Is stepped-up government surveillance of cyberspace needed in the wake of the terrorist attacks on New York and Washington, D.C.?
Government officials have not yet revealed any plans to curtail individual freedoms online. But concerned privacy advocates are urging authorities to take a long-term view of any new eavesdropping proposals.
One fear is that government will attempt to reverse recent easing of encryption laws on the premise that cryptography may have aided those who on Tuesday made the deadliest terrorist strike in U.S. history.
“The encryption debate is likely to rise again,” says Richard Smith, chief technology officer (CTO) for the Privacy Foundation.
Good intentions, but…
He says some well-intentioned proposals may attempt to curb the use of strong encryption and increase scrutiny of digital communications.
“Immediately after the Oklahoma City bombing, there were calls to restrict the use of encryption technology,” recalls Cindy Cohn, legal director of the Electronic Frontier Foundation. She points out, however, encryption technology was not involved in those attacks.
“The strictest controls on encryption technology would not have had any impact on that attack,” Cohn says.
As a direct result of the 1993 bombing of the World Trade Center, the Clinton administration proposed a cryptology scheme that would let anyone “lock” online communications. The catch is that the government would get a key to access that data.
“There is often an unfortunate difficult tradeoff between adverse elements of society using encryption to further their causes, versus the individual at large protecting their privacy using the same technology,” says Kon Leong, president of ZipLip.com, a company that sells email encryption services to consumers and businesses.
Almost immediately after Tuesday’s attacks, questions were raised about why U.S. intelligence was caught off guard when it has sophisticated electronic surveillance tools.
One is Echelon, a system to monitor global communications that has never been officially acknowledged. Another is Carnivore (now called DCS1000), the FBI’s e-mail monitoring system.
“Echelon has concentrated on areas that are way outside the national security arena,” such as counter-narcotics investigations, eavesdropping on non-profit groups, and monitoring possible rivals to U.S. businesses, says Wayne Madsen, a former computer and communications security staffer for a number of government agencies.
“Why devote valuable resources to that?” he asks. “No one would argue with using these systems to counter terrorists,” but putting Echelon to use for businesses is “ridiculous,” he says.
Use of electronic communications surveillance technology will probably be reevaluated in light of the attacks, he says. But President Bush would have to order a shift from counter-narcotics work to focus more strongly on anti-terrorism activities.
“They really need to refocus their priorities to focus on the real threats,” Madsen says.
FBI quizzes ISPs
In fact, there is already talk that Carnivore’s use has increased since the attacks. Numerous ISPs (Internet service providers) and carriers, including WorldCom and Yahoo, did not return requests for comment. Verizon Communications declines comment. Microsoft and EarthLink also decline comment, but say they are cooperating with authorities where appropriate.
America Online, however, “[has] not been approached about Carnivore,” says Nicholas Graham, AOL spokesperson. “We have long stated that we would not use nor would we comply with [Carnivore],” he adds. However, AOL complied with FBI requests for information on Tuesday, Graham says, declining to give details.
Existing surveillance technology might not have prevented these attacks even if it had been squarely trained on terrorist activity, Madsen says.
The perpetrators “probably did not rely on any high-tech/low-tech means. Probably it was no-tech,” he says. Most likely, the terrorists used small cells of operatives and safe houses to coordinate the attack.
Despite this, Madsen expects that use of Echelon, Carnivore, and other snooping technologies will increase. Their use is likely to raise the same privacy and legal concerns that it has in the past, he said, but “if Echelon is geared toward a real national security target, is anyone going to say he has privacy rights?”
The FBI and the U.S. Customs Service have declined to comment on the possibility of increased surveillance, or its need.
The potential for eroding privacy and personal liberties is very much on the mind and keyboards of Netizens, who are going online to discuss the week’s events.
Writers of weblogs, or “blogs” as they are called–a sort of interactive online personal journal–are debating whether security measures intended to ensure safety might turn out to be more of a threat to personal liberty than are terrorist attacks. Many tech industry old-timers are weighing in with their concerns.
One blog, run by technology industry pioneer Dave Winer, contains particularly thoughtful posts. So does industry gadfly Jerry Pournelle’s site.
“Mourn the republic,” Pournelle says in one response to many posts expressing concern for privacy rights.
Winer says, “People call it an act of terrorism, but it’s an act of war. The Pentagon is the U.S. military headquarters. It’s an impossible stretch to see that as terrorism. If the targets of attack were only civilian, that’s terrorism. An attack on the Pentagon is an act of war … As Daniel Schorr said on NPR, this was different from Pearl Harbor. That attack had a return address.”
Meanwhile, Electronic Frontier Foundation founder John Perry Barlow agonizes about the fate of personal liberty in the face of the attacks.
“Nothing could serve those who believe that American ‘safety’ is more important than American liberty better than something like this,” Barlow writes. “Control freaks will dine on this day for the rest of our lives…I beg you to begin NOW to do whatever you can – whether writing your public officials, joining the ACLU or EFF, taking to the streets, or living visibly free and fearless lives – to prevent the spasm of control mania from destroying the dreams that far more have died for over the last two hundred twenty five years than died this morning.”
Watchdog groups’ role
Privacy watchdog groups plan to closely monitor any threat to individual liberties.
“I believe it is a mistake to assume that the government’s response would be to impose controls on the Internet or expand surveillance authority,” says Marc Rotenberg, executive director of the Electronic Privacy Information Center.
The American Civil Liberties Union issued a statement Wednesday urging restraint by lawmakers.
“We strongly applaud the words of our national leaders who, in reaction to this unparalleled tragedy, have promised to preserve the free and open society that has made this nation great,” ACLU executive director Anthony Romero says in the statement.
“We welcome, in particular, the eloquent words of President Bush who told the nation last night that, ‘America was targeted for attack because we’re the brightest beacon for freedom and opportunity in the world. And no one will keep that light from shining.'”
Rotenberg believes decision-makers in Washington are more interested in promoting safety than encouraging greater surveillance.
“No one wants to sacrifice American freedoms to terrorist threats,” he says. “It is the greatest defeat that we could suffer as a country.”
Cohn says any knee-jerk reaction would be wrong.
“I think our role in this debate is to pay attention to what the unintended consequences on our civil liberties could be. That’s our primary concern, at least right now,” she says.
“At the moment, we don’t know enough about what happened to begin to decide whether there are measures we need to take to respond,” Cohn says. “And I think at this moment what we need to do is to have a bit of patience to let the law enforcement agencies do their job to figure out what happened.”
(Stuart Johnston, PCWorld.com contributing editor, and Sam Costello of the IDG News Service contributed to this report.)