[iwar] [fc:E-terrorism:.Liberty.vs..security]

From: Fred Cohen (fc@all.net)
Date: 2002-08-28 06:48:22
Next message: Fred Cohen: "[iwar] [fc:Military.experts.say.there's.no.evidence.Saddam.is.close.to.having.a.weapon]"
Previous message: Fred Cohen: "[iwar] [fc:Chinese.strategists.suggest.U.S..would.not.defend.Taiwan.if.attacked.by.mainland]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200208281348.g7SDmM924027@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Wed, 28 Aug 2002 06:48:22 -0700 (PDT)
Subject: [iwar] [fc:E-terrorism:.Liberty.vs..security]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

This story was printed from ZDNN,
        located at http://zdnet.com.com/2001-11-0.
        --------------------------------------------------------------

E-terrorism: Liberty vs. security
By John Borland and Lisa M. Bowman 
Special to ZDNet
August 27, 2002, 6:27 AM PT
URL: http://zdnet.com.com/2100-1105-955493.html 

SAN FRANCISCO--Earlier this year, a few California scuba divers found out just how 
far the long arm of the law can reach since Sept. 11. 

E-terrorism
The real risks of e-terrorism

Federal agents concerned about scuba-related terrorist plans requested
the entire database of the Professional Association of Diving
Instructors .  Unbeknownst to most of its members, the organization
voluntarily handed over a list of more than 100,000 certified divers
worldwide, explaining later that it wanted to avoid an FBI subpoena that
would have required far more information to be disclosed. 

Cindy Cohn, an attorney with the Electronic Frontier Foundation and a
diver listed in the database, was livid after learning of the incident. 
Such concerns resonate with particular volume in this liberal city where
the EFF is based, which has a long history of protesting government
intrusion. 

"You participated in creating an FBI file on me and all the rest of your
customers, loyal Americans who have done nothing wrong and who now face
the process of increased surveillance by virtue of the fact that we did
business with you," Cohn wrote in a letter to the Southern
California-based divers association. 

Since Sept.  11, databases containing information on tens of thousands
of ordinary people have found their way into the hands of federal
investigators hungry for any scraps of data that might serve as leads in
terrorism investigations.  Grocery shopping lists, travel records and
information from other, more public databases have all been caught in
the government's antiterrorism net. 

 In this security-conscious climate, it seems that no activity is off
limits to government inspection--and with good cause, many would say. 
After all, no one predicted that flight school students would bring down
the World Trade Center towers, and few would advocate withholding
information that could prevent another terrorist attack.  Polls show
that many people are willing to tolerate increased surveillance, higher
encryption standards and other measures for the sake of security. 

But civil libertarians worry that the increased investigative powers
granted since the attacks, and people's eagerness to comply with them,
have needlessly entangled innocent citizens and threaten to undermine
constitutional rights to privacy and free speech.  Even without explicit
limitations, some say that fear of reprisal may have a chilling effect
on public behavior. 

Either way, those on all sides of the issue agree that the country has
undergone changes both psychological and practical, perhaps as subtle as
a reluctance to visit an Islamic Web site or as obvious as federal
legislation seeking broader online surveillance by law enforcement
authorities.  While civil libertarians decry the changes, however, their
warnings aren't being widely embraced. 

"People pretty readily let go of privacy concerns as soon as security is
involved," said Jonathan Zittrain, co-director of Harvard University Law
School's Berkman Center for Internet and Society.  "To the extent that
the concern about privacy is a concern about abuse of information by the
government...what is the greater threat, terrorism or a government run
amok? People are generally going to say terrorism."

Ironically, despite its libertarian roots, the Internet has arguably
hastened that shift.  Given the proliferation of log files and massive
customer databases, combined with easy access to controversial sites and
other information, the Net has accelerated the debate over electronic
information and terrorism. 

Perhaps most worrisome to Arab Americans and privacy advocates, the FBI
has proposed easing 1970s-era restrictions that prevent them from spying
on people based solely on political activities.  Under the new
guidelines, agents would be able to mine publicly available databases
even if they aren't conducting a specific investigation, carrying out
what civil liberties activists worry would be a digital fishing
expedition producing nothing but massive amounts of irrelevant data. 

Information on exactly what databases have been tapped is scarce, but
some instances have come to light:

* An informal poll conducted by the Boston Globe and the Privacy Council
consultancy found that 64 percent of travel-related and transportation
companies had given federal investigators access to customer or employee
data after Sept.  11.  Only 14 percent of those companies informed
customers of their actions. 

* Privacy Council CEO Larry Poneman said in a recent interview that an
unnamed supermarket chain had given shopping club card records to
federal investigators. 

* Lexis/Nexis, the massive database containing news articles, legal
filings and public records of all kinds, says it is working more closely
with law enforcement on several fronts since last September, including
"authentication" of individuals' identity. 

Civil libertarians complain that federal authorities are giving little
to no indication of how this information is being used.  A recent
attempt by several congressmen to obtain a report on how the new legal
tools were being used in investigations was rebuffed by the Justice
Department, which asked for more time to answer their detailed
questions. 

"It's very important that that information be disclosed," said David
Sobel, general counsel of the Electronic Privacy Information Center, a
group that helped bring the FBI's use of Net monitoring tools to light
for the first time with its Freedom of Information Act requests. 

EPIC, along with the American Civil Liberties Union and the American
Booksellers Foundation for Free Expression, filed on Aug.  21 its own
Freedom of Information Act request for details on how Patriot Act powers
are being used. 

