http://www.govexec.com/dailyfed/0501/050301td.htm
By Drew Clark
National Journal's Technology Daily
May 3, 2001
A late-term change in the Clinton administration's approach to
prosecuting cybercrime has made it much more difficult for NASA to
track and prosecute hackers who attempt to penetrate its computer
networks, a NASA network-protection office official said Monday.
"NASA lost 90 percent of its ability to track and pursue [suspected
computer] intruders because of changes in policy" by the Justice
Department, said Stephen Nesbitt, director of operations in the
computer-crimes division of NASA's network and advanced technologies
protection office.
According to Nesbitt, over the last year-and-a-half, the Justice
Department's Computer Crime and Intellectual Property section began
prohibiting federal agencies from electronically monitoring the
actions of hackers who break into their systems. Under federal
wiretapping statutes, system administrators of private computer
networks may do such monitoring, but law enforcement officials are
normally prohibited from doing so without a warrant.
An official in the computer-crime section denied that there had been
any change in policy. "We have always urged caution in terms of
accepting the fruits of system monitoring" by federal agencies, said
Phil Reitinger, deputy chief of the section. But he conceded that the
agency's advice to federal agencies has changed with advances in
"hacker tradecraft."
Nesbitt said that NASA was barred from posting "banners" on their
computer networks as a virtual "no trespassing" sign. Courts generally
have ruled that such banners provide federal agencies with the consent
they need to engage in electronic monitoring. But the Justice
Department said NASA could no longer do that unless it posted a banner
on every one of its 65,000 computer network connections.
Nesbitt attributed the changes to the late-1999 departure of Scott
Charney, former section chief, and his replacement by Marty
Stansell-Gamm.
Speaking at a conference called the "International Summit on Cyber
Crime" sponsored by the National Institute for Government Innovation,
Nesbitt called on participants--largely local law enforcement
officials dealing with cyber crime--to urge support for legislation
against cyber crime that would restore such self-defensive
capabilities to Web site operators and government officials.
"Law enforcement's job is to remove the threat," said Nesbitt. He said
that NASA had worked for many years to cultivate a reputation as an
agency that aggressively goes after hackers, and was worried that the
policy change would undermine its tough-on-computer-intruders
reputation.
Speaking about the change in policy by the Justice Department, Nesbitt
said that "different people do things different ways" and that "no one
wants to make bad case law" or to force a lawsuit that could result in
a negative ruling for the Justice Department.
The policy change came at the same time that the Clinton
administration was trying to balance privacy and security concerns in
its anti-cyber crime legislative proposal. Some elements of the
proposal were incorporated into legislation introduced by Sen. Orrin
Hatch, R-Utah, and Sen. Charles Schumer, D-N.Y., but it never passed
the House.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Fri May 4 17:04 CDT 2001