House Lawmakers Question Privacy in Cyber-Security Plan

Correction to This Article
The article on a Bush administration cyber-security effort incorrectly attributed a quotation. It was Rep. Paul Broun (R-Ga.), not Rep. Bob Etheridge (D-N.C.), who said, "It looks a little like the fox is guarding the henhouse."

House lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to secure federal computer networks from hackers and foreign adversaries, as new details emerged about the largely classified program.

The unclassified portions of the project, known as the "cyber initiative," focus on drastically reducing the number of connections between federal agency networks and the Internet, and more closely monitoring those networks for malicious activity. Slightly more than half of all agencies have deployed the Department of Homeland Security's program.

But administration officials have not said how far monitoring would go, and whether oversight would extend to networks operated by state, local, and private sector entities, including government defense contractors.

A more real-time scrutiny of federal data flows is necessary because "our adversaries are very adept at hiding their attacks in normal everyday traffic," DHS Undersecretary Robert Jamison told the House Homeland Security Committee yesterday. He added that DHS is developing a privacy impact assessment on the new capabilities, which will be open to public review upon completion.

Some Democrats on the oversight panel were not assuaged by the administration's testimony. Rep. Bob Etheridge (D-N.C.), said he remained concerned about the program's impact on the privacy of his constituents. "It looks a little like the fox is guarding the hen house," he said.

But Jim Lewis, director of the technology arm of the Center for Strategic and International Studies, a Washington think tank, called the privacy concerns premature and overblown.

"There's a big difference between intercepting and reading e-mail and reacting to suspicious traffic going across your network," said Lewis, whose employer is working with Congress and the private sector on a set of cyber security policy recommendations for the next president.