Information security will be key with lawmakers

Last week’s terrorist attacks are expected to shift government and legislative priorities on a host of technology issues. Internet privacy, for instance, the top technology policy issue a week ago, will likely be replaced by critical-infrastructure protection as the United States seeks to retaliate against what President Bush has called “an act of war.”

What this means is that pending legislation to protect the privacy of corporate security incident data that’s voluntarily shared with the government will likely be fast-tracked.

Antispam legislation, on the other hand, may get pushed aside, according to congressional sources and officials at trade and privacy groups.

Moreover, as a result of last week’s attack, private-sector companies are likely to become a lot more receptive to collaborating with the government and one another on information security issues.

“I think there will be more collaboration the phrase circle the wagons comes to mind,” said Bill Riley, manager of security and disaster recovery at Johns Hopkins Hospital in Baltimore, who added that the government can do a lot to facilitate collaboration. “People get a sense about how big the risk is. It’s tough to do it on your own.”

To get some idea of the importance of information security in the upcoming policy debate, consider this: One of the first hearings Congress held the day following Tuesday’s attack was on critical infrastructure protection. Sen. Joseph Lieberman (D-Conn.), who headed the committee hearing, said a “new era” in protecting national security including cybersecurity has arrived. Although the hearing had been previously scheduled, what was remarkable was that it was even held, since many others were postponed.

There’s no doubt that the nation has entered a new era. But there are also worries that a shift in balance from privacy to security could give rise to some contentious issues.

“There will be some misguided calls for more of a surveillance society,” said Lance Hoffman, a professor of computer science at The George Washington University in Washington. “And I think if we succumb to these, we give the attackers a victory by giving up too much privacy and autonomy.”

U.S. officials have tried often to get more surveillance power where electronic communications are concerned. For example, the Clinton administration, worried about its ability to decrypt electronic messages sent by suspected terrorists and criminals, pushed for an FBI-backed plan to give law enforcers mandatory key escrow, a backdoor means for giving law enforcement the ability to decrypt intercepted messages. The proposal failed in a wave of public opposition.

“Key escrow would not have prevented what took place,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “And the rush to establish Draconian security controls may do very little to provide greater safety for Americans. They would, however, provide a great cost in terms of freedom.”