Back to www.cdt.org                    
  IMAGE MAP
Access to Government Information
Join CDT's Action Network!

Join With CDT in Making an Impact on Internet Policy!
The E-Government Handbook for Developing Countries
Wanted! Missing Gov Docs
FOIA Links
US E-Gov Legislation
 		   
 

Before the
FEDERAL TECHNOLOGY SERVICE
GENERAL SERVICES ADMINISTRATION
govnet.ts.fts@gsa.gov

In the Matter of

Request for Information for a Government
Network Designed to Serve Critical
Government Functions (GOVNET)

Comments of the Center For Democracy and Technology

The Center for Democracy and Technology (CDT) appreciates the open approach that GSA has taken in soliciting proposals through this unique Request for Information (RFI) process. Ensuring that there is a very competitive and open process is a key to building a secure internal system for the government. However, CDT is concerned that there is no official equal opportunity to address the important policy issues that may arise with GovNet this early in the process. It is CDT's philosophy that it is important to build public interest concerns into the framework of the technology rather than waiting until a technology has been chosen. Therefore, while we understand that this process is meant to provide vendors to test and comment on the feasibility of the project, we felt that it was essential to provide comments on the policy issues involved at this early stage of the process.

  1. Overview

    CDT is a non-profit, public interest organization dedicated to developing and implementing public policies to protect and advance civil liberties and democratic values in new digital media. Our role is to protect the interests of the average Internet user and therefore to ensure the continued growth of an open and decentralized Internet.

    The RFI does not specify the purpose of GovNet, but the Advisor for Cyberspace Security has explained on several occasions that GovNet is meant to serve as a secure intranet for federal government agencies that may have confidential information but no secure means to exchange it internally or with other federal agencies or branches. In order to ensure the security of the system, GovNet would not be tied to in any way to the Internet or other existing networks.

    Such a system is clearly technically feasible. In fact, several such systems are already in use by the defense and security agencies.

    CDT believes that GovNet , while well-intentioned, would have to avoid some very serious concerns to be more of a benefit than a burden to the American public and specifically to Internet users. In fact, striking the proper balance for policy rules on the use of GovNet will be a difficult task and - considering the gravity of the potential unintended consequences of the project - perhaps one that is not worth the federal government's resources during this unprecedented time of national crisis.

  2. Comments on Policy Implications of GovNet

    To date, much of the public concern over GovNet can be broadly placed into two camps. The first of these is the critics that believe that GovNet will become an excuse for the federal government to fully segment itself off of the Internet. This would lead to the removal of vast amounts of public resources from the Internet and, some have said, a second Internet for use only by those that are designated worthy by the Federal Government. The second group points to the fact that the project has been tried various times in the past leading to successes only in agencies that have significant amounts of confidential information.

    Will the project be so successful that all government information is migrated to it or will the project fail due to lack of interest from the agencies? Ironically, it seems that these two arguments - sometimes made by the same critics - are at either extreme of the debate. Also, the Advisor for Cyberspace Security, Richard Clarke, has made it clear that the system would be limited to internal communications and that the purpose of the RFI is to ensure that the project does not move forward if it is deemed too costly. Yet, even with these clarification, there is still a kernel of truth to both sets of concerns that, even when not put in extreme cases, show a wide range of potential unintended consequences that have not been addressed in the RFI or Mr. Clarke's public statements. The system still runs the risk of being over or under utilized to varying degrees, calling into question the merit of continuing to develop it.

    1. If GovNet is over-utilized:
      • important public information and meetings that should take place on the Internet will be held in secret.

        While Bush Administration officials have made it clear that all public information will remain on the Internet even when GovNet has been fully implemented, Mr. Clarke has stated that agencies will decide the "mission critical" systems, documents and meetings will be provided via the new system. Therefore, it seems that the agencies will make the decisions as to what information is available on GovNet. If the system is easy-to-use and more secure than public systems, it seems clear that agencies would want to use it with more frequency than the Internet and would be tempted to use the system more frequently than originally designed. What protections are in place to assure the public that agencies do not put public information online? How will the general public be able to monitor that new services that should be public are not put directly on to a system that is secretive by design?

        To answer these questions, CDT believes that the oversight agencies would need to undertake detailed and open process oversight of agency practices in a way that has not been done with past security systems or openness rules. In other words, in order to ensure continued the growth of public information online with GovNet in place, greater resources must be provided to openness functions within the government - especially at the oversight level.

      • the model will encourage similar efforts for companies, governments and organizations thus sapping important resources from the public Internet.

        The Advisor for Cyberspace Security said in a recent speech that one of the goals of GovNet will be to create a model that can be replicated by others. While this would have the effect of creating new secure means of communicating for those organizations that can afford it, it would also cause a drain on the resources of the Internet - a network that gains its strength from its multiple varied uses and users. While this may not create the extreme of a second Internet, it could lead to a very real "tragedy of the commons." Instead of putting resources towards improving the shared Internet and creating better trust mechanisms to be used by everyone, we would be creating thousands of weaker networks to be used by a select few while at the same time removing many of the best resources from the Internet.

    2. If the system is under-utilized:
      • vast public resources that could have gone to create research and services to better secure Internet services will have gone to waste.

        It has been suggested that the resources put toward designing GovNet to date are simply testing the feasibility. However, unlike other projects run by FTS, which provides services only to agencies that contract from them, the failure of GovNet would not just impact GSA. Every dollar or minute of a researcher's time that is spent on GovNet - in both the government and private sectors - directly cuts into resources that certainly could have been spent on projects to strengthen Internet security. Therefore, it is vitally important that FTS devise an accurate, precise and public measure for agency interest, including documentation as to the exact services that will be used.

Conclusion

While CDT believes that goals of the GovNet project are worthy of increased attention, we fear that even if the project is successful, it will not be able to address the policy problems associated with overuse. In a world of unlimited finances and time, the difficulties involved in making the project work might be worth pursuing. Yet, in the country's current situation, it seems clear that the efforts that are put into making GovNet balance all concerns clearly does not outweigh the benefits that could be gained instead from a greater emphasis on Internet security generally.

CDT appreciates the efforts of the General Service Administration to address the security concerns of the federal government. We hope that this will be the beginning of a long, healthy and open dialog to discuss this important and difficult issue.

Respectfully submitted,

Ari Schwartz
Associate Director
ari@cdt.org

Center for Democracy and Technology
1634 Eye Street NW
Suite 1100
Washington DC 20006
202-637-9800

Dated: November 19, 2001


Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam
Navigation bar
Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action!
Previous Headlines | Legislative Tracking | CDT's Privacy Policy
  The Center For Democracy & Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) 202.637.9800
(f) 202.637.0968
Contact CDT

Copyright © 2005 by Center for Democracy and Technology.
The content throughout this Web site that originates with CDT can be freely copied and used as long as you make no substantive changes and clearly give us credit. Details.
CDT Mission Get Involved Staff Policy Posts Resource Library Search the Site Jobs Take Action