The Washington Post
Copyright 1999, The Washington Post Co. All Rights Reserved

Wednesday, September 22, 1999

A Section

THE FEDERAL PAGE

Computer Security Proposal Is Revised; Critics Had Raised Online Privacy Fears
Robert O'Harrow Jr.
Washington Post Staff Writer

The Clinton administration yesterday offered a revised plan for
improving the security of government computer systems, after criticism
that an earlier proposal to monitor Internet activity would erode the
privacy of computer users.

The original plan for the Federal Intrusion Detection Network,
or Fidnet, created an uproar this summer among civil libertarians and
others who complained that the system could be used to track people
who contacted government agencies online.

Among the loudest critics were GOP leaders on Capitol Hill, who
fired off letters to President Clinton and Attorney General Janet
Reno, saying the proposal "raises the Orwellian possibility" that
government bureaucrats could misuse the information.

Under that earlier proposal, Fidnet would have used an array of
software to seek out patterns of activity that might indicate the
insertion of a computer virus or an intrusion by a hacker, terrorist
or foreign government. Upon detection, such patterns would have been
automatically relayed to a central monitoring site at the Federal
Bureau of Investigation.

The new plan, submitted to Congress in an amended budget
request, would limit the scope of data collection and analyze only
activity on government computers that seems suspicious, according to
administration officials.

No information about the use of government computers online
will automatically be sent to the FBI or other law enforcement
agencies, officials said. Instead, data will be forwarded only when a
government agency believes it has identified suspicious activity,
officials said.

In addition, the Fidnet system will not create new links to
private computer systems, as some critics had feared, according to
officials who helped draft the proposal. It will focus on training
experts at each federal agency to identify computer intrusions, the
officials said.

Peter P. Swire, the administration's privacy counselor, said
the revised proposal attempts to protect both privacy and the security
of government computers.

"Fidnet will help assure that critical government computer
system have the same protections that have become standard in the
private sector," Swire said.

Officials at the National Security Council, which drew up the
original plans for the system, said the administration's plan also
calls for a "federal cyber service training" initiative that would
develop a much larger group of government security experts.

NSC spokesman David Leavy said the proposal now reflects some
of the concerns of critics.

"The president determined the threat to the nation's computers
and critical infrastructure is one of the main challenges in the next
century," Leavy said. "This proposal balances the efforts to safeguard
our national security with the need for privacy."

A civil liberties activist applauded the new proposal,
particularly the limits on automatic data collection.

"It seems to be a significant refocusing for the better," said
James X. Dempsey, senior staff counsel at the Center for Democracy and
Technology, a nonprofit public policy group in Washington that had
criticized the draft proposal. "The role of the FBI has returned to
what it should be, which is the investigation of apparent crimes."

The administration request, a modification of the fiscal 2000
budget that Clinton sent to Congress in February, asks for an
additional $39 million to fund an array of programs for "Critical
Infrastructure Protection," including about $8.4 million for the
Fidnet initiative. Administration officials said the proposal is fully
paid for by offsets in other areas.