In a written response to House Majority Leader Richard Armey, R-Texas, a Clinton Administration official confirmed that the proposed Federal Intrusion Detection Network (FIDNet) would monitor only government computer networks, not those owned by the private sector.
"As envisioned, FIDNet is being designed to monitor federal executive branch computer networks for intrusions, not private networks or the Internet in general," said Jon P. Jennings, acting assistant attorney general for legislative affairs in the Department of Justice.
The letter, dated Sept. 22, 1999, was made available by a spokesman for Armey, who released a new set of questions about the administration's attitudes to computer privacy and surveillance in a Monday letter to Attorney General Janet Reno. Jennings sent the letter in response to a July 30 letter from Armey.
Jennings-who said that the media had "mischaracterized" the proposal-described FIDNet as a "network of automated sensors placed at the entry points to critical government agency networks" that would allow the agencies to monitor potential hacking attacks and pass information about suspicious activity to a central location at the General Services Administration. The FBI's National Infrastructure Protection Center-a one-year-old agency playing with increasingly high profile in the battle against computer viruses and hackers-would become involved only to provide analytical or investigative assistance, he said.
Armey, who raised new questions about the extent of the administration's change of policy regarding the export of strong encryption and the recently proposed Cyberspace Electronic Security Act, said it was disturbing that the administration had considered applying network surveillance tools to private sector networks.
"I would like to know why FIDNet was ever envisioned to cover private networks," Armey said in the letter. "Page 58 of the draft copy of the FIDNet proposal clearly states, 'the Plan also calls for the creation of a three pillar system of these netted and adaptive intrusion detection networks, covering critical government and (ultimately) private sector information systems.' Are you willing now to state that neither FIDNet nor any similar Administration program will ever be expanded to monitor private networks or the Internet in general?"
Armey also asked the purpose of the one-time review of strong encryption products that the administration announced two weeks ago and why, in light of those changes, it still had objections to the Security and Freedom through Encryption Act, H.R. 850, sponsored by Rep. Bob Goodlatte, R-Va.
Noting the cryptography policy changes were described by Commerce Secretary William Daley as part of a three-pronged package that included the passage of CESA and measures to "improve the privacy and security of government information services," he asked whether the administration considered FIDNet a component of its new encryption policy.
He also asked whether the encryption export changes were in any way contingent upon the passage of CESA or the funding of FIDNet.
"They did not respond to the main thrust of the letter, which was whether the administration has the intent of monitoring private computer networks," said Armey spokesman Richard Diamond. "We want to protect individual citizens from having their e-mail read."
Diamond, who said that that Armey had not yet been briefed on CESA, added: "It would certainly help if the administration would consult more with congressional leaders."
NEXT STORY: Budget surplus up to $115 billion this year