[hackmeeting] Fwd: Crypt News special: Die Informationen macht frei

merce en grn.es merce en grn.es
Mie Jul 3 13:23:21 CEST 2002

 ¿significa  esto que la informacion quiere ser libre pero que cuidado
con lo que intercambiamos?. M&M


Crypt News special: Die Informationen macht frei


"Information sharing" = here comes bad news.

FORMERLY THE EXCLUSIVE domain of a cadre of corporate computer 
security nuisances/lobbyists, the phrase information sharing has 
become front page news almost daily.

The FBI, we have learned, refused to share information even with
itself. The CIA shares information with nobody except the Prez.
CIA doesn't share information with the FBI because the two organizations
share a mutual hatred and contempt for each other. The National
Security Agency doesn't share information with anyone ... because it now
bureaucratically considers worldwide information technology to be an enemy.

The Congress is concerned. Pundits are worried. Whistleblowers are
whistling. Stovepipes and layers of incompetent management must be
eliminated. New agencies, made from parts of the old clogged-up agencies,

In cyberspace, you used to be able to read a lot about information
sharing, too. From Wired magazine to the hacker underground, the
brainless slogans and bromides rang loud and clear:

Information wants to be free!
Die Informationen macht frei!
Information is power!

And so on until retching commenced.

Like information sharing at intelligence agencies, it was also a 
crock. What it really meant was:

Your information is mine for free.
But everything I can grab is secret
unless you have something I want
which can't be free-loaded, stolen,
or found somewhere else.

Out of the latter, a counter-balancing but equally screwed-up
perception slowly grew that cyber-terrorists were using information
gained through open society to attack various corporate Bunds.

Terrorists, journalists, companies in direct competition with 
each other -- all at one time or another were alleged to have been 
in on the plot. In response, it was said, corporate America 
clammed up. It would not and will not, our computer security 
guardians say, share information on potential troublespots,
particularly in cyberspace, because enemies were said to be
lying doggo everywhere, just waiting to level the nation.

EVEN WHEN THE government obviously does not share information on
terrorism with other protected agencies (and even when it is in
their own interest to do so), some corporate computer security
lobbyists insist that special legislation is needed to lubricate
and protect secret information sharing on vulnerability.

This has led to a four year-old battle to add a neutering exemption 
for corporate America to the Freedom of Information Act. The latest
action in the battle to alter FOIA came in recent draft legislation
for the Bush Administration's Department of Homeland Security.

"It wouldn't be a Bush Administration initiative if it didn't 
include new restrictions on public access to official information,"
writes Steven Aftergood of the Federation of American Scientists in
his regular Secrecy News bulletin. "And sure enough, section 204 of 
the draft bill would create a new exemption from the Freedom of
Information Act for 'information provided voluntarily by non-Federal
entities or individuals that relates to infrastructure
vulnerabilities or other vulnerabilities to terrorism and is or 
has been in the possession of the Department.'" (Note syntactic flim-flam
in which "non-Federal entities" is substituted for the
more descriptive "corporate America" -- Editor.)

Similar parallel legislation was debated earlier in the spring as 
Utah Senator Bob Bennett's Critical Infrastructure Information 
Security Act.

And although uncommented upon by the vast majority of the 
mainstream big media, these are not new initiatives. The FOIA 
amendment was also put forward in the "Cyber Security Information 
Act of 2000," a House bill. Despite no opposition from the Clinton
administration, the measure slowly faded away.

Indeed, Richard Clarke, George W. Bush's cyber-security czar and
formerly the Clinton administration's "go to" guy on terrorism in
the National Security Council had been laboring to get the FOIA
exemption since 1998, working hard at decreasing democratic
information sharing to the public at the same time intelligence and
law-enforcement agencies were bureaucratically stuffing-up their
information sharing on terror-bound Islamic fundamentalists.

That year, Clarke aggressively started working the media and 
numerous corporate computer security conventions to warn of a 
coming "electronic Pearl Harbor."