"There aren't yet any answers," Sobel said. 

Nor is it clear what online behavior might be considered suspicious--and
some believe that Internet service providers, companies and
organizations may take unduly severe actions on their own in erring on
the side of caution.  Overzealous network managers, for example, could
arbitrarily restrict certain communication or access to some Web sites,
just as they often block pornography or filter e-mail that contains
obscenities. 

More spying or same as it ever was?

Much of the security-vs.-privacy debate has centered on legislation
enacted quickly after the September attacks, the turgidly named "Uniting
and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism (USA PATRIOT) Act."

The American Civil Liberties Union called it a far-reaching law that
badly undermined privacy and judicial oversight.  Many of the nation's
largest newspapers editorialized against the measure as reactionary. 

Nine months later, however, many judicial experts are playing down
initial fears over the legislation's severity.  A law review article
scheduled for publication early next year by former Justice Department
attorney Orrin Kerr provides one of the first detailed analyses of the
so-called Patriot Act that compares it to previous investigative
practices. 

"The law is a lot more balanced than people thought," Kerr said, adding
that it does little to change the way authorities do their jobs.  "The
government ended up introducing a law that didn't really take any major
steps."

At its core, the Patriot Act explicitly spells out new rules under which
authorities can monitor online communications such as e-mail or Web
surfing.  As was the case with wiretapping or other surveillance, agents
must get judicial permission to obtain more information. 

Under the law, authorities can obtain information such as where e-mail
was sent or originated, and at what time.  Roughly analogous to reading
an envelope but not the letter inside, this means no court order is
needed.  If agents want to monitor an Internet service account to
determine when messages are sent, they need a judge's permission but
with relatively little justification. 

If agents seek the contents of a missive, which would include such
elements as the body and subject line of an e-mail, they would need a
court order requiring a much higher level of justification, legal
experts say.  Although new, these laws mirror previously secret court
decisions on FBI attempts to install high-tech spying equipment,
according to Kerr and lawyers representing ISPs. 

ISPs are reluctant to discuss surveillance details, citing national
security concerns.  But they do say that surveillance requests have
increased since last September, though their extent is difficult to
gauge. 

"There has been some upswing, but it's not very significant," said Mike
Harrad, a spokesman for Road Runner, Time Warner's cable Net service. 
"The view here is that the increase in requests has probably more to do
with the more vigilant approach taken by enforcement agencies in the
post-9/11 world than it has to do with the Patriot Act per se."

Others are more concerned.  "In some instances, law enforcement is being
aggressive in interpreting USA Patriot to go beyond what was intended,"
says Stewart Baker, a Washington attorney who represents ISPs. 

Baker and other ISP sources say some law enforcement agents make
requests for records of subscribers' past communications--for which no
court order is needed--so frequently that it has nearly amounted to
real-time information.  For instance, agencies might request information
about a subscriber several times a day or more, instead of seeking a
week's worth of log files. 

Authorities hitting the books

Libraries also have concerns about the Patriot Act, particularly
provisions that lower the standards for obtaining patron records.  Under
one portion of the law, federal agents need only a search warrant--which
requires immediate release of the records--and no longer have to show
that they might find evidence of a crime. 

What's more, the process is now secret.  The court that approves these
searches holds closed sessions, and librarians face prosecution if they
disclose information about the inquiry to anyone, including the subject
of the investigation. 

For years, many libraries have had electronic systems that delete
checkout records after a few weeks.  But information about people who
have books checked out and those who owe fines are kept in the database
until they return the books or pay the fees.  Of 1,026 libraries
surveyed by the American Library Association earlier this year, 85--or
8.3 percent--had received Sept.  11-related requests for records from
government agents. 

"If you use libraries, whatever you take out is information that could
be demanded by the FBI," ALA President Mitch Freedman said.  "The
library user is just one small person who's been impacted by this
dramatic expansion of investigative powers." The FBI and other law
enforcement organizations declined to comment on any details regarding
terrorism-related investigations.  But comments made by officials in
public have heightened concerns among civil liberties groups. 

On a recent trip to San Francisco, John Frazzini, a special agent with
the Electronic Crimes Branch of the Secret Service, pleaded with
companies to cooperate more fully in online investigations and report
break-ins.  He also warned of new crackdowns on hackers. 

"If you're a U.S.  citizen and you're breaking into computer networks,
not only are you criminal but I think you're unpatriotic," he said. 

Although they do not know of any prosecutions based on post-Sept.  11
changes, defense attorneys say they are already seeing their effects in
other ways.  Jennifer Granick, a defense attorney and director for
Stanford University's Center for Internet and Society, said she and her
colleagues have noticed that judges and juries are far more wary of
hackers than they have been in years and are enforcing existing laws
more actively. 

"They hear you're a hacker, and in this post-9/11 climate, they just get
scared," Granick said, adding that technologists and hackers who point
out legitimate security concerns risk getting caught in law
enforcement's new web. 

She points to a case in Los Angeles, in which a man faced criminal
charges after posting information on a Web site that pointed out
insecurities in some e-mail software and offered a repair.  The man was
convicted under a federal computer break-in law and is awaiting
sentencing. 

"We are dismantling the checks and balances and basically letting
government have a free-for-all," Granick said.  "It may get uglier
before it gets better."


------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/MVfIAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Military.experts.say.there's.no.evidence.Saddam.is.close.to.having.a.weapon]"
Previous message: Fred Cohen: "[iwar] [fc:Chinese.strategists.suggest.U.S..would.not.defend.Taiwan.if.attacked.by.mainland]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT