Feds invoked national security to speed key Internet change

[InfoSec News <isn () c4i org>]

http://www.siliconvalley.com/mld/siliconvalley/4750152.htm

December 16, 2002   

WASHINGTON (AP) - The Bush administration sped approval for moving one
of the Internet's 13 traffic-management computers after a prominent
technology company urged the government to ``declare some kind of
national security threat and blow past the process,'' according to
federal officials' e-mails.

The correspondence provides a window into how U.S. corporations invoke
national security to expedite business requests.

In this case, the Commerce Department approved in just two days
Verisign Inc.'s request at the end of October to move one of the 13
computer servers that manage global Internet traffic. Verisign
operates two of the world's ``root servers,'' which contain lists of
directories that control e-mail delivery and Web surfing.

The company's lobbyists had argued that waiting additional days or
weeks for approval ``is a problem and could impact national
security,'' according to e-mails among U.S. officials obtained by The
Associated Press under the Freedom of Information Act.

Leading technology experts and senior government officials said the
change was appropriate to correct a poor design decision made five
years earlier. They said holding off for days or weeks would not have
jeopardized either national security or the Internet.

Watchdog groups say it is an increasingly popular, and successful,
argument for companies to claim requests need approval to avoid risks
to national security.

So far, it has helped win liability protection for airlines and
pharmaceutical companies and financial help for insurance companies.

``It's become the mantra. Industries are using the national security
threat to get a lot of regulations they want,'' said Larry Noble,
executive director for the Center for Responsive Politics. ``The
problem for government is to sort out the legitimate claims and what
are cover stories.''

Banks, utilities and technology companies warned Congress this year
that they feared telling U.S. officials too much about their security
problems because the information might be disclosed publicly and risk
national security. The result: President Bush signed new exemptions
from open records laws last month.

The Commerce Department said it never had been convinced by Verisign's
lobbying that national security would be threatened unless the server
were moved quickly to a new location in northern Virginia to protect
it better from natural disasters or hacker attacks. The last such
change was in 1997.

Commerce spokesman Clyde Ensslin said the department worked to approve
the request ``as quickly as possible, but there was no known national
security threat to the root server system and therefore no need to
proceed on an emergency basis.''

The department approved the decision two days after the request was
presented through the Internet Corp. for Assigned Names and Numbers,
an organization that oversees Web addresses. The change originally was
to have taken place after some of the organization's top experts made
recommendations in mid-November.

With Verisign pressing, there was some confusion inside the Commerce
Department, according to the e-mails.

In one series of e-mails, the head of Commerce's National
Telecommunications and Information Administration, Nancy Victory, and
another NTIA official were reported to have spoken with a Verisign
lobbyist on Oct. 30 and ``asked them to invoke the emergency
procedures.''

``This will allow the change to happen ASAP,'' wrote Robyn Layton, the
Commerce agency's associate administrator.

Another Commerce employee at headquarters responded minutes later in
an e-mail, asking: ``So, what does this mean -- invoke the emergency
procedures? Do I have to do anything on this end?''

This employee lamented a lack of instructions for making changes to
the 13 most important computers managing the world's Internet traffic.  
She followed up the next morning with another e-mail that ``things are
under control once again.''

The Commerce Department said Victory never approved emergency
procedures as Verisign's lobbyists had sought.

Verisign spokesman Brian O'Shaughnessy said the company ``never
officially asked for emergency procedures.'' But a second spokesman,
Tom Galvin, acknowledged, ``We really wanted it done as soon as it
could be.''

Several Commerce officials' e-mails describe a series of contacts from
Verisign lobbyists making the plea for urgency.

The company wants ``to push us to declare some kind of national
security threat and blow past the process,'' one e-mail said. The
subject line of another message described the company's ``request for
immediate authority to effect address change.''

One Commerce official predicted that Verisign's Washington lobbyist
``will call again today with the same `national security' concern he
had before. ... If you want me to fend him off, then I need to know
what to say.''

Lobbying experts said companies must cautiously decide when to invoke
national security.

``Any good lobbyist always tries to fairly and accurately represent
his client's position and do so in a truthful way,'' said Wright
Andrews, a former president of the American League of Lobbyists.  
``It's unethical and just plain dumb to go in and make a
misrepresentation.''

Vinton Cerf, board chairman for the ICANN organization, said the
change was planned for months and that nothing in recent weeks -- not
even an unusual hacker attack Oct. 21 against all 13 servers --
justified special urgency.

``I do not think this was a consequence of the attack,'' Cerf said.

``I really don't think there was a national security issue,'' agreed
Stephen Crocker of Bethesda, Md., an early Internet expert and head of
an advisory committee on the security and stability of these 13
computer servers. ``I think this was more a desire to make it happen
and an opportunity to cut through some of the normal bureaucracy.''



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.