November 25, 2002 5:08 PM PST
Bush signs Homeland Security bill
The authors of the massive law, which totals about 500 pages, envision a far greater role for the government when it comes to making sure operating systems, hardware and the Internet are secure. The law allocates $500 million for research into new technologies. It also classifies certain activities as new computer crimes, stiffens penalties and permits Internet providers to hand more information about subscribers to police.
"The department will gather and focus all our efforts to face the challenge of cyberterrorism, and the even worse danger of nuclear, chemical and biological terrorism," Bush said during a White House ceremony Monday afternoon. "This department will be charged with encouraging research on new technologies that can detect these threats in time to prevent an attack."
Bush nominated Tom Ridge, the former Pennsylvania governor who's currently a White House advisor, to run the new department.
White House spokesman Ari Fleischer warned on Monday that it will take "a couple years" to integrate the 22 existing federal agencies that will make up the new department and to deal with culture clashes and incompatible computer systems. Together, these agencies--the list includes the Secret Service, the Immigration and Naturalization Service, the Coast Guard and the Border Patrol--employ about 170,000 people.
"In the process of bringing people together, there are, of course, going to be wrinkles that need to get ironed out," Fleischer said. "No transition is perfect. (But) this process will lead to enhanced homeland security for the American people."
The final law prohibits the Justice Department's proposed citizen-informant program called TIPS (terrorist information and prevention system) and rejects "the development of a national identification system or card."
But civil liberties groups are concerned about the impact the law will have on privacy, especially when linked with a pair of controversial projects funded by the Defense Advanced Research Projects Agency (DARPA).
The agency considered and abandoned a plan to curtail Internet anonymity by tagging browsing with unique markers for each person, while funding a mammoth database that would feature profiles of nearly all Americans' behaviors and spending habits.
"Is it appropriate for the U.S. Department of Defense to pursue an aggressive program of (technology development) that can be used for surveillance of Americans?" asked Marc Rotenberg, the director of the Electronic Privacy Information Center.
Rotenberg called for the ouster of former admiral John Poindexter, who runs DARPA's Total Information Awareness (TIA) program, saying Poindexter's past efforts to create similar databases made him unsuitable to head the project.
Last week, Sen. Chuck Grassley of Iowa, asked the Defense Department's inspector general to conduct a "complete review" of DARPA's TIA program. Grassley will become chairman of the Senate Finance committee next year, at which time he'll be in a position to place a check on the program's funding.
After the reorganization is complete, the new department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection." Those are the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center.
A last-minute addition to the Homeland Security bill was the 16-page Cyber Security Enhancement Act, which the House approved as a standalone bill in July. It expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, grants Internet providers more latitude to disclose information about subscribers to police in emergency circumstances and says those convicted of malicious hacking face sentences as severe as life in prison.
Another addition, which was opposed by open-government activists and journalist groups, says that information that businesses give the department that's related to "critical infrastructure" will not be subject to the Freedom of Information Act. That could include details on virus research, security holes in applications and operating system vulnerabilities.
The law also establishes an office designed to become "the national focal point for work on law enforcement technology." Categories include computer forensics, tools for investigating computer crime, DNA identification technologies and the development of firearms that recognize their owner. The office also is charged with funding the creation of tools to help state and local law enforcement agencies thwart computer crime.
The Department of Homeland Security law also creates a Directorate for Information Analysis and Infrastructure Protection that is charged with analyzing vulnerabilities in systems including the Internet, telephone networks and other critical infrastructures, and orders the creation of a "comprehensive national plan for securing the key resources and critical infrastructure of the United States" including information technology, financial networks and satellites.
The law also
requires all federal agencies, including the CIA, the Defense Department and the National Security Agency, to provide the new department with any "information concerning the vulnerability of the infrastructure of the United States;"
punishes any department employee with one year in prison for disclosing details that are "not customarily in the public domain" about critical infrastructures;
creates a privacy representative and a civil liberties officer to ensure that the department follows reasonable "privacy protections relating to the use, collection and disclosure of personal information;"
allows the department to create a national corps of volunteers to "assist local communities to respond and recover from attacks on information systems and communications networks."