[EAS]Federal Security Failures

pjk pjk at design.eng.yale.edu
Tue Nov 26 15:40:56 EST 2002


Subject:   Federal Security Failures

(from Edupage, November 20, 2002)

HOMELAND SECURITY BILL INCLUDES INTERNET PROVISIONS
The bill creating the Department of Homeland Security, which recently
passed Congress, includes provisions affecting cybersecurity and tools
for enforcing such. The bill expands sentencing for convicted
cybercriminals, allowing for sentences of life in prison if an
electronic attack causes or attempts to cause death. The bill also
adds protections for Internet service providers that turn over
subscribers' information to the government "in good faith," even when
a warrant has not been issued for that information. Also included in
the Homeland Security Bill is a provision that allows the government
to trace e-mails and Internet traffic without any court approval if a
cyberattack is happening.
New York Times, 19 November 2002 (registration req'd)
http://www.nytimes.com/pages/technology/text/index.html


REPORT GIVES U.S. AGENCIES FAILING GRADE FOR SECURITY
A new report from the House Government Reform subcommittee on
government efficiency gives failing grades in electronic security to
14 of the 24 largest federal departments and agencies. Rep. Stephen
Horn (R-Calif.), who chairs the panel, said that the overall grade is
an "F," which it was last year, also. The worst grades were given for
the departments of Justice, State, Defense and Transportation, while
the Social Security Administration received a "B-," the highest grade
of the 24. Robert F. Dacey of the General Accounting Office and author
of the report said that the grades do not necessarily indicate that
security is getting worse. Rather, the marks indicate that
"information security weaknesses are becoming more fully understood,"
which he called "an important step toward addressing the overall
problem." Washington Post, 20 November 2002
http://www.washingtonpost.com/wp-dyn/articles/A12321-2002Nov19.htmlDear 

----------------------------------------------------------------------
Dear Colleagues -

Great sources of comfort, both. The admirable statement in the
second item

> Robert F. Dacey of the General Accounting Office and author of the
> report said that the grades do not necessarily indicate that security
> is getting worse. Rather, the marks indicate that "information
> security weaknesses are becoming more fully understood," which he
> called "an important step toward addressing the overall problem."

will presumably set the standard for

> a provision that allows the government to trace e-mails and Internet
> traffic without any court approval

in the first item.  

The full text of the Homeland Security Act of 2002 (all 475 pages)
is at <http://news.findlaw.com/hdocs/docs/terrorism/hsa2002.pdf>. In
it are not only the provisions that so concern privacy advocates,
but also provisions that e.g. absolve drug companies from
complications from their vaccines, and undo the legislation passed
just last July curbing off-shore corporate tax havens. Somebody
ought to read it carefully and do a tally of all the items
irrelevant to security, the last-minute post-election favors that
were slipped in on behalf of generous corporate political donors.

   --PJK






More information about the EAS-INFO mailing list