[hackmeeting] Fwd: Crypt News special: Die Informationen macht frei
merce en grn.es
merce en grn.es
Mie Jul 3 13:23:21 CEST 2002
¿significa esto que la informacion quiere ser libre pero que cuidado
con lo que intercambiamos?. M&M
########### INFORMATION WANTS TO BE FORWARDED ###########
Crypt News special: Die Informationen macht frei
DIE INFORMATIONEN MACHT FREI
"Information sharing" = here comes bad news.
FORMERLY THE EXCLUSIVE domain of a cadre of corporate computer
security nuisances/lobbyists, the phrase information sharing has
become front page news almost daily.
The FBI, we have learned, refused to share information even with
itself. The CIA shares information with nobody except the Prez.
CIA doesn't share information with the FBI because the two organizations
share a mutual hatred and contempt for each other. The National
Security Agency doesn't share information with anyone ... because it now
bureaucratically considers worldwide information technology to be an enemy.
The Congress is concerned. Pundits are worried. Whistleblowers are
whistling. Stovepipes and layers of incompetent management must be
eliminated. New agencies, made from parts of the old clogged-up agencies,
In cyberspace, you used to be able to read a lot about information
sharing, too. From Wired magazine to the hacker underground, the
brainless slogans and bromides rang loud and clear:
Information wants to be free!
Die Informationen macht frei!
Information is power!
And so on until retching commenced.
Like information sharing at intelligence agencies, it was also a
crock. What it really meant was:
Your information is mine for free.
But everything I can grab is secret
unless you have something I want
which can't be free-loaded, stolen,
or found somewhere else.
Out of the latter, a counter-balancing but equally screwed-up
perception slowly grew that cyber-terrorists were using information
gained through open society to attack various corporate Bunds.
Terrorists, journalists, companies in direct competition with
each other -- all at one time or another were alleged to have been
in on the plot. In response, it was said, corporate America
clammed up. It would not and will not, our computer security
guardians say, share information on potential troublespots,
particularly in cyberspace, because enemies were said to be
lying doggo everywhere, just waiting to level the nation.
EVEN WHEN THE government obviously does not share information on
terrorism with other protected agencies (and even when it is in
their own interest to do so), some corporate computer security
lobbyists insist that special legislation is needed to lubricate
and protect secret information sharing on vulnerability.
This has led to a four year-old battle to add a neutering exemption
for corporate America to the Freedom of Information Act. The latest
action in the battle to alter FOIA came in recent draft legislation
for the Bush Administration's Department of Homeland Security.
"It wouldn't be a Bush Administration initiative if it didn't
include new restrictions on public access to official information,"
writes Steven Aftergood of the Federation of American Scientists in
his regular Secrecy News bulletin. "And sure enough, section 204 of
the draft bill would create a new exemption from the Freedom of
Information Act for 'information provided voluntarily by non-Federal
entities or individuals that relates to infrastructure
vulnerabilities or other vulnerabilities to terrorism and is or
has been in the possession of the Department.'" (Note syntactic flim-flam
in which "non-Federal entities" is substituted for the
more descriptive "corporate America" -- Editor.)
Similar parallel legislation was debated earlier in the spring as
Utah Senator Bob Bennett's Critical Infrastructure Information
And although uncommented upon by the vast majority of the
mainstream big media, these are not new initiatives. The FOIA
amendment was also put forward in the "Cyber Security Information
Act of 2000," a House bill. Despite no opposition from the Clinton
administration, the measure slowly faded away.
Indeed, Richard Clarke, George W. Bush's cyber-security czar and
formerly the Clinton administration's "go to" guy on terrorism in
the National Security Council had been laboring to get the FOIA
exemption since 1998, working hard at decreasing democratic
information sharing to the public at the same time intelligence and
law-enforcement agencies were bureaucratically stuffing-up their
information sharing on terror-bound Islamic fundamentalists.
That year, Clarke aggressively started working the media and
numerous corporate computer security conventions to warn of a
coming "electronic Pearl Harbor."
