June 21, 2000 The Honorable Orrin G. Hatch Dear Mr. Chairman: The Institute of Electrical and Electronics Engineers - United States of America (IEEE-USA)and the Computer Professionals for Social Responsibility (CPSR) support the goal of infrastructure protection; however, we are very concerned about the potential loss of individual privacy that could result from passage of the Internet Integrity and Critical Infrastructure Protection Act of 2000, S. 2448, in its present form. IEEE-USA and CPSR do not support the bill in its present form, and the ACM U.S. Public Policy Committee has serious concerns as well. We applaud efforts to create a more robust infrastructure. Recent events have highlighted the need for such efforts. We believe, however, that this goal is much more likely to be achieved by direct, positive efforts to enhance the robustness of the national and international infrastructure itself. This can be achieved in part through better protocols, new standards for reliability and best practices, and increased testing on all dimensions. A number of recent untoward events have proven to be accidents and/or experiments. Our reading of S.2448 suggests that under its terms, many of these events would be considered criminal behavior. The unintended consequences of so treating them could well result in the diminution of the very innovation, education and research required to create more robust systems. By focusing on an approach that is less likely to be effective, S. 2448 would, if passed, divert attention, energy and resources from an approach that is much more likely to prove fruitful, creating a more robust infrastructure. Security and privacy are tightly intertwined. Many tools that are employed by attackers (such as anonymity and encryption) can be used to protect and strengthen a network. For example, encryption at a level appropriate to the individual's need for privacy can contribute to the robustness of the infrastructure by preventing the theft of authentication information. It would simultaneously contribute to the individual's feeling of security and well-being. As written, S. 2448 includes three ways that an individual's privacy would be diminished:
These changes from current accepted practice clearly will diminish an individual's personal privacy, but they offer little assurance of significantly contributing to the protection of critical infrastructure. In addition, there are other legislative initiatives at the state and national levels which can reasonably be expected to result in a weaker infrastructure. Attached you will find further discussion of the issues we have identified here. We hope this information proves useful and we would be more than happy to discuss these points further with you and your staff. IEEE is the world’s largest technical professional association with approximately 352,000 members worldwide. IEEE-USA promotes the careers and public policy interests of the nearly 230,000 electrical, electronics and computer engineers who are U.S. members of the IEEE. CPSR is a public-interest alliance of computer scientists and others concerned about the impact of computer technology on society. Founded in 1947, the Association for Computing Machinery (USACM) is the world’s first educational and scientific computing society. Our over 80,000 members include prominent computer science researchers and developers, as well as the leadership of the major research and development laboratories in our nation’s industries and government. If you have any questions, please contact Deborah Rudolph at (202) 785-0017 x 8332. Sincerely, Merrill W. Buckley, Jr. Coralee Whitcomb Eugene Spafford ADDITIONAL BACKGROUND ITEM (1) The use of a unique identifier for an individual can both enhance and threaten an individual's privacy. For example, Social Security numbers are widely used as unique identifiers; yet, if wrongfully used, they can create substantial risk and loss of privacy to the individual. Security technologies that are connected to a role or credential (so-called "role-based authentication strategies") or shared keys (which require multiple users to authenticate) have a much brighter future because they are not tightly linked to individual identity. These authentication strategies, not tightly coupled to individual identity, have the ability to recover from compromise and be removed from service when no longer needed. Their transient nature makes them more difficult to intercept, clone, spoof and/or hack. ITEM (2) Altering the search and seizure rules would well result in a network that is less trustworthy, not more trustworthy. Removing requirements for notification and best practice for digital evidence could well create a chain of actions that makes digital evidence less and not more trustworthy than traditional evidence. It is very easy to create a perfect unauthorized duplicate of digital evidence. The proposed rules would create an environment in which hackers could easily implicate innocent and less technologically-savvy individuals. Consider the following possible series of electronic acts, which would create a nightmare for the innocent: commit an electronic crime, break into a machine owned by a second victim, leave evidence of the first crime, then report the second person to the police for having suspicious or illegal material. By allowing law enforcement to move forward unbeknownst to the accused, the law would make hackers super-empowered, rather than endangered. In the chain of events above, it could well be that neither the first nor the second victim would be able to respond effectively when confronted with the evidence. Critical infrastructure protection will best be served by creating secure, trustworthy networks and endpoints. ITEM (3) New facilities for electronic search and seizure within the context of current and future international relationships can well lead to increased vulnerabilities. The United States is at once the most wired and most vulnerable of all nations. The goals of the United States are best served by creating a robust infrastructure, not by building a weak infrastructure predicated on the trust of the legal mechanisms of all the connected nations in the world. The infrastructure can be built to be more reliable in the face of identity theft, software with security vulnerabilities and untrustworthy regimes across the globe. However, S. 2448 is not likely to encourage long-term infrastructure reliability and, in fact, has elements which may well undermine infrastructure reliability. ITEM (4) One legislative action that would improve the protection of the critical infrastructure which is strongly recommended by us would be to block enforcement of those provisions of the Uniform Computer Information Transactions Act (UCITA) that are harmful to infrastructure protection. UCITA takes effect October 1 in Maryland, and June 1, 2001 in Virginia, and is being considered by other states and the District of Columbia. Examples of the provisions of UCITA that harm infrastructure protection include:
We applaud Congressional awareness of the need for infrastructure protection. As noted above, we would welcome the opportunity to discuss matters related to legislation for critical infrastructure protection with your staff. (The same letter was also sent to Sen. Charles Schumer (NY) The Institute of Electrical and Electronics
Engineers - United States of America | Top of Page | Policy Log | Public Policy Forum | IEEE-USA | Last Update 21 June 2000 Permission to copy IEEE-USA policy communications is granted for non-commercial uses with appropriate attribution, unless otherwise indicated. |
||
