[ISN] Who can solve the CYBERPUZZLE?
isn at c4i.org
Tue Aug 16 02:19:22 EDT 2005
By ALICE LIPOWICZ
One to watch: Baker's role will impact cyber efforts IT executives
anticipate that the Homeland Security Department's new cybersecurity
czar position and its responsibilities may be shaped by another
newcomer to the department with an even higher profile in the IT
world: Stewart Baker, DHS' newly named assistant secretary for policy.
Baker is one of Washington's most influential technology lawyers, and
has been at odds with civil libertarians in the past. He was chief
counsel to the 9/11 Commission and general counsel to the National
Security Agency under the Bush and Clinton administrations. Baker was
nominated for the new DHS position July 14, but the Senate has not
A lawyer at Steptoe and Johnson LLP in Washington, Baker has been
prominent in major IT privacy and data security debates over the last
15 years, including his advocacy on behalf of the NSA in the early
1990s of the Clipper Chip. It is based on the Skipjack algorithm and
an encryption standard with a "back door," allowing spy agencies to
access encrypted voice, fax and computer records for national security
His appointment sends a positive message about the importance of IT
and technology at DHS, said Dan Burton, vice president of government
affairs at Entrust Inc.
"Stewart Baker knows cybersecurity, the IT industry and government,"
Burton said. "To bring in someone of his stature sends a strong
"You would assume Stewart Baker would play a role, and it's natural
that he would have some influence" on the cybersecurity post, said
Patrick Burke, senior vice president and director of command, control,
communications and intelligence for SRA International Corp. of
Baker declined a request to comment for this story. However, he has
espoused some detailed views on IT for homeland security in the past.
In his testimony to the 9/11 Commission in December 2003, Baker said
he wants investigators to be able to search, within 30 seconds, a
terrorism suspect's address, phone, e-mail, financial, travel and
organization records. The government also needs to have access to
private-sector data about a specific attack site within four hours
after that site is threatened, and to be able to locate critical
infrastructure nodes in the vicinity of an attack within five minutes,
To protect against abuses, DHS should make use of IT for electronic
auditing and rules-based access control, as well as anonymization and
one-way hashing, which allow data searching between private and public
databases while also controlling access to protect privacy, Baker
wrote in his testimony.
But Mark Rothenberg, director of the Electronic Privacy Information
Center, a nonprofit advocacy group, said he is worried about Baker's
views on privacy because he has crossed swords with him many times on
issues such as the Patriot Act and wiretapping.
"It's disturbing that DHS, which will now have broad authority within
the United States, selects someone who spends a great deal of time
looking at means to expand electronic surveillance," Rothenberg said.
More information about the ISN