By Zachary D. Roberts
By Anna Merlan
By Jon Campbell and Laura Shunk
By Albert Samaha
By Amanda Dingyuan
By Anna Merlan
By Anna Merlan
By Albert Samaha
The change is "aimed at drafting a limited statutory exemption for information," said Steve Mitchell, the department lawyer who drafted the proposal, "allowing the private sector to voluntarily contribute threat and vulnerability information to the federal government, without it being subject to broad public dissemination through FOIA."
Privacy advocates say the move is part of an effort to pave the way for installing the Federal Intrusion Detection Network, the government's proposed Internet monitoring system. But the Justice Department denies a relationship.
"I never said the word FIDNet. I was talking solely about voluntarily contributed information," says Mitchell. "My understanding of FIDNet is that it is an intra-government monitoring system, and I am taken aback by the fact that those two very different concepts could have been commingled."
But Hill insiders read the development differently. They say the DOJ fears that implementing FIDNet will not be feasible if FOIA statutes remain in their current form. The reason is that businesses say they are unlikely to participate in FIDNet if it means making their proprietary systems protocols subject to public and press scrutiny.
The news that the Justice Department was working up drafts to reform FOIA was first revealed in the insider newsletter the National Journal's Technology Update on October 20, but so far the press has not followed up on the story. The plan to dilute FOIA has already met with criticism from the Republican leadership in Congress.
"We still have great concerns over any government involvement in monitoring private computer networks, so we are not going to change the law for them," says Richard Diamond, a spokesperson for House Majority Leader Richard Armey. "The worst thing about it is they don't even bother telling us what they are trying to do. We sent requests for more information, and they more or less ignored them."
Indeed, FIDNet has always been shrouded in secrecy. The existence of the plan was not made public until June, when a draft copy of a FIDNet proposal was obtained by the Center for Democracy and Technology. After a barrage of press reports, Washington publicly backed away from FIDNet, and House Republicans vowed to block its funding. But the Justice Department's new actions reveal the scheme is very much alive in the executive branch.
"We've stopped funding for FIDNet, period," says Diamond. "But that is not to say that they could not divert money from somewhere else to pay for it. There are so many ways that they could do it, I don't think that would even be hard, they could just call it something else or make it an inter-agency plan."
Although the final form of FIDNet is still uncertain, officials at the National Security Council have said that access to private computer networks is critical to protecting the nation's electronic infrastructure. FIDNet envisions thousands of software programs monitoring break-ins at key parts of the Web, including all government sites and those of most banks, telcos, and transportation companies. The language of the FIDNet proposal was particularly egregious to privacy advocates: "The collection of certain data identified as anomalous activity or a suspicious event would not be considered a privacy issue." "Anomalous activity" and "suspicious event" were left undefined.
The Freedom of Information Act was passed in 1966, allowing the press and citizens access to government records. The law has been modified over the years to protect law enforcement sources and classified information. Privacy and good-government groups say that further changes could interfere with the public's right to know.
"The snowball has already hit the other areas," says Wayne Madsen, a senior fellow at EPIC, a privacy rights group. "FIDNet covers everything from public utilities to banks, to manufacturers, to potentially hospitals. I think Americans have a right to know if there is a problem with the security of their information in these various companies. But this is really a national security cover for a lot of agencies that would like to see FOIA go away. The entire intelligence community, from the NSA to the CIA to the Department of Justiceall these agencies would dearly love to see FOIA disappear."