Bush signs Homeland Security bill - the details

For the first half of this story, see: http://www.silicon.com/a56548.

After the reorganisation is complete, the new department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection". Those are the FBI's National Infrastructure Protection Center, the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis centre and the Federal Computer Incident Response Center.

A last-minute addition to the Homeland Security bill was the 16-page Cyber Security Enhancement Act, which the House approved as a standalone bill in July. It expands the ability of police to conduct internet or telephone eavesdropping without first obtaining a court order, grants internet providers more latitude to disclose information about subscribers to police in emergency circumstances and says those convicted of malicious hacking face sentences as severe as life in prison.

Another addition, which was opposed by open government activists and journalist groups, says that information that businesses give the department that's related to "critical infrastructure" will not be subject to the Freedom of Information Act. That could include details on virus research, security holes in applications and operating system vulnerabilities.

The law also establishes an office designed to become "the national focal point for work on law enforcement technology". Categories include computer forensics, tools for investigating computer crime, DNA identification technologies and the development of firearms that recognise their owner. The office also is charged with funding the creation of tools to help state and local law enforcement agencies thwart computer crime.

The Department of Homeland Security law also creates a Directorate for Information Analysis and Infrastructure Protection that is charged with analysing vulnerabilities in systems including the internet, telephone networks and other critical infrastructures, and orders the creation of a "comprehensive national plan for securing the key resources and critical infrastructure of the United States" including information technology, financial networks and satellites.

The law also:

- requires all federal agencies, including the CIA, the Defense Department and the National Security Agency, to provide the new department with any "information concerning the vulnerability of the infrastructure of the United States"

- punishes any department employee with one year in prison for disclosing details that are "not customarily in the public domain" about critical infrastructures

- creates a privacy representative and a civil liberties officer to ensure that the department follows reasonable "privacy protections relating to the use, collection and disclosure of personal information"

- allows the department to create a national corps of volunteers to "assist local communities to respond and recover from attacks on information systems and communications networks".