Feds Sped Approval Of Internet Change Despite Warning About National Security

The correspondence provides a window into how U.S. corporations invoke national security to expedite business requests.

In this case, the Commerce Department approved in just two days Verisign Inc.'s request at the end of October to move one of the 13 computer servers that manage global Internet traffic. Verisign operates two of the world's "root servers," which contain lists of directories that control e-mail delivery and Web surfing.

The company's lobbyists had argued that waiting additional days or weeks for approval "is a problem and could impact national security," according to e-mails among U.S. officials obtained by The Associated Press under the Freedom of Information Act.

Leading technology experts and senior government officials said the change was appropriate to correct a poor design decision made five years earlier. They said holding off for days or weeks would not have jeopardized either national security or the Internet.

Watchdog groups say it is an increasingly popular, and successful, argument for companies to claim requests need approval to avoid risks to national security.

So far, it has helped win liability protection for airlines and pharmaceutical companies and financial help for insurance companies.

"It's become the mantra. Industries are using the national security threat to get a lot of regulations they want," said Larry Noble, executive director of the Center for Responsive Politics. "The problem for government is to sort out the legitimate claims and what are cover stories."

Banks, utilities and technology companies warned Congress this year that they feared telling U.S. officials too much about their security problems because the information might be disclosed publicly and risk national security. The result: President Bush signed new exemptions from open records laws last month.

The Commerce Department said it never had been convinced by Verisign's lobbying that national security would be threatened unless the server were moved quickly to a new location in northern Virginia to protect it better from natural disasters or hacker attacks. The last such change was in 1997.

Commerce spokesman Clyde Ensslin said the department worked to approve the request "as quickly as possible, but there was no known national security threat to the root server system and therefore no need to proceed on an emergency basis."

The department approved the decision two days after the request was presented through the Internet Corp. for Assigned Names and Numbers, an organization that oversees Web addresses. The change originally was to have taken place after some of the organization's top experts made recommendations in mid-November.

With Verisign pressing, there was some confusion inside the Commerce Department, according to the e-mails.

In one series of e-mails, the head of Commerce's National Telecommunications and Information Administration, Nancy Victory, and another NTIA official were reported to have spoken with a Verisign lobbyist on Oct. 30 and "asked them to invoke the emergency procedures."

"This will allow the change to happen ASAP," wrote Robyn Layton, the Commerce agency's associate administrator.

Another Commerce employee at headquarters responded minutes later in an e-mail, asking: "So, what does this mean _ invoke the emergency procedures? Do I have to do anything on this end?'"

This employee lamented a lack of instructions for making changes to the 13 most important computers managing the world's Internet traffic. She followed up the next morning with another e-mail that "things are under control once again."

The Commerce Department said Victory never approved emergency procedures as Verisign's lobbyists had sought.

Verisign spokesman Brian O'Shaughnessy said the company "never officially asked for emergency procedures." But a second spokesman, Tom Galvin, acknowledged, "We really wanted it done as soon as it could be."

Several Commerce officials' e-mails describe a series of contacts from Verisign lobbyists making the plea for urgency.

The company wants "to push us to declare some kind of national security threat and blow past the process," one e-mail said. The subject line of another message described the company's "request for immediate authority to effect address change."

One Commerce official predicted that Verisign's Washington lobbyist "will call again today with the same 'national security' concern he had before. ... If you want me to fend him off, then I need to know what to say."

Lobbying experts said companies must cautiously decide when to invoke national security.

"Any good lobbyist always tries to fairly and accurately represent his client's position and do so in a truthful way," said Wright Andrews, a former president of the American League of Lobbyists. "It's unethical and just plain dumb to go in and make a misrepresentation."

Vinton Cerf, board chairman for the ICANN organization, said the change was planned for months and that nothing in recent weeks _ not even an unusual hacker attack Oct. 21 against all 13 servers _ justified special urgency.

"I do not think this was a consequence of the attack," Cerf said.

"I really don't think there was a national security issue," agreed Stephen Crocker of Bethesda, Md., an early Internet expert and head of an advisory committee on the security and stability of these 13 computer servers. "I think this was more a desire to make it happen and an opportunity to cut through some of the normal bureaucracy."