Taking Liberties With Our Freedom
By Lauren Weinstein for Wired News.

Law enforcement interests pushed through a variety of surveillance measures, including some unrelated to terrorism, that had long been rejected as inappropriate in a free society.

Important protections related to monitoring and intelligence gathering, established after serious past abuses, were swept away with the assurance that this time the government won't abuse its powers.

Among various alarming provisions, the law opens up enormous avenues for monitoring Internet communications, without even after-the-fact notifications. Virtually any government agency at any level can initiate surveillance on flimsy grounds. No subpoenas or court oversight are required.

Not to be left off the gravy train, big business also pushed through its own grab bag of perks in the new legislation.

One of the most egregious and potentially dangerous of these travesties is the Homeland Security Act's creation of new and very broad exemptions from the Freedom of Information Act.

Businesses now have a new way to evade liability for safety violations, hazards to consumers and other abuses. They need merely report the information about their behavior -- even totally unclassified activities -- to the federal government, and claim it's related to homeland security. In the parlance of the Homeland Security Act, they declare the data to be "CII," or Critical Infrastructure Information.

Instantly, the company filing drops that information into a black hole of secrecy, hidden from public view. If a government employee releases any such data without the permission of the company that submitted it, regardless of its importance to the public, they could be subject to jail time.

That's potentially a major blow to the government's regulation of corporate misdeeds, since it's often not until such abuses become publicly known that officials take steps to deal with them properly. As long as there's cover, the urge to let sleeping dogs lie is strong indeed.

Ironically, the existing statute, the Freedom of Information Act, already had exceptions for information that truly needed to be kept private. The new homeland security law goes much farther, creating a magic rubber stamp that can make a host of problems disappear from the public radar.

The dangers of the new restrictions extend beyond obvious infrastructure risks related to power, water, manufacturing, pollution and the like. They could also strike to the heart of the computer industry and Internet as well.

By invoking the exemptions of the Homeland Security Act, software and computer hardware companies could hide the existence of critical security flaws or other bugs, claiming (with a familiar refrain) that letting anyone know about them was just too big a risk.

Here is the full text of othe article in case the link goes bad:

http://www.wired.com/news/politics/0,1283,56600,00.html

Taking Liberties With Our Freedom

By Lauren Weinstein | Also by this reporter Page 1 of 1

02:00 AM Dec. 02, 2002 PT

"The fix is in." So said Sen. John McCain (R-Ariz.) of the mammoth new Homeland Security Act, which was signed into law last week.

McCain was upset about an array of goodies that were tacked onto the bill at the last minute by the House of Representatives. These included broad liability protections for makers of vaccines, and an array of other extremely valuable giveaways.

In the end, the overwhelming majority of the Senate, including most Democrats, chose the politically expedient course of supporting the vast legislation.

That said, McCain and other critics were right to be concerned. While it has some positive aspects, the Homeland Security Act is also full of worrisome surprises for U.S. citizens concerned about their freedoms, particularly when combined with last year's USA PATRIOT Act.

Since the events of 9/11, a range of legislation detrimental to fundamental freedoms and privacy rights has been rammed into law, without any assurance that our safety will improve as a result.

Law enforcement interests pushed through a variety of surveillance measures, including some unrelated to terrorism, that had long been rejected as inappropriate in a free society.

Important protections related to monitoring and intelligence gathering, established after serious past abuses, were swept away with the assurance that this time the government won't abuse its powers.

Among various alarming provisions, the law opens up enormous avenues for monitoring Internet communications, without even after-the-fact notifications. Virtually any government agency at any level can initiate surveillance on flimsy grounds. No subpoenas or court oversight are required.

Not to be left off the gravy train, big business also pushed through its own grab bag of perks in the new legislation.

One of the most egregious and potentially dangerous of these travesties is the Homeland Security Act's creation of new and very broad exemptions from the Freedom of Information Act.

Businesses now have a new way to evade liability for safety violations, hazards to consumers and other abuses. They need merely report the information about their behavior -- even totally unclassified activities -- to the federal government, and claim it's related to homeland security. In the parlance of the Homeland Security Act, they declare the data to be "CII," or Critical Infrastructure Information.

Instantly, the company filing drops that information into a black hole of secrecy, hidden from public view. If a government employee releases any such data without the permission of the company that submitted it, regardless of its importance to the public, they could be subject to jail time.

That's potentially a major blow to the government's regulation of corporate misdeeds, since it's often not until such abuses become publicly known that officials take steps to deal with them properly. As long as there's cover, the urge to let sleeping dogs lie is strong indeed.

Ironically, the existing statute, the Freedom of Information Act, already had exceptions for information that truly needed to be kept private. The new homeland security law goes much farther, creating a magic rubber stamp that can make a host of problems disappear from the public radar.

The dangers of the new restrictions extend beyond obvious infrastructure risks related to power, water, manufacturing, pollution and the like. They could also strike to the heart of the computer industry and Internet as well.

By invoking the exemptions of the Homeland Security Act, software and computer hardware companies could hide the existence of critical security flaws or other bugs, claiming (with a familiar refrain) that letting anyone know about them was just too big a risk.

These kinds of cover-ups rarely succeed in the long run. When the bad guys ultimately find ways to exploit the flaws, the ordinary folks who are at risk will be the last to know what's going on.

In a similar vein, ISPs and telecommunications firms may now avoid taking responsibility for security flaws in their systems. Just sweep the problems under the homeland security rug and, with luck, nobody on the outside will be the wiser.

It's been hard enough in the best of times to get companies and government agencies to admit their mistakes and abuses. Now, thanks to the Homeland Security Act, we may have more of a reason to fear those very actions than we do the terrorist threats that the new law is supposed to address.

Lauren Weinstein has been involved with the Internet for decades, beginning with ARPANET. He is the co-founder of People for Internet Responsibility, the creator and moderator of the Privacy Forum and an outspoken commentator on technology and society.