Just when we are experiencing a surge of accidents: EPA site removed!

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

This is not a coincidence. It is part of an on going effort to stifle the information, that safety-conscious people can pass around on the Internet. Today, we lose access to tracking the growing number of chemical industry accidents. Tomorrow will it be the airline industry (now that we've had unprecedented numbers of crashes and emergency landings)?

On Behalf Of Joseph Davis Sent: Friday, February 18, 2000 1:33 AM Subject: Denial-of-Service Attack on EPA Website

I rarely post to this list, so most of you don't know me. I edit a newsletter put out by the Society of Environmental Journalists, the Radio and Television News Directors Assn, and the Environmental Health Center (my employer). This is something I think affects journalists' ability to get information. It's just the story as I see it. But I find it curious that Congress is more worried about people getting business secrets off the EPA website than they are about people getting bomb secrets off the DOE site.

You may be familiar with EPA's Envirofacts Warehouse -- in many ways a candy store for CAR reporters. Somebody wants to padlock it.

------ The chemical industry and other industries regulated by EPA have pulled off one of the most brilliant and daring "denial of service attacks" in the recent wave of hacker attacks on major websites.

The EPA website was down today. There was not even an page online explaining why it was down.

The explanations came from Rep. Tom Bliley, R-VA, the powerful chairman of the House Commerce Committee, who has for several years been waging a war against open public access to electronic information at EPA, even when that information is legally required to be in the public record.

No press release went out on EPA's press release listserv. (How could it? EPA had been virtually silenced.) But Bliley held a press conference Thursday morning to spin the event. It was not open to all the media. It was not open to all congressional staff.

Bliley, the last time anyone counted, got more money in campaign contributions from the chemical industry than any House member except the speaker. Most of his efforts to restrict access to EPA data were first advanced by the chemical industry.

The EPA website takedown was the latest in a series of battles that last year removed from the Internet data on the toxic threats posed to communities by worst-case accidents at chemical plants. (See my article in Environment Writer of April 1999, at http://www.nsc.org/ehc/ew/issues/ew99apr.htm#rmp).

In the past year, much of the industry's agenda on information access has been advanced by a lawyer at the Washington law firm of Ropes & Gray, Mark Greenwood (202-626-3905). Greenwood's firm has organized a lobbying consortium calling itself the Coalition for Effective Environmental Information (CEEI).

Members of CEEI include the Alliance of Automobile Manufacturers, the American Forest and Paper Association, the American Petroleum Institute, BASF Corp., Boeing Co., Briston-Myers Squibb Co., Chemical Manufacturers Association, Duke Energy, Eastman Chemical Co., Kodak, General Electric, Georgia-Pacific Corp., Lockheed Martin Corp., Pharmaceutical Research and Manufacturers of America, Procter & Gamble, The Society of the Plastics Industry, Synthetic Organic Chemical Manufacturers Association, and 3M.

These firms, through CEEI, have complained about the possibility that someone might get from EPA information which they consider "confidential business information" that competitors could hurt them with. Asked to give examples where such harm had actually been done, Greenwood says he can't disclose them. The coalition of firms has been trying to expand the legal definition of "confidential business information" (CBI) to include more of what they don't want made public.

EPA showed little willingness to expand the definition of CBI, or to yield to Bliley and industry's other demands to restrict data access, and Bliley launched a separate attack criticizing EPA's website security.

That story goes back at least to a September 1997 investigation by EPA's own inspector general (but publicized by Bliley and the chemical industry), which found EPA vulnerable to hacker attacks. In April 1999, Bliley asked the General Accounting Office to study the matter. The GAO works for Congress.

GAO's security audit, too, found vulnerabilities in EPA's system. GAO communicated its findings to Bliley and EPA in December 1999, along with recommended fixes. The substance of the findings and recommendations apparently are not publicly available. On Feb. 15, Bliley wrote a letter to EPA Administrator Carol Browner complaining that EPA had not carried out enough of the recommended fixes.

Why now? Bliley had been nagging the agency about the security threat he felt was posed by the Internet for more than two years without suggesting that the EPA take its site down -- a site whose quality and usefulness had steadily been improving. The move came about a week after Feb. 7, the date of the first of a series of attacks on major websites -- which had swelled a wave of media attention and public concern. It was a wave Bliley could surf.

Bliley criticized Browner's "lack of leadership." He postponed a hearing on the matter which had been scheduled for today, Thursday, Feb. 17. He called upon Browner to "immediately shut down the Internet connection to your Agency data systems."

And she did.

In a Dec. 20, 1999 letter to Bliley, summarizing GAO's findings, Associate Director David L. McClure wrote that "several significant security weaknesses" ... "pose a serious threat to the integrity of EPS's (sic) information systems; and, if uncorrected, could allow unauthorized users to take control of EPA's network operations."

In his Feb. 15 letter to Browner, Bliley went well beyond the GAO in his portrayal of perceived dangers. "We are concerned," Bliley wrote, "that virtually all of your agency's computer data and systems may be highly vulnerable to penetration, misuse, or attack by unauthorized users via the Internet, including law enforcement-sensitive data, proprietary and confidential business information, Privacy Act data, and financial and accounting systems."

He added that a malicious hacker might even get access to worst-case chemical accident scenarios. Congress in 1990 had mandated that EPA must make these public. But last year Bliley and the chemical industry pushed through language keeping them off the Internet. At this point, Bliley's concern is largely moot, since environmental and right-to-know groups have already put most of the information online.

Jeremiah Baumann of the Nader-inspired U.S. Public Interest Research Group, called the site shutdown "a significant setback for the public's right to know."

"Rep. Bliley's actions are consistent with his record of attempts to limit the public's right to know," Baumann said. "He voted against the first right-to-know program in 1985, voted against crucial right-to-know expansions as recently as October, and last summer led an effort to block public access to information on chemical accident risks."

A statement faxed (not e-mailed) from EPA's press office said: "EPA has temporarily shut down its internet web site in order to install additional security measures as part of ongoing efforts to prevent computer hacking."

"The decision to temporarily close access to the web site was made after a meeting Wednesday [Feb. 16] in which computer security experts warned that public attention brought to the agency's potential computer vulnerabilities made EPA a likely target for hackers," it added. The implication was that Bliley's campaign was actually worsening security risks.

"In the time we have been working with the Chairman and GAO on these issues, neither has presented the Agency with any evidence - nor does the Agency have any evidence - of the actual loss of confidential business information to unauthorized users of our computer systems," the statement said.

"By knocking the EPA's website - www.epa.gov - off-line," Sierra Club spokesperson Kathryn Hohmann said in a statement, "Bliley is keeping Americans from learning about the environmental dangers they face."

"This isn't the first time that Bliley has attempted to intimidate the EPA and prevent public disclosure," Hohmann said. "Now, Congressman Bliley is using hackers as an excuse...."

-- Joseph A. Davis, Ph.D. mailto:jdavis@cpcug.org or mailto:davisja@nsc.org (202)974-2464



-- meg davis (meg9999@aol.com), February 18, 2000


Moderation questions? read the FAQ