WASHINGTON - This week's terror attacks are expected to shift government and legislative priorities on a host of technology issues. Internet privacy, for instance, the top technology policy issue a week ago, will likely be replaced by critical-infrastructure protection as the U.S. seeks to retaliate against what President Bush has called "an act of war."
What this means is that pending legislation to protect corporate data about security incidents, voluntarily shared with the government, will likely be fast-tracked. Anti-spam legislation, on the other hand, may get pushed aside, according to officials at trade and privacy groups, as well as congressional sources.
Moreover, as a result of the attacks, private-sector companies are likely to become much more receptive to the idea of collaborating with the government and one another on information security issues. One congressional source said government officials have said this week's attacks are likely to be just the beginning of a wave of assaults that probably will include cyberattacks.
"I think there will be more collaboration. The phrase ‘circle the wagons’ comes to mind," said Bill Riley, manager of security and disaster recovery at Johns Hopkins Hospital in Baltimore, who added that the government can do a lot to facilitate collaboration. "People get a sense about how big the risk is. It's tough to do it on your own."
To get some idea of the importance of information security in the upcoming policy debate, consider this: One of the first hearings Congress held the day after Tuesday's attack was on critical infrastructure protection. Sen. Joseph Lieberman (D-Conn.), who headed the committee hearing, said a "new era" in protecting national security - including cybersecurity - had arrived. Although the hearing had been previously scheduled, what was remarkable was that it was even held; many others were postponed.
Lieberman didn't outline exactly what is needed, and it's still too early to predict exactly what will happen on many technology issues - which bills will move forward and which ones will stall. Congress, for now, is focused on the immediate terrorism crisis. But people closely involved in technology issues expect a change in focus.
"In all these debates, there is a curve between privacy and security, and I think we're going to see a little shift in that debate," said Ronald Plesser, an attorney at Piper Marbury Rudnick & Wolfe in Washington, who represents firms on technology issues. Plesser believes that shift will be toward security.
There is no doubt that the nation is in a new era. But there are also worries that a shift in balance to security over privacy could give rise to some contentious issues.
"There will be some misguided calls for more of a surveillance society," said Lance Hoffman, a professor of computer science at George Washington University in Washington. "And I think if we succumb to these [calls], we give the attackers a victory by giving up too much privacy and autonomy."
U.S. officials often have tried to get expanded surveillance powers over electronic communications. For example, the Clinton administration, worried about its ability to decrypt electronic messages sent by suspected terrorists and criminals, pushed an FBI-backed plan to give law enforcers mandatory key escrow, a backdoor means for the rapid decryption of intercepted messages. The proposal failed amid a wave of public opposition.
"Key escrow would not have prevented what took place," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "And the rush to establish Draconian security controls may do very little to provide greater safety for Americans. They would, however, provide a great cost in terms of freedom."
Peter Swire, the Clinton Administration's chief privacy counselor and now a visiting law professor at George Washington University, urged cautious analysis.
"When someone claims that we should make a security improvement at the expense of privacy or other values, we should apply ordinary analysis to make sure that the security payoff is really there. If we get little or no security improvement and a
Hosted by Tom Sullivan, stay abreast of the latest IDG content covering IT news, product reviews, best practices, and white papers.
