Online insecurity

The 11 September terrorist attacks on the USA prompted proposals by the US government to expand powers of state surveillance – proposals that are now being accepted by Congress.

The right to privacy is implicit in the Fourth Amendment of the US Constitution, which guarantees ‘the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures’, and in the Fifth Amendment, which protects against ‘private property’ being ‘taken for public use’ (1). Privacy is a right that has been forged through a number of US court cases, many of which are documented by Jeffrey Rosen in his excellent book The Unwanted Gaze: The Destruction of Privacy in America (2).

The threats to privacy that have followed 11 September are not new, but are a culmination of existing developments. So the Echelon international eavesdropping network run by the USA and other countries was built in 1971, and has its origins in intergovernmental data-sharing agreements dating back to 1947 (3). As Richard Forno, author of The Art of Information Warfare (4), points out, although today ‘the media and conspiracy theorists love to make Echelon out to be this all-encompassing new spook project’, in truth ‘it’s nothing new’ (5).

The USA’s Foreign Intelligence Surveillance Act of 1978 struck a blow against privacy by establishing a special federal court that is highly unaccountable, run by seven judges selected by the chief justice of the Supreme Court and never disclosing its proceedings publicly. The special court has approved thousands of government wiretap and warrant requests, and in the whole of its history has only ever denied one such request (6).

As use of the internet grew from the early 1990s onwards, the US government started to interpret its existing pen register and ‘trap-and-trace’ laws – originally intended to deal with the monitoring of telephone data – to allow for the collection of internet data from internet service providers (ISPs). As Carl S Kaplan notes in the New York Times, legislation proposed since 11 September simply ‘codifies the government’s pro-law enforcement interpretation’ of these existing laws (7).

But the events of 11 September did prove crucial in legitimating sweeping powers of surveillance that would have been controversial in the past. Post-11 September, Republican congressman and staunch privacy advocate Robert Barr accused the US Justice Department of seeking ‘to take advantage of what is obviously an emergency situation’ (8) – while Mike Godwin, policy fellow at the Center for Democracy and Technology (9), argued that the attitude of the Bush administration is one of ‘let’s try to get our wish list passed in the name of preventing terrorism, because Congress is unusually receptive right now’ (10).

This kind of political opportunism has precedents. Two weeks after the 1993 terrorist bombing of the World Trade Center, Democrat senator Charles Schumer proposed sweeping anti-terrorist legislation – but was unsuccessful. The bombing of the Oklahoma Alfred P Murrah Federal Building in 1995 led to a broadened definition of aiding terrorism – to such an extent that now, according to US law professor Paul Cole, ‘anyone sending a textbook to a West Bank school which turns out to be run by Hamas could face a 10-year jail sentence’ (11).

In September 1999, then attorney general Janet Reno argued for government powers to circumvent email encryption on the grounds that ‘when stopping a terrorist attack…encountering encryption may mean the difference between success and catastrophic failures’ (12). The encryption debate returned in February 2001 when US officials claimed that Osama bin Laden was using steganography methods to mask his communications (13).

On 11 September, within hours of the first attack on the World Trade Center, the FBI was knocking on the doors of internet companies and plugging in Carnivore, its internet monitoring system (14). According to a Hotmail employee, Hotmail was phoned on 11 September by FBI agents requesting information about email accounts whose usernames ‘start with the word “Allah” and contain messages in Arabic’ (15). The FBI also invoked the Foreign Intelligence Surveillance Act to force AOL and EarthLink to turn over their email records (16).

On the afternoon of 11 September, John Perry Barlow, co-founder of the Electronic Frontier Foundation (EFF) (17), sent a mass email begging Americans ‘to prevent the control mania from destroying the dreams that far more have died for over the last 225 years than died this morning’ – comparing the terrorist attacks to the burning of the Reichstag that catalysed the Nazi seizure of power in Germany in 1933 (18).

But by the end of that fateful day, anonymous remailer organisations, which provide services protecting email from possible surveillance, were shutting down their operations. Len Sassaman, who runs the remailing service Randseed, justified shutting down on the grounds that ‘at this point in time, a free-speech argument will not gain much sympathy with the Feds, judges and general public’ (19).

On the one day that email was more likely to be monitored by the authorities than ever before, methods of protecting email privacy became unavailable.

A CBS/New York Times poll conducted on 13 and 14 September asked respondents whether Americans had to ‘give up some personal freedoms in order to make the country safe from terrorist attacks’ (20). Seventy-four percent replied ‘yes’ – rising to 79 percent a week later (21).

At one of the first congress hearings after the terrorist attacks, Democrat senator Joseph Lieberman pronounced ‘a “new era” in protecting national security – including cybersecurity’ (22). Oracle chairman and chief executive Larry Ellison called for the creation of a national identity card system, and said he was ‘quite willing to provide the software for this absolutely free’ (23).

