[governance] Re: New Cyber Security Bill in US Senate

Fri Jan 25 16:17:56 EST 2013

Further to this particular Bill, I thought that Riaz's post last year (14th
March, 2012) would be relevant particularly in light of what information
state agencies can access, see:

March 09, 2012
DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA

The Justice Department is defending the government's refusal to discuss—or
even acknowledge the existence of—any cooperative research and development
agreement between Google and the National Security Agency.

The Washington based advocacy group Electronic Privacy Information Center
sued in federal district court here to obtain documents about any such
agreement between the Internet search giant and the security agency.

The NSA responded to the suit with a so-called “Glomar” response in which
the agency said it could neither confirm nor deny whether any responsive
records exist. U.S. District Judge Richard Leon in Washington sided with
the government<https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2010cv1533-15>last
July.

A three-judge panel of the U.S. Court of Appeals for the D.C. Circuit is
scheduled to hear the dispute March 20.

EPIC filed a Freedom of Information Act request in early 2010, noting media
reports at the time that the NSA and Google had agreed to a partnership
following the cyber attacks in China that year against Google.

EPIC asked for, among other things, communication between the NSA and
Google about Gmail and Google’s “decision to fail to routinely encrypt”
messages before Jan. 13, 2010.

The NSA’s response to the request for records noted that the agency “works
with a broad range of commercial partners and research associations” to
ensure the availability of secure information systems. The agency, however,
refused to confirm or deny any partnership with Google.

The security agency said it routinely monitors vulnerabilities in
commercial technology and cryptographic products because the government
relies heavily on private companies for word processing systems and e-mail
software.

“If NSA determines that certain security vulnerabilities or malicious
attacks pose a threat to U.S. government information systems, NSA may take
action,” DOJ Civil Division lawyers Catherine Hancock and Douglas Letter
said in a brief in the D.C. Circuit in January.

DOJ’s legal team said that acknowledging whether NSA and Google formed a
partnership from a cyber attack would illuminate whether the government
“considered the alleged attack to be of consequence for critical U.S.
government information systems.”

NSA said it cannot provide documents—or confirm their existence—because the
information would alert adversaries about the security agency’s priorities,
threat assessments and countermeasures.

DOJ said media reports about the alleged Google partnership with NSA do not
constitute official acknowledgement.

*The Washington Post* and *The New York Times* both reported that Google
contacted the NSA after the Jan. 2010 cyber attack, which the company said
was rooted in China and targeted access to accounts of Chinese human rights
activists. *The Wall Street Journal* said NSA’s general counsel worked out
a cooperative research and development agreement with Google.

EPIC’s attorneys, including Marc Rotenberg, the group’s president, said in
court papers that the document request includes records that are not
relevant to the NSA’s information assurance mission.

“The NSA mischaracterizes EPIC’s FOIA Request by stating that responsive
documents would reveal ‘information about a potential Google-NSA
relationship,’” Rotenberg said.

The crux of the records request, Rotenberg said, is Google’s switch to
application encryption by default for Gmail accounts soon after the
cyberattack. Google in 2008 began allowing users to encrypt mail
passing through
the company servers, EPIC said in its brief, but encryption was not
provided by default.

EPIC’s brief said the failure of the NSA to conduct a search for records
“deprives the court of the ability to meaningfully assess the propriety” of
the agency’s response that it can neither confirm nor deny the existence of
responsive records.

“Without first conducting the search, not even the agency can know whether
there is a factual basis for its legal position,” Rotenberg said.

EPIC said its records request does not seek documents about NSA’s role to
secure government computer networks. “Google provides cloud-based services
to consumers, not critical infrastructure services to the government,”
Rotenberg said.

Posted by Mike Scarcella <http://profile.typepad.com/1218477827s15125> on
March 09, 2012 at 12:29 PM in Balancing
Act<http://legaltimes.typepad.com/blt/balancing_act/>,
Crime and Punishment<http://legaltimes.typepad.com/blt/crime_and_punishment/>,
Current Affairs <http://legaltimes.typepad.com/blt/current_affairs/>, Justice
Department <http://legaltimes.typepad.com/blt/justice_department/>, Legal
Business <http://legaltimes.typepad.com/blt/legal_business_1/>,
Lobbying<http://legaltimes.typepad.com/blt/lobbying/>,
Politics and Government<http://legaltimes.typepad.com/blt/politics-and-government/>,
Travel <http://legaltimes.typepad.com/blt/travel/>,
Web/Tech<http://legaltimes.typepad.com/blt/webtech/>
| Permalink<http://legaltimes.typepad.com/blt/2012/03/doj-asks-court-to-keep-secret-any-partnership-between-google-nsa.html>

Digg This<http://digg.com/submit?url=http%3A%2F%2Flegaltimes.typepad.com%2Fblt%2F2012%2F03%2Fdoj-asks-court-to-keep-secret-any-partnership-between-google-nsa.html&phase=2>
| Save to del.icio.us <http://del.icio.us/post>

On Sat, Jan 26, 2013 at 8:53 AM, Salanieta T. Tamanikaiwaimaro <
salanieta.tamanikaiwaimaro at gmail.com> wrote:

> Dear All,
>
> The US Senate has introduced a new Cybersecurity Bill through Senators
> John D. (Jay) Rockefeller IV, Chairman of the Senate Commerce, Science, and
> Transportation Committee, Tom Carper, incoming Chairman of the Senate
> Homeland Security and Governmental Affairs Committee, and Dianne Feinstein,
> Chairman of the Senate Select Committee on Intelligence where they made a
> Press Release, see:
> http://commerce.senate.gov/public/index.cfm?p=PressReleases&ContentRecord_id=7a7124d7-190c-4160-abf3-4012c2db737c
>
> To see the Bill, visit:
> http://commerce.senate.gov/public/?a=Files.Serve&File_id=b678eb9a-b5c1-4540-aca3-3e857c7627da
>
> This is interesting and relevant as far as it pertains to critical
> information infrastructure that the US considers to be part of the US
> Infrastructure. Whilst the models point to public private collaboration
> which makes sense because it is the private sector that controls much of
> the infrastructure anyway except in situations where if there were a State
> of Emergency and the rights to control/access infrastructure by the State
> and it has its challenges. Aside from the public private model there should
> be room for civil society in the equation as someone has to speak out and
> act as a watchdog in times when it is needed.
>
> Kind Regards,
>
> --
> Salanieta Tamanikaiwaimaro aka Sala
> P.O. Box 17862
> Suva
> Fiji
>
> Twitter: @SalanietaT
> Skype:Salanieta.Tamanikaiwaimaro
> Tel: +679 3544828
> Fiji Cell: +679 998 2851
>
>
>
>

-- 
Salanieta Tamanikaiwaimaro aka Sala
P.O. Box 17862
Suva
Fiji

Twitter: @SalanietaT
Skype:Salanieta.Tamanikaiwaimaro
Tel: +679 3544828
Fiji Cell: +679 998 2851
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130126/62e0b559/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t