know it's happening
until it's too late."

The government report was first released in draft form in September,
and described the monitoring center, but it suggested it would likely
be controlled by industry. The current draft sets the stage for the
government to have a leadership role.

The new proposal is labeled in the report as an "early-warning
center" that the board says is required to offer early detection of
Internet-based attacks as well as defense against viruses and worms.

But Internet service providers argue that its data-monitoring
functions could be used to track the activities of individuals using
the network.

An official with a major data services company who has been briefed
on several aspects of the government's plans said it was hard to see
how such capabilities could be provided to government without the
potential for real-time monitoring, even of individuals.

"Part of monitoring the Internet and doing real-time analysis is to
be able to track incidents while they are occurring," the official

The official compared the system to Carnivore, the Internet wiretap
system used by the F.B.I., saying: "Am I analogizing this to
Carnivore? Absolutely. But in fact, it's 10 times worse. Carnivore
was working on much smaller feeds and could not scale. This is
looking at the whole Internet."

One former federal Internet security official cautioned against
drawing conclusions from the information that is available so far
about the Securing Cyberspace report's conclusions.

Michael Vatis, the founding director of the National Critical
Infrastructure Protection Center and now the director of the
Institute for Security Technology Studies at Dartmouth, said it was
common for proposals to be cast in the worst possible light before
anything is actually known about the technology that will be used or
the legal framework within which it will function.

"You get a firestorm created before anybody knows what, concretely,
is being proposed," Mr. Vatis said.

A technology that is deployed without the proper legal controls
"could be used to violate privacy," he said, and should be considered

But at the other end of the spectrum of reaction, Mr. Vatis warned,
"You end up without technology that could be very useful to combat
terrorism, information warfare or some other harmful act."
