The Fidnet Files

George Orwell would have cheered when the media blasted a secret plan for Big Brother to watch the Internet. The plan was titled FIDNet (Federal Intrusion Detection Network) and called on the FBI to monitor the information highway 24/7. But after a public interest group posted a copy of the scheme online earlier this month, the press descended and shredded it for threatening civil liberties. By the end of the news cycle, House Republicans had choked off FIDNet’s proposed funding supply, although its supporters still hope to push the plan through.

What really outraged the Republicans was that they saw FIDNet as vintage Clinton
administration, another attack on freedom by Big Government Democrats. The press also
described FIDNet as a White House project. But FIDNet was actually cooked up by civil servants and government lifers in the National Security Council. “It was done by staffers,” says Mark Montgomery, director of transnational threats for the NSC. In fact, Clinton had never approved of FIDNet’s existence, according to those who worked on it. “This is just a good government practice to protect federal computer systems against malicious activity,” Montgomery says. Nevertheless, everyone blamed the man in the Oval Office, which made for easy headlines but missed the real lesson of FIDNet.

The truly scary thing about the program was that it arose out of the bowels of the
government as a matter of course— that for the staffers at the NSC, spying on the Internet seems natural. And that speaks volumes about the state of our surveillance society.

How else to explain the draft proposal for FIDNet, which is long on authoritarian ambition and short on democratic restraint? The chutzpah of the document is startling, as it envisions thousands of software programs spying on key parts of the Web, including all government sites and those of most banks, telcos, and transportation companies. The language of the FIDNet proposal is ominous: “the collection of certain data identified as anomalous activity or a suspicious event would not be considered a privacy issue.” Yet there is no explanation of what constitutes “anomalous activity” or a “suspicious event.”

FIDNet’s authors could be so bold because officials at agencies like the NSC and FBI now consider monitoring the normal procedure for bureaucratic expansion. So it became doubly strange when the story morphed into nothing more than a tale of the Clinton administration’s latest follies. Early in the news coverage Representative Bob Barr summed up the mood on the Hill when he said, “The Clinton administration has made this mistake before.” Barr was referring to the “Know Your Customer” campaign by the Federal Deposit Insurance Corporation (FDIC), which would have required banks to report “unusual transactions” to the government. That plan also originated at the agency level.

“It’s tempting to go after the Dems [for this],” says Marc Rotenberg, director of the Electronic Privacy Information Center (EPIC). “But the problems with FIDNet reveal much deeper characteristics of the national security state that have little to do with the party that happens to be in the White House.” Indeed, analysts at the Center for Democracy and Technology (CDT), the online outlet that broke the FIDNet story, concur with Rotenberg’s assessment. “The
Clinton administration has a poor record on
civil liberties, especially when asserted law
enforcement or national security interests are at stake,” says James X. Dempsey, CDT’s senior staff counsel. “But neither George Bush nor Bob Dole would have been any better.”

Government watchdog groups like the CDT are eager to argue that FIDNet would not have served its purpose, even if it had been implemented. The surveillance net was supposed to keep key institutions safe from organized attacks. But in the private sector, it would work only if companies were willing to share their security protocols with the government. “It is not likely that the private sector will voluntarily participate in FIDNet or other critical infrastructure protection measures that originate with the government,” explains Dempsey. “[They] believe they are in a better position than the government to evaluate risks and prioritize protective and mitigative measures. FIDNet is not primarily about protection— it is about intelligence gathering.”

Fortunately, the Internet does not depend on schemes like FIDNet for its security. Just hours after the plan was leaked, the geeks at Slashdot.org had posted dozens of ways that FIDNet could be defeated, including a program that would automatically set off an endless
cycle of false alarms and drive the listening spooks crazy.