Die Informationen macht frei

George C. Smith, Ph.D., Editor-at-large
Friday, 5 July 2002 FORMERLY THE EXCLUSIVE domain of a cadre of corporate computer security nuisances/lobbyists, the phrase information sharing has become front page news almost daily.

In cyberspace, you used to be able to read a lot about information sharing. Like information sharing at intelligence agencies, it, too, was a crock.

The FBI, we have learned, refused to share information even with itself. The CIA shares information with nobody except the Prez. CIA doesn't share information with the FBI because the two organizations share a mutual hatred and contempt for each other. The National Security Agency doesn't share information with anyone ... because it now bureaucratically considers worldwide information technology to be an enemy. The Congress is concerned. Pundits are worried. Whistleblowers are whistling. Stovepipes and layers of incompetent management must be eliminated; new agencies, made from parts of the old clogged-up agencies, created. In cyberspace, you used to be able to read a lot about information sharing, too. From Wired magazine to the hacker underground, the brainless slogans and bromides rang loud and clear: Information wants to be free!
Die Informationen macht frei!
Information is power! And so on until retching commenced. Like information sharing at intelligence agencies, it was also a crock. What it really meant was: Your information is mine for free.
But everything I can grab is secret
unless you have something I want
which can't be free-loaded, stolen,
or found somewhere else. Out of the latter, a counter-balancing but equally screwed-up perception slowly grew that cyber-terrorists were using information gained through open society to attack various corporate Bunds. Terrorists, journalists, companies in direct competition with each other — all at one time or another were alleged to have been in on the plot. In response, it was said, corporate America clammed up. It would not and will not, our computer security guardians say, share information on potential troublespots, particularly in cyberspace, because enemies were said to be lying doggo everywhere, just waiting to level the nation.
EVEN WHEN THE government obviously does not share information on terrorism with other protected agencies (and even when it is in their own interest to do so), some corporate computer security lobbyists insist that special legislation is needed to lubricate and protect secret information sharing on vulnerability.

The "electronic Pearl Harbor" meme worked well until 2001, when it took a king-size kick in the pants courtesy of malefactors from the real world.

This has led to a four year-old battle to add a neutering exemption for corporate America to the Freedom of Information Act. The latest action in the battle to alter FOIA came in recent draft legislation for the Bush Administration's Department of Homeland Security. "It wouldn't be a Bush Administration initiative if it didn't include new restrictions on public access to official information," writes Steven Aftergood of the Federation of American Scientists in his regular Secrecy News bulletin. "And sure enough, section 204 of the draft bill would create a new exemption from the Freedom of Information Act for 'information provided voluntarily by non-Federal entities or individuals that relates to infrastructure vulnerabilities or other vulnerabilities to terrorism and is or has been in the possession of the Department.'" (Note syntactic flim-flam in which "non-Federal entities" is substituted for the more descriptive "corporate America.") Similar parallel legislation was debated earlier in the spring as Utah Senator Bob Bennett's Critical Infrastructure Information Security Act. And although uncommented upon by the vast majority of the mainstream big media, these are not new initiatives. The FOIA amendment was also put forward in the "Cyber Security Information Act of 2000," a House bill. Despite no opposition from the Clinton administration, the measure slowly faded away. Indeed, Richard Clarke, George W. Bush's cyber-security czar and formerly the Clinton administration's "go to" guy on terrorism in the National Security Council had been laboring to get the FOIA exemption since 1998, working hard at decreasing democratic information sharing to the public at the same time intelligence and law-enforcement agencies were bureaucratically stuffing-up their information sharing on terror-bound Islamic fundamentalists. That year, Clarke aggressively started working the media and numerous corporate computer security conventions to warn of a coming "electronic Pearl Harbor." One of the Clarke-ian remedies for "electronic Pearl Harbor" (outside of more government contracts to computer security vendors) was removing an impediment to information sharing of alleged corporate vulnerabilities. Removing impediments in this matter had nothing to do with the breaking down of walls of stodgy incompetence within intelligence and domestic law enforcement agencies in order to improve response to physical terrorist threats. It was and still is doublespeak for adding an exemption to FOIA. FOIA, you see, according to the mindset of those wishing to change it, impedes the natural Good Samaritan inclination of corporate America to share information about their computer network vulnerabilities with the Feds — who, of course, know what to do with it and can be always counted upon to act in the necessary manner.

