Homeland Security top officer to work on UN’s new global Internet rules
Lute confirmed to Reuters this week that she will offer the DHS her official resignation in the coming days and will exit the third-largest agency in the federal government to join the ranks of the UN. There, she says an interview published on Tuesday, she will pursue a role in international Internet affairs.
But as Lute leaves the DHS and takes up a job with a more global reach, she could be bringing with her an ideology about the Internet that doesn’t sit well with some: during her tenure in the Obama administration, Lute touted the president’s attempts to strengthening information sharing between the federal government and the private sector.
Lute has never lauded the idea of putting the government directly in charge of the Internet, and has in fact openly rejected the notion. On the other hand, though, she supports President Barack Obama’s recent cybersecurity executive order and has encouraged private companies to hand over user data to Uncle Sam.
Lute also hasn’t openly advocated for specific legislation, such as the Cyber Intelligence Sharing and Protection Act (CISPA) scheduled for debate later this week. She does, however, insist Congress works toward putting rules on the Web that would make the sharing of cyber threat data all the easier.
“Cybersecurity is a shared responsibility, and each of us has a role to play,” Lute testified just last month to Congress. “Emerging cyber threats require the engagement of our entire society — from government and law enforcement to the private sector and, most importantly, members of the public.”
“The success of our efforts to reduce cybersecurity risks depends on effective identification of cyber threats and vulnerabilities, analysis and enhanced information sharing between departments and agencies from all levels of government, the private sector, international entities and the American public,” she said.
Under Obama’s executive order, the DHS is tasked with setting up an infrastructure in which private businesses and government entities can share and compare cyber threat intelligence should they oblige to do so. But both the president and Lute alike have said that that isn’t enough. When Pres. Obama signed his executive order in February, he said that though that directive will “strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy,” more would be required.
“Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” he said. Oh her part, Lute called Congress’ inability to enact a law like CISPA “incomprehensible.”
Now with CISPA scheduled to go up for a vote yet again — an attempt to pass it during the last Congressional session was unsuccessful — the future of the Internet in America could be drastically different. Civil liberty advocates and open Internet groups have condemned CISPA as being a tool that tears away at the right to privacy on the Web, and critics of the bill have warned of catastrophic consequences if it’s passed. When Lute transitions to the United Nations, she’ll likely bring with her the notion that governments and the private sector need more solid ties — and given the UN’s attempts to regulate the Internet on their own as of late, that ideology might be accepted with open arms.
Just last December, the UN's International Telecommunications Union entertained a proposal to adopt deep packet inspection — a high-tech process of sifting through every bit and byte sent over the Internet in order to see what kind of data is being transmitted.
“The telecommunications standards arm of the UN has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user’s traffic – including emails, banking transactions and voice calls – without adequate privacy safeguards,” warned the Center for Democracy and Technology amid last year’s discussion. “The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes.”
“DPI has the potential to be extremely privacy-invasive, to defy user expectations and to facilitate wiretapping,” explained the Washington, DC-based nonprofit that aims to keep the Internet “open, innovative and free.”
“The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated.”
CNet tech reporter Declan McCullagh added to the debate that deep packet inspection has been used in the past to patrol the Web in countries where the government goes after citizens critical of their policies. Should the UN implement this technology, millions if not billions of humans across the globe could be spied on.
“One reason why deep packet inspection is so controversial is that it has been used by repressive regimes -- dozens of which are members of the ITU -- to conduct extensive surveillance against their own citizens,” McCullagh said.
Lute insists that the Internet needs to remain under civilian control, but does not shy away from plans that would let the government go after so-called computer criminals and cyber terrorists. She’s advocated for law enforcement agencies to have the ability to sift through transmissions, and even told Congress that the “government must engage to secure government systems, assist the private sector in securing itself, enforce the law and lay the policy foundation for future success.”
"We want to build the most secure cyber-economy on Earth," Lute said of the DHS. "We know what we need to do for that to happen, and the inability of legislation to pass to this point is inexplicable."
Now she will be taking that know-how to the world’s largest and foremost international organization.