In a remarkably high-speed procedure, the EU Council plans to oblige all Member
States of the Union to introduce chips containing biometric data on their
passports within little less than a year. Allegedly, this step is taken to meet
a U.S. deadline set on 26 October 2004. After that date, according to a law
passed eight months after the 11 September attacks, the U.S will demand visas
from all travellers entering the U.S. who don't have DNA code, fingerprints, or
iris scans embedded in their travel documents.
It is an open secret however, that the filing of biometric features and their
inclusion on personal documents have for a long time been on the wishlist of EU
law enforcement officials, in particular those associated with the Schengen
Information System (SIS). The EU itself plans to introduce biometric data on
visas and residence permits for third country nationals, as part of its fight
against illegal immigrants. These data will be stored in the SIS, apparently
along with biometric data of EU citizens who have come into conflict with the
law.
During the Thessaloniki meeting last month, the EU Heads of State also decided
to allocate a further 140 million Euro to the development of these databases,
which are already the biggest and most extended in Europe. Already they contain
data on more than 800.000 persons, 98 percent of whom have merely been denied
entrance at EU external borders.
No decision has been made so far as to which kind of data - DNA, fingerprints or
iris scans, or any combination thereof - will be used in the EU passports, and
how it will be stored - directly legible or on a chip, encrypted or not. On an
earlier occasion, the UK finance minister Gordon Brown, a strong supporter of
the plan, spoke out for a chip that might also contain any kind of other data.
The Frankfurter Allgemeine Zeitung quotes a German Government spokesman, Daniel
Höltgen, as saying "It basically depends on the United States and on which
feature they require." And: "The interior minister is not worried about data
protection at all. It's just a matter of believing in the German legal system."
A massive new bureaucracy will play a major role in securing software, hardware
and the Net
The overwhelming vote by the Senate on Tuesday approving a Homeland Security
Department has cleared the way for massive reorganisation of the federal
government that will have a dramatic impact on computer and network security in
the US.
The bill -- which sets the stage for the largest federal reorganisation since
the Defence Department was formed in 1947 -- does more than reshuffle government
agencies. It gives the government a major role in securing operating systems,
hardware and the Internet, including allowing for more police surveillance of
the Net; punishing malicious computer hackers with up to life in prison;
establishing a national clearinghouse for computer and network security work;
and spending at least half a billion dollars a year for homeland security
research.
President Bush is expected to sign the bill by the end of the month. "The United
States Congress has taken a historic and bold step forward to protect the
American people by passing legislation to create the Department of Homeland
Security," Bush said after the vote. "This landmark legislation, the most
extensive reorganisation of the federal government since the 1940s, will help
our nation meet the emerging threats of terrorism in the 21st century."
Attorney General John Ashcroft heralded the Senate's 90-9 vote for the massive
new bureaucracy, which combines about 170,000 employees from 22 existing
agencies, as beginning "a new era of cooperation and coordination in the
nation's homeland defence."
Earlier on Tuesday, the Senate voted 52-47, largely along party lines, to reject
Democratic amendments to the bill.
The final bill prohibits the Justice Department's proposed citizen- informant
program called TIPS (Terrorist Information and Prevention System) and rejects
"the development of a national identification system or card." But privacy
advocates and civil libertarians remain worried about the negative consequences
of such a sweeping reorganisation of law enforcement functions with little
oversight.
In a statement calling for more supervision of law enforcement practices, the
Centre for Democracy and Technology said the plan "raises serious concerns about
the privacy of Americans" by granting the government "substantial -- and
potentially invasive -- authorities to compile, analyse and mine the personal
information of millions of Americans".
Technology companies, on the other hand, praised the plan, which promises to be
a cash cow for businesses that develop security products.
AeA, a trade group representing technology companies, in particular applauded a
provision that would require the government to focus on small businesses.
"Some of the most cutting-edge technologies are being developed in smaller
firms, but we are frequently lost in the shadow of the big guys," Michele Wong,
chief executive officer of Synergex and an AeA board member, said in a
statement.
Meanwhile, Microsoft is one of many large technology companies looking to
further expand its government contracts into the homeland security arena. The
company has named a new internal federal director of homeland security to work
with the government on information technology issues.
