Co-Opting Private Business To Do National Security & Law Enforcement
The following pieces from Doug Isenberg's GIGALAW demonstrate why we cannot allow the government to develop partnerships with corporations in the private sector when it comes to handling personal data, surveillance and security:
There is a growing trend for the government, especially the DOJ and NSA, to use supoenas to grab records from private corporations for purposes of security. Now the government wants to co-opt private corporations into beefing up security in cyberspace. While this may seem like a good idea on the face of it, the problem is that the government has tried this type of initiative before in the form of Project Carnivore and the initiative to require private cyberspace entities to provide, under penalty of law, ways for the FBI and other federal agencies to track e-mail, Internet use, PDA communications, cell phones and VoIP. The growing trend is to extend the arm of law to include private entities as agents of the law. This is patently improper and constitutes an end-run around the constitutional protections of the First, Fourth, Fifth, Ninth and Tenth Amendments of the Bill of Rights.
While the idea of using private enterprise to aid the government by providing technology resources, at a reasonable cost, is admirable, but doing so in the manner of having those private enterprises serve as an extension of the government is not reasonable. Our corporations already have too much influence over our government and our society, and the Abramoff, Cunningham, Enron and other scandals demonstrate how improper that has proven. The technology companies that this initiative targets are essential to our economy, our standing in the world, and our private lives. The government has no business developing avenues for tapping into these services without having a warrant and developing its own tools to do so; doing so in an independent manner preserves judicial and congressional oversight, thus preserving the system of checks and balances.
It is the job and the role of the government to develop its own tools for law enforcement and intelligence. The NSA, CIA, various military developments, and the DOJ can work in a cooperative manner to resolve any problems that need to be conquered... and they can do so in a manner that doesn't allow a private firm to foul up and leak information... which is a proper segway into the next GigaLaw story.
Here is a private corporation--one that is supposed to be a not-for-profit but doesn't appear to be to most Americans--that works hand-in-hand with the government through agencies like CMS, CDC, USPHS, and other federal and state entities that cannot keep its secrets, as required by federal laws (i.e. HIPAA), within its own organization. Unfortunately, this type of incident is not isolated to those entities that have a requirement for "confidentiality", but also entities that have "top secret" requirements. Over the past several years we have had hard drives, zip disks, floppies and other media get lost, removed from top secret facilities, or destroyed in fires. Those incidents have occurred in facilities with high levels of security.
As a former facilities manager in charge of security for a major broadband provider, I can attest to the fact that security is one of the lowest priorities in the corporate world. This is true across the board in a vast majority of corporations. In my role I was required to coordinate security with contractors, vendors, corproate personnel, emergency response providers, utility providers, partners and government agents... and security with all of these places was easily penetrable. The recent RSA Security Conference spent a ton of time bemoaning the role of security in the IT world.
Passing the role of security over to private corporations is not only an end-run around the limits on law enforcement, it is infeasible, unwise, unsecure, and potentially unconstitutional.
FBI Director Seeks Help from Businesses on Cybercrime
The FBI needs more help from private businesses to stay ahead of the curve in the fight on cybercrime, said FBI Director Robert Mueller. "Those of you in the private sector are our first line of defense," Mueller said during a speech to attendees of the RSA Conference 2006.
There is a growing trend for the government, especially the DOJ and NSA, to use supoenas to grab records from private corporations for purposes of security. Now the government wants to co-opt private corporations into beefing up security in cyberspace. While this may seem like a good idea on the face of it, the problem is that the government has tried this type of initiative before in the form of Project Carnivore and the initiative to require private cyberspace entities to provide, under penalty of law, ways for the FBI and other federal agencies to track e-mail, Internet use, PDA communications, cell phones and VoIP. The growing trend is to extend the arm of law to include private entities as agents of the law. This is patently improper and constitutes an end-run around the constitutional protections of the First, Fourth, Fifth, Ninth and Tenth Amendments of the Bill of Rights.
While the idea of using private enterprise to aid the government by providing technology resources, at a reasonable cost, is admirable, but doing so in the manner of having those private enterprises serve as an extension of the government is not reasonable. Our corporations already have too much influence over our government and our society, and the Abramoff, Cunningham, Enron and other scandals demonstrate how improper that has proven. The technology companies that this initiative targets are essential to our economy, our standing in the world, and our private lives. The government has no business developing avenues for tapping into these services without having a warrant and developing its own tools to do so; doing so in an independent manner preserves judicial and congressional oversight, thus preserving the system of checks and balances.
It is the job and the role of the government to develop its own tools for law enforcement and intelligence. The NSA, CIA, various military developments, and the DOJ can work in a cooperative manner to resolve any problems that need to be conquered... and they can do so in a manner that doesn't allow a private firm to foul up and leak information... which is a proper segway into the next GigaLaw story.
Health Insurance Worker Transferred Data to Home Computer
Blue Cross Blue Shield of Florida recently determined that a contractor inappropriately transferred corporate data to his home computer, possibly compromising the identities of 27,000 people. The data included the names and Social Security numbers of current and former employees, contractors and vendors, says Lisa Acheson Luther, Blue Cross spokeswoman.
Here is a private corporation--one that is supposed to be a not-for-profit but doesn't appear to be to most Americans--that works hand-in-hand with the government through agencies like CMS, CDC, USPHS, and other federal and state entities that cannot keep its secrets, as required by federal laws (i.e. HIPAA), within its own organization. Unfortunately, this type of incident is not isolated to those entities that have a requirement for "confidentiality", but also entities that have "top secret" requirements. Over the past several years we have had hard drives, zip disks, floppies and other media get lost, removed from top secret facilities, or destroyed in fires. Those incidents have occurred in facilities with high levels of security.
As a former facilities manager in charge of security for a major broadband provider, I can attest to the fact that security is one of the lowest priorities in the corporate world. This is true across the board in a vast majority of corporations. In my role I was required to coordinate security with contractors, vendors, corproate personnel, emergency response providers, utility providers, partners and government agents... and security with all of these places was easily penetrable. The recent RSA Security Conference spent a ton of time bemoaning the role of security in the IT world.
Passing the role of security over to private corporations is not only an end-run around the limits on law enforcement, it is infeasible, unwise, unsecure, and potentially unconstitutional.
posted by Jim Downey at 8:09 AM
0 Comments:
Post a Comment
<< Home