Cyber Security Czar Front-Runner No Friend of Privacy

[Mr Kleen]

Cyber Security Czar Front-Runner No Friend of Privacy

Former Republican Congressman Tom Davis, reportedly President Barack Obama’s top candidate for cyber security czar, voted repeatedly to expand the government’s internet wiretapping powers, and helped author the now-troubled national identification law known as REAL ID.

Citing White House sources, Time magazine on Friday identified the the former head of the Government Reform Committee as the president’s number one candidate for the new position. Davis’ reputation as a tech-smart moderate who knows his way around D.C. makes him an attractive pick for the administration, the magazine reported.

But an examination of Davis’ record in Congress shows that he’s been on the wrong side of key privacy issues, including the controversial REAL ID Act, which aims to turn state driver’s licenses into a de facto national identification card linked by shared databases and strict federal authentication standards.

[Sabre]

[ElZorro]

This Cyber Czar position is going to be interesting... it'll be totally worthless or great to have, depends on the person and how long of a leash the NSC, NEC and POTUS gives them.

[complacent]

This Cyber Czar position is going to be interesting... it'll be totally worthless or great to have, depends on the person and how long of a leash the NSC, NEC and POTUS gives them.

[drwrx]

I know someone who worked on the language for the Real ID Act. In theory it's a great idea. Currently, there is no uniform ID in the US. A US Passport won't work as there is a huge percentage of the population who don't have one and never will. Standardizing State Driver's Licenses is probably the best way to do this from a managerial aspect, since most people in the US over the age of 18 have a one and there is a process and infrastructure in place that works well in most states. I'm certain the opportunities for misuse and mismanagement are high. Unfortunately, I see something like this as inevitable.

I actually feel pretty good about the idea of Tom Davis at the head of an agency like that. He's practical, moderate, extremely intelligent and can work with both parties very effectively. The "worrisome" instances cited from the Wired article can probably be explained away pretty easily.

Davis won protections for companies that run critical infrastructure — such as railroads and chemical plants — allowing them to tell the Department of Homeland Security about dangerous practices without the fear that the public could petition to see the information.

These protections were likely put in place to save the companies bad press and potentially frivolous lawsuits when the US was reviewing security protocols after 9/11. No company is going to come forward with information that can hurt them without some assurance of protection. Otherwise, the problem will just be covered-up until disaster strikes. I'm a big fan of the ACLU on lots of issues, but on some they are just not dealing with reality.

I also have a lot of personal respect for Davis. He was my, and my parents, District Representative for years and when my mother had a serious issue with the Social Security Administration concerning my grandmother she contacted Davis' office and they helped solve the issue very quickly. She tried contacting my grandmother's representatives in her home state and got nowhere. Davis' office got it done in days, whereas my mom had been fighting for months.

[complacent]

I know someone who worked on the language for the Real ID Act. In theory it's a great idea. Currently, there is no uniform ID in the US. A US Passport won't work as there is a huge percentage of the population who don't have one and never will. Standardizing State Driver's Licenses is probably the best way to do this from a managerial aspect, since most people in the US over the age of 18 have a one and there is a process and infrastructure in place that works well in most states. I'm certain the opportunities for misuse and mismanagement are high. Unfortunately, I see something like this as inevitable.

My biggest concern is the current complete lack of focus on security. These proposed devices can literally be read from the moon. They are dangerously insecure. The security model is criminally negligent in my opinion. Many others feel the same way.

I am absolutely open to the idea, but the concept of homologation introduces additional risk. Currently with the 50 separate state programs a certain amount of security is created by the simple diversity of the various state ID systems. Put all of that in one common platform with access across the entire country and you open the floodgates for abuse on a national level. in addition, you've reduced the number of potential hacking targets from fifty to just one. This is a very serious decision for our country. It needs to be developed with the same measure of infallibility and security that we apply to our energy systems and defense branches.

I actually feel pretty good about the idea of Tom Davis at the head of an agency like that. He's practical, moderate, extremely intelligent and can work with both parties very effectively. The "worrisome" instances cited from the Wired article can probably be explained away pretty easily.

Davis won protections for companies that run critical infrastructure — such as railroads and chemical plants — allowing them to tell the Department of Homeland Security about dangerous practices without the fear that the public could petition to see the information.

These protections were likely put in place to save the companies bad press and potentially frivolous lawsuits when the US was reviewing security protocols after 9/11. No company is going to come forward with information that can hurt them without some assurance of protection. Otherwise, the problem will just be covered-up until disaster strikes. I'm a big fan of the ACLU on lots of issues, but on some they are just not dealing with reality.

I also have a lot of personal respect for Davis. He was my, and my parents, District Representative for years and when my mother had a serious issue with the Social Security Administration concerning my grandmother she contacted Davis' office and they helped solve the issue very quickly. She tried contacting my grandmother's representatives in her home state and got nowhere. Davis' office got it done in days, whereas my mom had been fighting for months.

This I agree with.

[drwrx]

I am absolutely open to the idea, but the concept of homologation introduces additional risk. Currently with the 50 separate state programs a certain amount of security is created by the simple diversity of the various state ID systems. Put all of that in one common platform with access across the entire country and you open the floodgates for abuse on a national level. in addition, you've reduced the number of potential hacking targets from fifty to just one. This is a very serious decision for our country. It needs to be developed with the same measure of infallibility and security that we apply to our energy systems and defense branches.

I couldn't agree with you more. The concept is noble and I see the value in it, but the Devil will be in the details. The risks are tremendous if the platform is insecure. I'm absolutely against "remotely" read IDs of any type. If you can't take possession of the ID physically (or the person), there is no need in having access to their personal data. I'm sure there are arguments to the contrary, but it just sounds too much like a "I'm just too lazy to actually do physical work. Let some program / machine do it" response.