After the federal reorganisation is complete, the new department will mash
together five agencies that currently divvy up responsibility for "critical
infrastructure protection." Those are the FBI's National Infrastructure
Protection Centre, the Defence Department's National Communications System, the
Commerce Department's Critical Infrastructure Assurance Office, an Energy
Department analysis centre, and the Federal Computer Incident Response Centre.
Policing the Net A last-minute addition to the bill last week, before the House approved it
by a 299-121 vote, is the 16-page Cyber Security Enhancement Act. It stiffens
prison terms for hackers, expands the ability of police to conduct Internet or
telephone eavesdropping without first obtaining a court order, and grants
Internet providers more latitude to disclose information about subscribers to
police.
Another addition, which was opposed by open-government activists and journalist
groups, says that information businesses give the department that's related to
"critical infrastructure" will not be subject to the Freedom of Information Act.
That could include details on virus research, security holes in applications, or
operating system vulnerabilities.
Included in the bill is a Homeland Security Advanced Research Projects Agency (HSARPA),
modelled after the Defence Advanced Research Projects Agency, which will receive
at least $500m (L323m) a year to fund the development of new technologies.
According to the bill, HSARPA will "promote revolutionary changes in
technologies that would promote homeland security, advance the development (of
technologies), and accelerate the prototyping and deployment of technologies
that would address homeland vulnerabilities".
The final version of the mammoth, 484-page bill also does the following:
* Establishes an office that is designed to become "the national focal point for
work on law enforcement technology". Categories include computer forensics,
tools for investigating computer crime, firearms that recognise their owner, and
DNA identification technologies. The office also is charged with funding the
development of tools to help state and local law enforcement agencies thwart
computer crime.
* Creates a Directorate for Information Analysis and Infrastructure Protection
that is charged with analysing vulnerabilities in systems including the
Internet, telephone networks, and other critical infrastructures.
* Orders the creation of "a comprehensive national plan for securing the key
resources and critical infrastructure of the United States" including
information technology, financial networks and satellites.
* Requires all federal agencies, including the CIA, the Defence Department, and
National Security Agency, to provide the new department with any "information
concerning the vulnerability of the infrastructure of the United States."
* Punishes any department employee with one year in prison for disclosing
details that are "not customarily in the public domain" about critical
infrastructures.
* Creates a privacy representative and a civil liberties officer to ensure that
the department follows reasonable "privacy protections relating to the use,
collection and disclosure of personal
information."
* Orders the department to provide technical assistance and confidential
warnings of potential vulnerabilities to companies that operate "critical
information systems."
* Allows the department to create a national corps of volunteers to "assist
local communities to respond and recover from attacks on information systems and
communications networks."
* Creates a Homeland Security Institute to perform systems analysis, risk
analysis, and simulation and modelling to determine the vulnerabilities of
critical infrastructures, including the Internet.
The nine senators who voted against the bill were Democrats Robert Byrd of West
Virginia, Paul Sarbanes of Maryland, Daniel Akaka and Daniel Inouye of Hawaii,
Edward Kennedy of Massachusetts, Russ Feingold of Wisconsin, Fritz Hollings of
South Carolina, and Carl Levin of Michigan. Democratic-leaning independent James
Jeffords of Vermont also opposed the bill.
News.com's Lisa Bowman contributed to this report.
Palladium
"Palladium is a new hardware and software architecture. This
architecture will include a new security computing chip and design changes to a
computer's central processing unit (CPU), chipsets, and peripheral devices, such
as keyboards and printers. It also will enable applications and components of
these applications to run in a protected memory space that is highly resistant
to tampering and interference."
(http://www.microsoft.com/presspass/features/2002/jul02/07-01palladium.asp)
"And what if some government thinks that Palladium protects information too
much? So far, the United States doesn't seem to have a problem, but less
tolerant nations might insist on a "back door" that would allow it to wiretap
and search people's data. There would be problems in implementing this, um,
feature."
(http://www.msnbc.com/news/770511.asp)
"Let's understand here that not all Microsoft products are bad and many are very
good. Those products serve real customer needs and do so with genuine purpose,
not marketing artifice. But Palladium isn't that way at all. This is NOT about
making things better for the user. This is about removing the ability for the
end user to make decisions about how his or her computer functions. It is an
effort by Microsoft to take literal ownership of Internet technology,
Microsoft's "embrace and extend" strategy applied for the Nth time, though on a
grander scale than we've ever seen before."
(http://www.pbs.org/cringely/pulpit/pulpit20020627.html)
