A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, "phishing" alerts, commentary regarding staffing levels. etc. etc.
Government Computer Security
August 10, 2009 at 4:39 pm #77470
If it wasn't so SAD it probably would be funny!
Uncle Sam Wants to Control Your Computer
Analysis: As wing-nut conspiracy theories go, this one's a doozy. And fortunately, it's not true, no matter what Glenn Beck says.
Robert X. Cringely, InfoWorld
Tuesday, August 04, 2009 02:26 PM PDT
As conspiracy theories go, this one's a doozy. It seems the Obama Administration is secretly trying to turn your computer into a surveillance tool by inducing you to trade in your old car.
If that doesn't sound completely loony to you, then you're probably a fan of Glenn Beck. In a five-minute segment broadcast last Friday
[ Also on InfoWorld: "Uncle Sam's IT dashboard: Your tax dollars at work" | Stay up to date on Robert X. Cringely's musings and observations with InfoWorld's Notes from the Underground newsletter. ]
The scary language reads in full:
"This application provides access to the DoT CARS system. When logged on to the CARS system, your computer is considered a Federal computer system and is the property of the United States Government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy.
"Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DoT, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion CARS or the DoT personnel.
"Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties."
According to Beck and the "experts," this means anyone who uses Cars.gov to buy or sell a car will have their PCs taken over by Uncle Sam, in perpetuity. Or as FoxBabe Kimberly Guilfoyle puts it:
"Guess what, they can continue to track you basically forever. Once they've tapped into your system the government of course has malware systems and tracking cookies and they can tap in any time they want.... it's so broad they can just about do anything with it, saying that it's in the government's interest...."
Of course, this "news" has been bouncing around the conservative blogosphere ever since. (Kudos to Cringe reader M. A. for bringing it to my attention.)
There are a few problems with this story, besides Guilfoyle's ditzy ignorance of how computers and networks operate. ("Malware systems"? Hello?)
For one thing, this disclaimer is for car dealers participating in the program, not consumers, which somehow escaped the eagle eyes of Beck, et al. They apparently also missed the key phrase "when logged on to the CARS system..."
So while car dealers are connected to the vast digital hydra that is the federal computing network, looking to get reimbursed by our Uncle, they're part of the federal computing network. And when they log off, they're not. Stop me if that's a difficult concept to grasp.
It's no different than logging on remotely to your employer's corporate network from your own PC. You boss has the right to monitor your activity if he/she wants to (and, according to surveys conducted by the American Management Association, most large enterprises do, though not in a 24/7 Big Brother Is Watching kind of way). Your company's IT department has the right to ensure your system isn't introducing malware onto the network or leaking confidential information to its competitors.
In short, when you're on the boss' turf, you play by the boss' rules. When you log off, those rules don't apply any more, no matter what the bobble-heads on Fox News tell you.
The third point Beck missed: This language isn't new. The same disclaimer, save for one or two proper nouns, has been used on federal and state Web sites since at least 2001, and probably much earlier. (Extra points for Cringesters who can identify the original source of this disclaimer.)
It can be found on the sites of Los Alamos National Labs, the National Oceanic and Atmospheric Administration, FermiLabs, Sandia National Labs, the Health Physics Society, Oak Ridge National Labs, and the University of Tennessee, to name a handful.
Do I believe the government should be messing about on private citizens' computers, just because they want to take advantage of a federal program? Absolutely not. But I don't believe that's what's happening here. This is just fearmongering, grasping at anything in order to generate controversy (and ratings, of course).
As Beck says near the end of the segment: “These are evil people... wicked, crazy, frightening people.”
I think he's right. But only when watching himself in the monitor.
Well, that didn't take long. My post earlier this week ("Does Obama want to tap your computer?") generated a swarm of responses, some of them calling for my head. Whenever you take on folks like Glenn Beck and Fox News, that's pretty much what you're in for.
But I wanted to correct a few things I got wrong and clarify a few other points -- hence this "special follow-up" post.