Two days after the attacks, the Senate approved the Combating Terrorism Act 2001 by a 97-0 vote. The Act would expand state surveillance powers – including use of wiretaps and of Carnivore – by reducing the statutory need for a judge’s approval before surveillance can take place. The Act was sped through after the Senate decided (by voice vote) to attach the proposal of the Act to an otherwise fairly mundane discussion of an annual spending bill.

Democrat Patrick Leahy raised privacy concerns during the Senate floor debate, claiming that he had been given barely 30 minutes to read the Act, let alone formulate his objections. And criticisms were raised about the Act’s ambiguity – it empowered authorities to obtain ‘routing’ and ‘addressing’ data, but left those terms open to a number of possible technical interpretations (24).

Meanwhile, the terrorist attacks had prompted a boom in the US security software market, driving demand for products such as the email monitoring systems manufactured by Narus Inc (25). Visionics Corp (26), manufacturers of the facial recognition technology FaceIt, saw its stock price more than triple (27) – ‘You could start putting them anywhere you need them’, said the company’s chief executive enthusiastically (28).

Further proposals for anti-terrorist legislation soon followed. Despite the pledge of US attorney general John Ashcoft that ‘we are conducting this effort with a total commitment to protect the rights and privacy of all Americans’ (29), his call for ‘the tools necessary to identify, dismantle, disrupt and punish terrorist organisations’ (30) gave some commentators cause for concern.

The Los Angeles Times warned that the USA ‘may find itself deprived not only of its two highest buildings but also of towering civil liberties’ (31). Simon Davies, director of the watchdog group Privacy International (32), anticipated that ‘there will be a point in the USA, as there has been in England and Spain, where people will forget to defend their freedom’ (33). The EFF urged all of its supporters to write to congress saying: ‘I do not believe that sacrificing essential liberties in a vain hope of improving security is good for America or the world.’ (34)

Jeffrey Rosen warned of the dangers of assuming that ‘freedom had allowed terrorists to commit the unthinkable, and therefore freedom would have to be curtailed’. He predicted that ‘our constitutional freedoms may be about to face their most serious test in several generations. We can’t protect ourselves from suicide bombers by blindly surrendering our liberty’ (35).

Rosen’s predictions were right. On 20 September Bush sent the Mobilization Against Terrorism Act (MATA) to congress, legislation that would further expand the power of the authorities – to install Carnivore in computer systems; to use the Echelon data collection system (‘even if the collection would have violated the Fourth Amendment’, according to the Justice Department); to wiretap phones; to obtain voicemail messages; to peruse the records of businesses, credit card companies and ISPs; and to obtain DNA samples from convicted felons (36).

Dianne Feinstein of the Senate Judiciary Committee requested a ‘sunset’ (expiration) period for sections of MATA. ‘If I believed terrorism would sunset in five years’, responded Ashcroft, ‘I would agree to that’ (37). Agonised negotiations began between congress and the Bush administration. Two new bills – the Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (Patriot) Act and the Strengthening Our Domestic Security Against Terrorism Act – were proposed by members of the House Judiciary committee as alternatives to MATA.

Paul Cole warned that ‘the USA has historically overreacted in times of fear, indulging in guilt by association and giving government the power to act against individuals without procedures necessary to distinguish the guilty from the innocent’ (38). The Los Angeles Times pointed out that ‘American decisions about civil liberties during wartime have been like judgements sailors make about tattoos during weekend passes’ (39). Wired News (40) and BBC News (41) published useful retrospectives of historical instances when a national crisis had been used to compromise civil liberties.

But the implementation of anti-terrorist proposals still went ahead, with the New York Times complaining that ‘so much is happening so quickly it’s hard to keep track of the legislative process, let alone follow the debate between fast-moving law enforcement experts and the more cautious civil libertarians’ (42). The Register in turn complained that ‘the government may be biding its time with its promised attack on Al-Qaeda, but it’s not wasting a split second going to war with the Bill of Rights’ (43).

Indeed, the Bush administration was shameless in using the attacks to shut down debate and justify rushed legislation. Ashcroft warned that ‘the American people do not have the luxury of unlimited time in erecting the necessary defences to future terrorist acts’ (44). ‘What’s the rush?’ responded Jerry Berman, executive director of the Center for Democracy and Technology. ‘This is not the way to deal with our constitutional liberties.’ (45)

But Ashcroft was having none of it, arguing that ‘talk will not prevent terrorism’ (46) and that ‘it is time for us to be productive on behalf of the American people’ (47). Ashcroft’s comments characterised congress’ approval of the proposals as a tiresome formality, which got in the way of safety proposals that were apparently so necessary that they were above criticism.

