Threats to the security of our nation's computer networks should be taken seriously. But this massive monitoring program is too intrusive and inefficient to be acceptable.
Protecting the privacy of American citizens has not been one of President Clinton's strong suits. From signing legislation that assigns us all a "unique health identifier" so that our medical records can follow us throughout our lives, to approving the use of roving wiretaps, the Clinton administration consistently has been willing to sacrifice our privacy rights to its policy objectives.
Now, the National Security Council has proposed the daddy of all government monitoring schemes as a strike against cyber-terrorism. Its plan is a comprehensive computer surveillance system administered by the Federal Bureau of Investigation that would watch both government and non-government computer networks to detect infiltration, tampering or other illegal acts.
The Federal Intrusion Detection Network, or Fidnet, is to be in place by 2003, subject to the president's approval. It was a response to a Clinton directive in May 1998 that the nation's computer systems be evaluated for their vulnerability to infiltration and sabotage.
Fidnet is startling in its breadth. Networks of thousands of software programs designed to monitor computer network activity would keep track of systems sensitive to our national security and general welfare. Networks of government computers would be constantly monitored _ and, with the consent of corporations, so would those that run such industries as banking, telecommunications, transportation and other areas of commerce deemed vital to the country's stability. The software programs would automatically look through the communications and files of employees, seeking suspicious patterns. Those identified would be further investigated.
Certainly, preventing a cyber-attack is a national priority. Threats to the security of our nation's computer networks should be taken seriously. But this kind of massive monitoring program is too intrusive and inefficient to be acceptable. Critics and civil libertarians point to some glaring problems.
Barry Steinhardt, associate director of the American Civil Liberties Union, says the development of a network monitoring system may make government networks more vulnerable to security breaches. Ironically, says Steinhardt, Fidnet might "provide a road map for hackers" into all networked government computer systems.
No reliable software has been developed to discern patterns of intrusion. As a result, more adept cyber-terrorists may well be able to do their dirty work undetected, while the typical government employee will be constantly scrutinized. And the program would inappropriately blend military and civilian functions; the FBI and a contingent from the Department of Defense would work together to protect Pentagon computers.
Although government employees retain little legal privacy protection for their on-the-job activities, there may still be a constitutional problem here. Government employees who have done nothing suspicious should not be under constant surveillance by a branch of federal law enforcement.
Encryption of data is the best alternative to such a massive surveillance system, Steinhardt points out. Good computer security through encryption is currently available, but the Clinton administration has tried to undermine strong encryption at every turn. Too many in Washington want to protect computer security by having the government know everything that's being communicated, an impossible and troubling goal. The best way to protect computer data is to build an encryption fortress around it to make it impenetrable, even by government.