[ Read the InfoWorld post that started this debate: "Does Obama want to tap your computer?" | Stay up to date on Robert X. Cringely's musings and observations with InfoWorld's Notes from the Underground newsletter. ]
First, as several Cringesters noted, I was wrong about the phrase "your computer is considered a Federal computer system and is the property of the United States Government" appearing on other sites for years. That language is apparently new. Mea culpa.
The other language about uses of the federal system being monitored, intercepted, recorded, audited, etc. is a standard part of many government Web sites, however, like it or not. (I don't actually like it, though I understand why it's there.)
Cringester C. B. notes the warning banner that's caused all this fuss is a requirement of the Federal Information Security Management Act. Ironically enough, the security specs for federal Web sites were approved yesterday, though drafts of it have been kicking around since at least 2005. However, nowhere in the 236-page NIST Special Publication 800-53 PDF does that "your computer is now our computer" language appear.
Is this language scary? Sure, if you really believe the feds seriously want to impound the computers of thousands of Americans. Otherwise, it just looks like a rather unfortunate choice of language. And in fact, that's what it seems to be.
After I posted my entry, the U.S. Department of Transportation told reporters at PolitiFact's Truth-O-Meter that...
"A security warning on the cars.gov dealer support page that stated computers logged into the system were considered property of the Federal Government has been removed. We are working to revise the language. The language was posted on the portion of the website accessible by car dealers and not the general public."
"It would be factually inaccurate to say that any computer that went to cars.gov would become the property of the U.S. government," said Sasha Johnson, a DOT spokeswoman.
Of course, the Beckheads can now crow about how they made the Obamaniacs back down from their Stalinesque plans for a new totalitarian state. There's not enough tin foil in the world to cover all those noggins. The fact remains this was a nutty idea from the get-go, scary language or not.
Then again, maybe I'm just a secret agent of the Obama government, out to control your brain, as reader M. C. G. seems to believe (all capitals are his):
YOU, sir, are precisely the reason why this country is in such a mess. YOU appear to believe that THE GOVERNMENTS [Federal, state or local] somehow have the ultimate answer to everything and can make everything better if the citizens will only bow down and submit.
(Though I have to wonder: Where were all these champions of individual freedom when the previous administration was placing actual wiretaps on actual phones, sans warrant or other legal justification? Why are theoretical threats to your rights scarier than real violations of it?)
The Electronic Frontier Foundation's Hugh D'Andrade notes that the Cash for Clunkers terms of service definitely overreached, as many EULAs do, but not as badly as Fox News' coverage of it. He writes:
Clicking "continue" on a poorly worded Terms of Service on a government site will not give the government the ability to "tap into your system... any time they want." The seizure of the personal and private information stored on your computer through a one-sided click-through terms of service is not "conscionable" as lawyers say, and would not be enforceable even if the cars.gov website was capable of doing it, which we seriously doubt. Moreover, the law has long forbidden the government from requiring you to give up unrelated constitutional rights (here the 4th Amendment right to be free from search and seizure) as a condition of receiving discretionary government benefits like participation in the Cars for Clunkers program.
Again, per PolitiFact:
Although Beck began his segment by noting that the warning was on a part of the site for dealers, Guilfoyle then distorted the truth by suggesting it applied to members of the general public coming to the site for information about Cash for Clunkers. The allegations escalated as she and Goldberg issued warnings about anyone even typing in that address at home. And that's just wrong.
Had she said from the start that this just applied to dealers completing transactions, we might be more generous in our ruling. But we think anyone who saw the July 31 program -- in which she claimed "seriously, they can get all your information" -- would be left with the clear impression that anyone who logged into the cars.gov site was opening their computer to Big Brother. And that's False.
For the record, I'm not a fan of Big Government. I'm also not crazy about the lack of privacy protection at work; I merely pointed out that such restrictions are common. And my editors lunge for the Maalox whenever I veer even close to political topics. But there's a lot of paranoia and misinformation out there, and I felt compelled to try and correct some of it.
Don't like it? That's fine, it's a free country. And yes, it's still a free country, despite what the bobbleheads say.
You must be logged in to reply to this topic.