One of the Clarke-ian remedies for "electronic Pearl Harbor"
(outside of more government contracts to computer security vendors)
was removing an impediment to information sharing of alleged
corporate vulnerabilities. Removing impediments in this matter
had nothing to do with the breaking down of walls of stodgy
incompetence within intelligence and domestic law enforcement
agencies in order to improve response to physical terrorist
threats. It was and still is doublespeak for adding an exemption
FOIA, you see, according to the mindset of those wishing to change
it, impedes the natural Good Samaritan inclination of corporate
America to share information about their computer network
vulnerabilities with the Feds -- who, of course, know what to do
with it and can be always counted upon to act in the necessary
Do I hear some skeptical grumbling? Well, you just shut up,
you ... you ... defeatist skeptic.
IN ANY CASE, the "electronic Pearl Harbor" meme worked well
until 2001 when, with respect to real and tangible Doomsday, it
took a king-size kick in the pants courtesy of malefactors from
the real world.
Over time, other pretexts similar to "electronic Pearl Harbor"
have been used to justify the corporate FOIA exemption. In June of
last year, Bennett, as the ranking Republican on the congressional
Joint Economic Committee, chaired a hearing called Wired World
which called for an FOIA amendment to forestall cyber-threats. At
the time, the impending threat was a nutty assertion that Russia
and China were developing computer-based tools aimed at crushing
the U.S. economy.
Those who follow this singularly abstract subject also know that
the meme never really goes away. The Washington Post revived it
last week on the front page above the fold without explicitly
mentioning the phrase -e-Pearl Harbor-. While the catchword
went missing-in-action, the lengthy article, entitled
"Cyber-attacks by al Qaeda feared", still contained all the
regular artifacts of the meme.
The nation was, perhaps, under immediate threat from Internet
attacks, not launched by China or unknown hackers, but by Islamic
terrorists. (China, however, did receive its full measure of
exposure, making an appearance as imminent cyber-attacker as
recently as May, courtesy of a front page story in the
Los Angeles Times.)
Richard Clarke-style claims of possible death and mayhem
flooded the Post's piece. And there was the standard anguished
hand-wringing and lamentation about the lack of
corporate-government information sharing.
In any case, these debates, whether occuring in Congress or on
the front pages of mainstream newspapers have always appeared as
orchestrations in which the only people chosen to give their
opinions or expertise on the matter always just happen to be those
who wholeheartedly forecast doom and destruction if their
self-serving advice isn't immediately swallowed as fact.
For example, at the 2001 Wired World hearing, witnesses were
dutifully trotted out to recommend the FOIA exemption in the name
of information sharing. No one who used FOIA, or who thought that
it was unnecessary to fix what wasn't broken in the first place,
This nasty practice of rigging the congressional debate on the
issue by only choosing vetted logrollers -- computer security
lobbyists, salesmen, Pentagon contractors, and authors of the
idea to testify on its rightness -- was not reversed until earlier
this year when, for the first time, people who actually used
FOIA (such as David Sobel of the Electronic Privacy Information
Center) testified against the measure. Nevertheless, they were
still under-represented, two to seven pushing for the corporate
A number in favor of the FOIA-exemption at the hearing raised the
alleged horror of computer viruses on the Net as a reason to hurry
legislation to grease corporate-government information exchange by
hardening it against FOIA. It was an interestingly cynical ploy
since the computer security lobbyists pushing it know that the
industry they represent regularly shows little qualm or hesitation
in publicly exposing information on the cyber-vulnerabilities of
others when it pertains to computer viruses.
The phrase information sharing, in 2002, no longer has
positive meaning. It is not about open exchange, education or
enlightenment of any kind. In fact, it means just the opposite.
Information sharing, as it now stands, is the following:
1. An old and idiotic Internet slogan/totem.
2. A self-serving corporate computer security-type mantra for more
secrecy at the expense of a democratizing measure.
3. A recommendation publicly claimed to be a virtue by intelligence
and law enforcement agencies which privately ignore or actively
Nicht vergessen, geheimhalten die Informationen!
-- George Smith
===8<===========End of original message text===========
Más información sobre la lista de distribución HackMeeting