Cybersecurity Plan May Pose Privacy Problems
WASHINGTON -- Amid published reports that a pared-down Bush administration cybersecurity policy is circulating, critics of a previous draft of the "National Plan to Secure Cyberspace" are still worried about what's in the plan, and what has been left ambiguous.
The Associated Press reported Tuesday on a White House internal draft of the
The White House isn't commenting on specifics in the new draft, because it's still a work in progress, but many of the changes to the draft since it was
Olson dismissed concerns from published reports that the new draft cuts out a recommendation to consult with civil liberties groups over privacy issues. The working draft of the cybersecurity plan strengthens its privacy protections by creating a privacy officer in the Department of Homeland Security and making privacy a "common thread" throughout the document instead of just one recommendation, she said.
The privacy officer hasn't been appointed yet. "I'm sure whoever is selected is going to be well aware of privacy issues and concerns," Olson said, when asked how privacy advocates will be assured of protection.
Wayne Madsen, a senior fellow at the Electronic Privacy Information Center, said he's more concerned about what's not in the
"The danger is not what's said, but what's not said," Madsen added.
One proposal that didn't make the original draft is to license all computer security personnel at government agencies and private companies, Madsen claimed. With security workers "deputized," their allegiances might be torn between their co-workers' privacy and the government.
"They would've loved to have said that in black and white in this plan," he said. "They've obviously learned quite a bit from releasing these plans in the past."
While Madsen said he believes the licensing plan is still being considered in the White House, Olson said she's not aware of such a proposal. The draft released in September can be found
Olson noted that the plan in progress doesn't include any regulations for private industry. "Mandates create a lowest common denominator," she said. "We don't want a lowest common denominator for security."
Bob Crowley, senior vice president of encryption company Research Triangle Software of Cary, North Carolina, said he would welcome fewer recommendations in the Bush plan because the original draft showed a "lack of understanding of the way software is made and distributed."
Crowley questioned earlier recommendations for the tech industry to create a national clearinghouse for security patches and for companies to share their security procedures with their industries. "I don't think that's a good idea," he said. "If you tell somebody, it's no longer secure."