President Obama plans to make changes to current Internet security laws
January 8, 2011
A White House official said yesterday that President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans citizens. The plan has already been formulated before Congress but never made it law.
White House Cybersecurity Coordinator Howard Schmidt said "It's the best department in the U.S. government to centralize efforts toward creating an identity ecosystem for the Web."
The move effectively pushes the department to the forefront of the issue, beating out other potential candidates, including the NSA (National Security Agency) and the DHS (Department of Homeland Security). The decision also is likely to please privacy and civil-liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.
The announcement came at an event yesterday at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.
"We're not talking about a national ID card. We're not talking about a government-controlled system either. What we are talking about is enhancing Internet security and privacy, and reducing, or even better, eliminating the need to memorize too many passwords, through the creation and use of more trusted digital identities," said Locke.
The U.S. Commerce Department will be setting up a national program office to work on this project, Locke said. However, specific details about the Trusted Identity Project are almost nonexistent.
Last year's announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.
The White House is currently drafting what it is calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by President Obama in the next few months. An early version was publicly released last summer, however.
Overall, inter-agency rivalries to claim authority over cybersecurity have existed ever since many responsibilities were centralized in the Department of Homeland Security as part of its creation in 2002. In 2008, proposals were circulating in Washington to transfer authority to the secretive NSA, which is part of the U.S. Defense Department.
Locke said that anonymity and pseudonymity will still remain possible on the Web. "I don't have to get a credential, if I don't want to. There's no chance that a centralized database will emerge, and we need the private sector to lead the implementation of this," said Locke.
Jim Dempsey of the Center for Democracy and Technology said any Internet ID must be created by the private sector and must be voluntary and competitive in pricing.
"The U.S. government cannot create that identity infrastructure. If it tried to, it wouldn't be trusted," said Dempsey.
In March 2009, Rod Beckstrom, director of Homeland Security's National Cybersecurity Center, resigned through a letter that gave a rare public glimpse into the competition for budgetary dollars and cybersecurity authority. Beckstrom said at the time that the NSA "effectively controls DHS cyberefforts through detailees, technology insertions," and has proposed moving some functions to the agency's Fort Meade, Md., headquarters.
One of the NSA's top priorities is information assurance. But it's normally a lustrous star in the political sky that has dimmed quite a bit recently due to Wikileaks-related revelations. Bradley Manning, the U.S. Army private who is accused of liberating hundreds of thousands of confidential government documents from military networks and sending them to Wikileaks, apparently joked about the NSA's incompetence in an online chat in May 2010.
"I even asked an NSA official if he could find any suspicious activity coming out of local networks," Manning reportedly said in a chat transcript provided by ex-hacker Adrian Lamo. "He shrugged and said, it's not a priority."
In December, police in the Netherlands said it arrested a 16-year-old teenager for participating in Internet hacking attempts against the websites of MasterCard and Visa as part of a DDoS (distributed denial of service) attack to support WikiLeaks and its founder and editor Julian Assange.
A press release issued on Dec. 9 said the unnamed boy confessed to the distributed denial-of-service attacks after his computer equipment was seized from his parent's house.
He was arrested in The Hague, and was scheduled to be arraigned before a judge in Rotterdam the next day. It is the first known report of an arrest in the ongoing WikiLeaks attacks, which started earlier this week.
The boy's arrest comes shortly after anonops.net, a Netherlands-hosted website used to coordinate attacks against companies perceived as harming WikiLeaks, was taken offline. A Panda Security researcher said the website was itself the victim of DDoS attacks, but the investigation by the Dutch High Tech Crime Team has also involved digital data carriers, according to the release.
It's still not exactly clear what the term 'digital data carriers' mean, however.
Dutch police didn't want to name the boy or to specify the crimes he was charged with or say exactly what his involvement in the attacks was since the law in the Netherlands doesn't permit to name offenders less than 18 years old.
According to security researchers, the Low Orbit Ion Cannon tool, which thousands of WikiLeaks sympathizers are using nowadays to unleash the DDoS attacks, takes no steps to conceal their IP addresses. It wouldn't be surprising if attackers who used the application from Internet connections at their home or work also receive a call from local law enforcement agencies.
Thursday, the U.S. government said that it is looking at various ways to criminally charge Wikileaks founder Julian Assange for getting access to and then leaking sensitive documents that are only on a 'need to know basis' and making those documents publically available on the Web.
It also added that Assange could be in serious legal trouble for disclosing classified information because he is not a journalist.
When asked whether traditional media organizations that republish secret documents could be prosecuted, State Department spokesman Patrick Crowley said that the Obama administration applauds "the role of journalists in your daily pursuits. In our view, Mr. Assange is not a journalist, and that makes all the difference," Crowley added.
Source: The White House.
You can link to the Internet Security web site as much as you like.