By Jared Chausow
By Katie Toth
By Elizabeth Flock
By Albert Samaha
By Anna Merlan
By Jon Campbell
By Jon Campbell
By Albert Samaha
What really outraged the Republicans was that they saw FIDNet as vintage Clinton administration, another attack on freedom by Big Government Democrats. The press also described FIDNet as a White House project. But FIDNet was actually cooked up by civil servants and government lifers in the National Security Council. "It was done by staffers," says Mark Montgomery, director of transnational threats for the NSC. In fact, Clinton had never approved of FIDNet's existence, according to those who worked on it. "This is just a good government practice to protect federal computer systems against malicious activity," Montgomery says. Nevertheless, everyone blamed the man in the Oval Office, which made for easy headlines but missed the real lesson of FIDNet.
The truly scary thing about the program was that it arose out of the bowels of the government as a matter of course that for the staffers at the NSC, spying on the Internet seems natural. And that speaks volumes about the state of our surveillance society.
How else to explain the draft proposal for FIDNet, which is long on authoritarian ambition and short on democratic restraint? The chutzpah of the document is startling, as it envisions thousands of software programs spying on key parts of the Web, including all government sites and those of most banks, telcos, and transportation companies. The language of the FIDNet proposal is ominous: "the collection of certain data identified as anomalous activity or a suspicious event would not be considered a privacy issue." Yet there is no explanation of what constitutes "anomalous activity" or a "suspicious event."
FIDNet's authors could be so bold because officials at agencies like the NSC and FBI now consider monitoring the normal procedure for bureaucratic expansion. So it became doubly strange when the story morphed into nothing more than a tale of the Clinton administration's latest follies. Early in the news coverage Representative Bob Barr summed up the mood on the Hill when he said, "The Clinton administration has made this mistake before." Barr was referring to the "Know Your Customer" campaign by the Federal Deposit Insurance Corporation (FDIC), which would have required banks to report "unusual transactions" to the government. That plan also originated at the agency level.
"It's tempting to go after the Dems [for this]," says Marc Rotenberg, director of the Electronic Privacy Information Center (EPIC). "But the problems with FIDNet reveal much deeper characteristics of the national security state that have little to do with the party that happens to be in the White House." Indeed, analysts at the Center for Democracy and Technology (CDT), the online outlet that broke the FIDNet story, concur with Rotenberg's assessment. "The Clinton administration has a poor record on civil liberties, especially when asserted law enforcement or national security interests are at stake," says James X. Dempsey, CDT's senior staff counsel. "But neither George Bush nor Bob Dole would have been any better."
Government watchdog groups like the CDT are eager to argue that FIDNet would not have served its purpose, even if it had been implemented. The surveillance net was supposed to keep key institutions safe from organized attacks. But in the private sector, it would work only if companies were willing to share their security protocols with the government. "It is not likely that the private sector will voluntarily participate in FIDNet or other critical infrastructure protection measures that originate with the government," explains Dempsey. "[They] believe they are in a better position than the government to evaluate risks and prioritize protective and mitigative measures. FIDNet is not primarily about protection it is about intelligence gathering."
Fortunately, the Internet does not depend on schemes like FIDNet for its security. Just hours after the plan was leaked, the geeks at Slashdot.org had posted dozens of ways that FIDNet could be defeated, including a program that would automatically set off an endless cycle of false alarms and drive the listening spooks crazy.