The final law prohibits the Justice Department's proposed citizen-informant programme called TIPS (terrorist information and prevention system) and rejects "the development of a national identification system or card." But civil liberties groups are concerned about the impact the law will have on privacy, especially when linked with a pair of controversial projects funded by the Defense Advanced Research Projects Agency (DARPA). The agency considered and abandoned a plan to curtail Internet anonymity by tagging browsing with unique markers for each person, while funding a mammoth database that would feature profiles of nearly all Americans' behaviours and spending habits. "Is it appropriate for the US Department of Defense to pursue an aggressive programme of (technology development) that can be used for surveillance of Americans?" asked Marc Rotenberg, the director of the Electronic Privacy Information Center. Rotenberg called for the ouster of former admiral John Poindexter, who runs DARPA's Total Information Awareness (TIA) programme, saying Poindexter's past efforts to create similar databases made him unsuitable to head the project. Last week, Sen. Chuck Grassley of Iowa asked the Defense Department's inspector general to conduct a "complete review" of DARPA's TIA programme. Grassley will become chair of the Senate Finance committee next year, at which time he'll be in a position to place a check on the programme's funding. The details
After the reorganisation is complete, the new department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection". Those are the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis centre and the Federal Computer Incident Response Center. A last-minute addition to the Homeland Security bill was the 16-page Cyber Security Enhancement Act, which the House approved as a standalone bill in July. It expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, grants Internet providers more latitude to disclose information about subscribers to police in emergency circumstances and says those convicted of malicious hacking face sentences as severe as life in prison. Another addition, which was opposed by open-government activists and journalist groups, says that information that businesses give the department that's related to "critical infrastructure" will not be subject to the Freedom of Information Act. That could include details on virus research, security holes in applications and operating system vulnerabilities. The law also establishes an office designed to become "the national focal point for work on law enforcement technology." Categories include computer forensics, tools for investigating computer crime, DNA identification technologies and the development of firearms that recognize their owner. The office also is charged with funding the creation of tools to help state and local law enforcement agencies thwart computer crime. The Department of Homeland Security law also creates a Directorate for Information Analysis and Infrastructure Protection that is charged with analysing vulnerabilities in systems including the Internet, telephone networks and other critical infrastructures, and orders the creation of a "comprehensive national plan for securing the key resources and critical infrastructure of the United States" including information technology, financial networks and satellites. The law also: * requires all federal agencies, including the CIA, the Defense Department and the National Security Agency, to provide the new department with any "information concerning the vulnerability of the infrastructure of the United States;" * punishes any department employee with one year in prison for disclosing details that are "not customarily in the public domain" about critical infrastructures; * creates a privacy representative and a civil liberties officer to ensure that the department follows reasonable "privacy protections relating to the use, collection and disclosure of personal information;" * allows the department to create a national corps of volunteers to "assist local communities to respond and recover from attacks on information systems and communications networks."
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