One of the Clarke-ian remedies for "electronic Pearl Harbor" 
(outside of more government contracts to computer security vendors) 
was removing an impediment to information sharing of alleged 
corporate vulnerabilities. Removing impediments in this matter 
had nothing to do with the breaking down of walls of stodgy
incompetence within intelligence and domestic law enforcement
agencies in order to improve response to physical terrorist 
threats. It was and still is doublespeak for adding an exemption 
to FOIA.

FOIA, you see, according to the mindset of those wishing to change 
it, impedes the natural Good Samaritan inclination of corporate 
America to share information about their computer network
vulnerabilities with the Feds -- who, of course, know what to do
with it and can be always counted upon to act in the necessary 

Do I hear some skeptical grumbling? Well, you just shut up, 
you ... you ... defeatist skeptic.

IN ANY CASE, the "electronic Pearl Harbor" meme worked well 
until 2001 when, with respect to real and tangible Doomsday, it 
took a king-size kick in the pants courtesy of malefactors from 
the real world.

Over time, other pretexts similar to "electronic Pearl Harbor" 
have been used to justify the corporate FOIA exemption. In June of 
last year, Bennett, as the ranking Republican on the congressional
Joint Economic Committee, chaired a hearing called Wired World
which called for an FOIA amendment to forestall cyber-threats. At 
the time, the impending threat was a nutty assertion that Russia 
and China were developing computer-based tools aimed at crushing 
the U.S. economy.

Those who follow this singularly abstract subject also know that 
the meme never really goes away. The Washington Post revived it 
last week on the front page above the fold without explicitly
mentioning the phrase -e-Pearl Harbor-. While the catchword
went missing-in-action, the lengthy article, entitled 
"Cyber-attacks by al Qaeda feared", still contained all the 
regular artifacts of the meme.

The nation was, perhaps, under immediate threat from Internet 
attacks, not launched by China or unknown hackers, but by Islamic
terrorists. (China, however, did receive its full measure of
exposure, making an appearance as imminent cyber-attacker as 
recently as May, courtesy of a front page story in the 
Los Angeles Times.)

Richard Clarke-style claims of possible death and mayhem 
flooded the Post's piece. And there was the standard anguished 
hand-wringing and lamentation about the lack of 
corporate-government information sharing.

In any case, these debates, whether occuring in Congress or on 
the front pages of mainstream newspapers have always appeared as
orchestrations in which the only people chosen to give their
opinions or expertise on the matter always just happen to be those 
who wholeheartedly forecast doom and destruction if their 
self-serving advice isn't immediately swallowed as fact.

For example, at the 2001 Wired World hearing, witnesses were 
dutifully trotted out to recommend the FOIA exemption in the name 
of information sharing. No one who used FOIA, or who thought that 
it was unnecessary to fix what wasn't broken in the first place, 
was called.

This nasty practice of rigging the congressional debate on the 
issue by only choosing vetted logrollers -- computer security
lobbyists, salesmen, Pentagon contractors, and authors of the
idea to testify on its rightness -- was not reversed until earlier 
this year when, for the first time, people who actually used 
FOIA (such as David Sobel of the Electronic Privacy Information 
Center) testified against the measure. Nevertheless, they were 
still under-represented, two to seven pushing for the corporate

A number in favor of the FOIA-exemption at the hearing raised the
alleged horror of computer viruses on the Net as a reason to hurry
legislation to grease corporate-government information exchange by
hardening it against FOIA. It was an interestingly cynical ploy
since the computer security lobbyists pushing it know that the
industry they represent regularly shows little qualm or hesitation
in publicly exposing information on the cyber-vulnerabilities of
others when it pertains to computer viruses.

The phrase information sharing, in 2002, no longer has 
positive meaning. It is not about open exchange, education or
enlightenment of any kind. In fact, it means just the opposite.

Information sharing, as it now stands, is the following:

1. An old and idiotic Internet slogan/totem. 

2. A self-serving corporate computer security-type mantra for more 
secrecy at the expense of a democratizing measure. 

3. A recommendation publicly claimed to be a virtue by intelligence 
and law enforcement agencies which privately ignore or actively 
despise it. 

Nicht vergessen, geheimhalten die Informationen!

-- George Smith

===8<===========End of original message text===========

Más información sobre la lista de distribución HackMeeting