U.S. SEEKING TO LIMIT ACCESS OF SOVIETS TO COMPUTER DATA

STAT , Declassified in Part - Sanitized Copy Approved for Release 2011/12/02 : CIA-RDP90-00965R000705920001-1 r 3. "TFAP EAI -, -, - WASHINGTON POST +~ r.twt 27 May 1986 U.S. Seeking to Limit Access Of Soviets to Computer Data By Michael Schrage Washington Post Staff Writer The Penta on, concerned about the ow o tgh tec noloQV tort to Soviet bloc is truing to limit foreign access to -government and commer- cial computer data bases that con- tain sensitive technical information. A range of legal and technological options are now under exploration, from licensing access to high-tech data bases to planting special com- puter programs within the data bases to monitor who is seeking what information. Government officials concede, however, that they face formidable obstacles in devising a workable system, including such questions as whether data bases enjoy the same constitutional protections as other media and how to implement re- strictions in ways that won't deny data-base benefits to American us- ers. "It's a suoercomplex Problem but it' ,,s being worked very intently." said Donald C. Latham assistant secretary a of for comm~~t- cations. command, control a nd In- telh ence. The effort stems from a growing perception in the defense commu- nity that the export of high-technol- ogy data should be as strictly con- trolled as the export of high-tech- nology goods. "Cocom [the Coordinating Com- mittee on Multilateral Export Con- trols, the multinational organization that determines what technologies are subject to export controls] is only beginning to talk about control- ling soft information as opposed to hardware," said Stephen D. Bryen, deputy undersecretary of defense for trade security policy. But Bryen acknowledged that proliferation of global computer networks and legal constraints could make enforcement of restric- tions on international data flows very difficult. Soviet scientists have publicly confirmed that they regularly gain access to U.S. computer data bases through overseas telephone hook- ups to keep up to date with ad- vances in key technologies plus use- ful software that often resides in such systems. At a conference held recently in Rome, the head of the Soviet Union's National Center for Auto- mated Data Exchange indicated that Soviet researchers used data networks in Canada, Europe and elsewhere to gain access to com- mercial and government data bases in the United States. These data-base systems, employing sophis- ticated computer software, enable users to re- trieve in seconds reams of important technical data that would otherwise take months of pains- taking library research. Data-base retrieval has become an indispensable tool of the international research community. These systems, ranging from data bases housed in the national laboratories to commer- cial offerings from companies such as Dialog Inc. and Mead Data Central's Nexis, provide data from such fields as biotechnology, electrical en- gineering, materials science and high energy particle physics, as well as access to useful com- puter software. An Air Force study on the issue, scheduled for release next month, is expected to identify for- eign data-base access as a significant defense concern. At this time, such Soviet bloc data-base re- trieval violates no laws, which has prompted the national security community to consider coun- termeasures. One approach is to create a new classification of technical data to put it beyond the reach of ordinary data-base access. The National Tele- communications Information Systems Security Committee (NTISSIC), an interagency group chaired by Latham, is expected to recommend the creation of a category of data-called "sen- sitive"-for federal agencies to implement. These data, defined as potentially related to na- tional security, would require a special password or other method for data-base access. "The practical option is to consider classifica- tion of the data base," said the Defense Depart- ment's Bryen.. Another approach is to regulate the export of technical data in much the same way that tech- nical products are regulated. Part 379 of the Ex- port Administration Act could allow the govern- ment to license the export' of certain kinds of technical information, like computer software. "The idea is to sharpen that up," said Bryen, Declassified in Part - Sanitized Copy Approved for Release 2011/12/02 : CIA-RDP90-00965R000705920001-1  Declassified in Part - Sanitized Copy Approved for Release 2011/12/02 : CIA-RDP90-00965R000705920001-1 a and possibly require foreigners to have a license to use U.S. data bases. Such actions would raise important legal ques- tions. While data bases may contain information in the public domain, the ability to use software to search through and organize that data in certain ways "could create information that could rise to the stature of proprietary or 'controlled' infor- mation," said Donald Weadon, a Washington at- torney specializing in export control law. "These technical improvements are creating a tension between what has been U.S. policy pro- moting the free flow of scientific information and the need for sensible controls on the export and dissemination of proprietary technology infor- mation with national security implications," he said. "I'm not aware of this initiative," said Roger Summit, president of Dialog Inc., a major com- mercial data-base supplier with more than 250 data bases and 80,000 customers, many from overseas. "I don't know under what authority it would be implemented." "Our clients are confidential, and that is an important policy," said Gerald Yung, general counsel to Mead Data Central, the company that runs the Nexis data base. "We would be sensitive to national security requests; there may be con- cerns on national security questions-but we know of no such inquiries or concerns on that . at this point." "We recognize that there are legitimate na- tional security concerns," Kenneth B. Allen, vice president, government relations, for the Infor- mation Industries Association, a trade organiza- tion representing leading commercial data-base suppliers. "But we think it is dangerous for the government to censor or restrict the flow of in- formation. The association is just now starting to grapple with that issue. We're just looking at the opening salvos here." The Reagan administration has already taken steps to deny foreign nationals access to high- technology data. The Pentagon recently ruled that Soviet scientists should not be allowed to use supercomputers in this country. "The presumption is that [access to a] super- computer is the same as if you exported the su- percomputer," said Bryen. "Any computer that can't be exported, they shouldn't have access to." Consequently, Bryen argues, foreign access to data bases stored on powerful computers is tan- tamount to exporting the power of that computer without an export license. "What you have to do is make access to data bases a licensable action," he said. But there are legal questions to be resolved before that is pos- sible. For example, "access to information may not necessarily be licensable at all" under current law, Bryen said, even though it is an option that should be considered. Another approach is to use technology to mon- itor data-base access by putting in a computer program that tracks who is seeking access to particular information. For example, a research- er doing a data-base search using such keywords as "defense electronics" and "phased-array ra- dar" might trigger software designed to monitor such inquiries. "I'm very concerned about what people are doing-and not just the Soviets," said Latham, the assistant defense secretary. "If that means putting a monitor on Nexis-type systems, then I'm for it. The question is, how do you do that technically without unnecessary interference?" Declassified in Part - Sanitized Copy Approved for Release 2011/12/02 : CIA-RDP90-00965R000705920001-1