"It wouldn't be a Bush Administration initiative if it didn't include new restrictions on public access to official information..."

Do I hear some skeptical grumbling? Well, you just shut up, you ... you ... defeatist skeptic.
IN ANY CASE, the "electronic Pearl Harbor" meme worked well until 2001 when, with respect to real and tangible Doomsday, it took a king-size kick in the pants courtesy of malefactors from the real world. Over time, other pretexts similar to "electronic Pearl Harbor" have been used to justify the corporate FOIA exemption. In June of last year, Bennett, as the ranking Republican on the congressional Joint Economic Committee, chaired a hearing called Wired World which called for an FOIA amendment to forestall cyber-threats. At the time, the impending threat was a nutty assertion that Russia and China were developing computer-based tools aimed at crushing the U.S. economy. Those who follow this singularly abstract subject also know that the meme never really goes away. The Washington Post revived it last week on the front page above the fold without explicitly mentioning the phrase e-Pearl Harbor. While the catchword went missing-in-action, the lengthy article, entitled "Cyber-attacks by al Qaeda feared", still contained all the regular artifacts of the meme. The nation was, perhaps, under immediate threat from Internet attacks, not launched by China or unknown hackers, but by Islamic terrorists. (China, however, did receive its full measure of exposure, making an appearance as imminent cyber-attacker as recently as May, courtesy of a front page story in the Los Angeles Times.) Richard Clarke-style claims of possible death and mayhem flooded the Post's piece. And there was the standard anguished hand-wringing and lamentation about the lack of corporate-government information sharing. In any case, these debates, whether occurring in Congress or on the front pages of mainstream newspapers have always appeared as orchestrations in which the only people chosen to give their opinions or expertise on the matter always just happen to be those who wholeheartedly forecast doom and destruction if their self-serving advice isn't immediately swallowed as fact. For example, at the 2001 Wired World hearing, witnesses were dutifully trotted out to recommend the FOIA exemption in the name of information sharing. No one who used FOIA, or who thought that it was unnecessary to fix what wasn't broken in the first place, was called. This nasty practice of rigging the congressional debate on the issue by only choosing vetted logrollers — computer security lobbyists, salesmen, Pentagon contractors, and authors of the idea to testify on its rightness — was not reversed until earlier this year when, for the first time, people who actually used FOIA (such as David Sobel of the Electronic Privacy Information Center) testified against the measure. Nevertheless, they were still under-represented, two to seven pushing for the corporate exemption.

Information sharing is no longer about open exchange, education, or enlightenment of any kind. In fact, it means just the opposite.

A number in favor of the FOIA-exemption at the hearing raised the alleged horror of computer viruses on the Net as a reason to hurry legislation to grease corporate-government information exchange by hardening it against FOIA. It was an interestingly cynical ploy since the computer security lobbyists pushing it know that the industry they represent regularly shows little qualm or hesitation in publicly exposing information on the cyber-vulnerabilities of others when it pertains to computer viruses.
THE PHRASE INFORMATION sharing, in 2002, no longer has positive meaning. It is not about open exchange, education, or enlightenment of any kind. In fact, it means just the opposite. Information sharing, as it now stands, is the following:

An old and idiotic Internet slogan/totem.
A self-serving corporate computer security-type mantra for more secrecy at the expense of a democratizing measure.
A recommendation publicly claimed to be a virtue by intelligence and law enforcement agencies which privately ignore or actively despise it.

Nicht vergessen, geheimhalten die Informationen!