Info Sharing Bill Advances

System operators question effectiveness of effort to combat terrorism.

WASHINGTON--Legislation is in the works to expand protections for system operators that voluntarily disclose e-mail to the government without a court order.

But while the measure is intended to encourage private-sector information-sharing for the war on terrorism, some network operators question its underlying logic. "We dont monitor e-mail. We dont filter e-mail. We only filter out attachments that have viruses," said Kevin Baradet, network systems director at Cornell Universitys Graduate School of Management, in Ithaca, N.Y., and an eWEEK Corporate Partner. "Unless we have a complaint or someone turns up with a court order, we dont monitor content."

ISPs say that they, too, have scant occasion to inadvertently come across questionable content that they would feel compelled to bring to the government. Mark Bayliss, CEO of Visual Link Communications Inc., in Winchester, Va., and co-founder of the Virginia ISP Alliance, said his company rarely reviews e-mail content.

For both Cornell and Visual Link, disclosing e-mail to the government generally occurs only at the request of law enforcement. With approximately 25,000 users on its networks, Cornell handles about 1 million messages per day.

Nonetheless, the U.S. House Judiciary Committees crime panel last week approved the Cyber Security Enhancement Act of 2001, which would broaden a provision in the USA Patriot Act that sought to eliminate disincentives to sharing information in emergencies.

The pending bill would authorize system operators to turn over information to any government entity, as long as the operator believes an emergency requires its immediate disclosure. The bill will move to the full committee later this month.

The Bush administration is promoting several such legislative measures to increase information sharing, making private/public partnership a cornerstone in the war on terrorism. At a conference here last week on homeland security, FBI National Infrastructure Protection Center Director Ronald Dick said the center established a new unit following the Sept. 11 terrorist attacks specifically to help critical infrastructure industries develop more information sharing and analysis programs.

"There needs to be 1,000 points of light out there for information sharing," said Dick at the IT on the Frontline conference sponsored by the Armed Forces Communications and Electronics Association.

Privacy advocates are concerned that the original provisions of the Patriot Act are being misdirected. According to the Washington-based Center for Democracy and Technology, the government is approaching system operators, notifying them that information might be related to an imminent threat and asking them to turn it over voluntarily without a court order. That prospect also makes network operators uneasy.

"If [the government] were to show up [requesting information without a court order], we would certainly work with them, but my first call would be to [our] general counsel," Baradet said. "A lot of folks are worried because the nuts and bolts of the laws intent has not been tested. If theres one thing that makes businesses nervous, it is a situation in which risk boundaries are not known."

The IT industry widely supports the legislation because it aims to reduce liability in information disclosure, but a time-honored resistance to relinquishing control over private data remains in place.

"As always, everyones worried about the abusive potential of [the legislation]," Bayliss said. "Weve had sheriffs departments come in [without a court order] who dont know the procedures."

Related stories: