faustus@gargoyle.uchicago.edu (Kurt Ackermann) (04/30/91)
Back in December I posted an article from the NYT titled "Academy of Sciences Urges Greater Computer Security" written by John Markoff (NYT 12/6/90, sec. C, col. 1 +). This article was written following the release of the report by the National Academy of Sciences (NAS) entitled "Computers at Risk: Safe Computing in the Information Age." In this report, the NAS "urged the nation...to revamp computer security procedures, institute new emergency response teams and create a special non-Government organization to take charge of computer security planning." They also "cited threats to individual privacy, the danger of increased trust placed in computers used in safety-critical applications like medical instruments and air traffic control systems, corporate espionage and the increasing vulnerability of international computer networks to political attacks." According to the article, currently the responsibilities for computer security systems lie in the hands of the National Security Agency (NSA, not to be confused with the NAS :-) and the National Institute of Standards and Technology. The report was prepared at the request of the Pentagon's Defense Advanced Projects Agency. ---- Has anyone at the EFF been tracking this report and any possible policy changes at the Pentagon? Should the EFF become involved in/encourage actively the creation of a "non-Government organization to take charge of computer security planning"? Has anyone (esp. at the EFF) even READ this report? And, why did the Pentagon turn to the NAS for a report on computer security? What authority/role/responsibility does the NAS have with regard to computers and computer networks? And, why is the Pentagon doing this? Do we really want issues of security, safety, etc. of computer systems to be handled as matters of National Defense? Do we even want the issues framed in this light? Should the primary concerns be freedom of access and use rather than "security?" My worry is that, if we don't act in this direction ourselves, then the Feds will just go ahead and dowhat they damn well please. Isn't the role of the EFF to get involved in just such cases and help inform the Pentagon ofthe issues/opinions/concerns/etc. of those that use the computer systems in question so that policies are not as arbitrary and ill-formed as they might otherwise be?? Anything going on with regard to this particular case? Related cases? --Kurt Ackermann faustus@gargoyle.uchicago.edu