The grandiose "Star Wars" missile defense program was a favorite of the Ronald Reagan White House, and now it looks like the Clinton administration is readying a similarly ambitious defense program for government and private-sector networks.
According to the "National Plan for Information Systems Protection," a draft document from the National Security Council (NSC), President Clinton wants the government to install an integrated intrusion-detection system - called the Federal Intrusion Detection Network (FIDNET) - by 2003 on all government nets.
The 150-page network "Star Wars" plan was leaked by government officials to the Washington, D.C. civil liberties group Center for Democracy and Technology (CDT), which has posted it in part at cdt.org this week
Reagan's missile-defense plan and Clinton's FIDNET network-defense plan clearly have two things in common: they both need untold billions of dollars to work as envisioned, and there's reason to question whether the idea of mammoth integrated and automated intrusion-detection and response systems on this scale can work at all.
The drafted plan also calls for "key corporations" in the telecoms, energy and banking to also use the same kinds of monitoring and reporting systems so that critical U.S. information systems would be protected as well.
The plan proposes that the FBI be the central agency for taking action based on any trouble detected by FIDNET.
The FBI, which is now setting up liaison offices to share security information with the industry, would have to figure out how to share sensitive corporate secrets without worrying about violating antitrust laws, according to the document. The draft plan notes the Clinton Administration may ask Congress to pass new laws to tackle legal questions raised by the national monitoring system.
The idea of the government constructing a massive surveillance system such as FIDNET has raised alarm among civil liberties groups concerned about its Big Brother aspects.
"This really changes the dynamic of how the government goes after criminals," says Ari Schwartz, policy analyst at the CDT. "Instead of just tracking down criminals based on their behavior, it tracks everyone."
Legal issues related to individual privacy rights are complex, governed by laws such as the Electronic Communications and Privacy Act. However, the government has leeway to do pretty much what it wants if it invokes the specter of national security, Schwartz points out.
He adds that the FBI has long wanted to make surveillance easier by having the telecommunications equipment manufacturers build gear built according to the FBI's wishes. The Communications and Law Enforcement Act (CALEA) passed a few years ago forces the telecom industry to heed the FBI's demands and has lead to many arguments between them over money and privacy.
With the Star Wars network, the Defense Department, FBI and other agencies would be authorized to find a best-of-breed intrusion-detection system within a few years that would be installed and operational in four years.
But at the same time, the document bemoans the lack of qualified personnel to manage such computer surveillance systems and notes that the kind of massive monitoring system envisioned under the plan would be a first of its kind.
In President Clinton's message statement that is part of the document, Clinton says he will request $1.5 billion in this year's budget to "meet our targets for information systems protection." But it doesn't take an intrusion-detection system to figure out that this is just pocket change in comparison to what it would take to move FIDNET from concept to design and deployment in four years.
NSC advisor Sandy Berger emphasized that the White House plan for a national intrusion-detection system is still being developed and has not yet been sent to the President. The NSC anticipates such a plan would be officially unveiled around September or October.