Thankfully, Ashcroft’s proposals did meet with resistance, both within congress and from organisations such as the American Civil Liberties Union. But compared to civil liberties disputes in the past, the criticisms seemed muted – tending to call for a compromise between privacy and safety, rather than robustly opposing any intrusion by the state into people’s lives.

Law professor Peter Swire, previously the Clinton administration’s chief privacy counsellor, summed up the conciliatory critical mood: ‘when someone claims that we should make a security improvement at the expense of privacy or other values, we should…make sure that the security payoff is really there.’ (48) This is the dry language of risk assessment, not the language of confrontational political debate.

An unfortunate consequence of the terrorist attacks has been a chilling effect on political debate.

The most outspoken resistance to Ashcroft’s proposals came from the In Defence of Freedom Coalition (49), an umbrella group of over 150 organisations that straddles the political spectrum – incorporating everybody from the Gun Owners of America to the Gay and Lesbian Taskforce. Its mission statement argued that ‘we can, as we have in the past, in times of war and of peace, reconcile the requirements of security with the demands of liberty’ (50). But there can be no case for a wartime approach to security and liberty because America is not at war, in the sense that its domestic interests are not under threat. And again, the Defence of Freedom Coalition was using the rhetoric of give-and-take liberties, rather than hard-and-fast liberties.

For Hal Plotkin, former organiser of 1994 peace talks between Israel and Palestine, ‘a centralised government database that tracks individual movements, activities and associations…could easily be misused if and when it falls into the wrong hands’ (51). But the starting point for a traditional conception of civil liberties is that the government’s hands are the wrong hands to begin with, by definition, for anything that compromises the privacy of the individual.

By capitulating to public fears and conceding to a perceived general need for safety, critics of the US government were already halfway towards losing the argument for privacy. As long as one assumes the need to prevent terrorists from using the internet, then the right to privacy becomes sidelined in political debate. But it is unreasonable to assume such an unrealistic need – as Caspar Bowden, director of the Foundation for Information Policy Research (52), points out, ‘the only way to stop terrorist cells communicating via the internet is to disinvent it’ (53).

Capitulation to prevailing safety concerns has meant that the dissidents in congress have been unsuccessful in mounting an opposition. ‘The left is not completely happy with the bill and neither is the right’, said House Judiciary chairman James Sensenbrenner, encapsulating the awkward consensual mood. ‘I think this means we’ve got it just about right.’ (54) Praised by the US media for being ‘bipartisan’, the debate in congress was a messy compromise that left civil liberties the worse for wear. Its schizophrenic character provoked an article by Jeffrey Rosen entitled ‘The terrorism bill does too much and not enough’ (55).

House and Senate leaders attempted to pass separate bills on expanded state powers – the House pushing for the Patriot Act and the Senate pushing for the Uniting and Strengthening America (USA) Act – with the Senate’s version granting greater surveillance powers to the state. Ashcroft continued to try to rush proceedings, leading Democrat senator Russ Feingold to protest: ‘I can’t understand why we can’t have just a few hours of debate’ – a remarkable thing for an elected political representative to have to say (56).

The haggling between House and Senate continues. If the debate so far is anything to go by, further negotiations are likely to be messy, half-cocked and a serious threat to civil liberties.

Sandy Starr has consulted and written on internet regulation for the Organisation for Security and Cooperation in Europe, and for the European Commission research project RightsWatch. He is a contributor to Spreading the Word on the Internet: Sixteen Answers to Four Questions, Organisation for Security and Cooperation in Europe, 2003 (download this book (.pdf 576 KB)); From Quill to Cursor: Freedom of the Media in the Digital Era, Organisation for Security and Cooperation in Europe, 2003 (download this book (.pdf 399 KB)); and The Internet: Brave New World?, Hodder Murray, 2002 (buy this book from Amazon (UK) or Amazon (USA)).

Read on:

spiked-issue: After 11 September

spiked-issue: Privacy

(1) See the Bill of Rights

(2) Jeffrey Rosen, The Unwanted Gaze: The Destruction of Privacy in America, 2000. Buy this book from Amazon (UK) or Amazon (USA)

(3) See What you need to know about Echelon, BBC News, 29 May 2001

(4) Richard Forno, The Art of Information Warfare: Insight Into the Knowledge Warrior Philosophy, 1999. Buy this book from Amazon (UK) or Amazon (USA)

(5) Snooping isn’t email delay cause, Michelle Delio, Wired News, 25 September 2001

(6) See The court that wields the wiretap, Edmund Sanders, Los Angeles Times, 30 September 2001

(7) Concern over proposed changes in internet surveillance, Carl S Kaplan, New York Times, 21 September 2001

(8) As Senate begins consideration of anti-terrorism legislation, House panel says concern over civil liberties requires slowdown, ACLU, 25 September 2001

(9) The end of liberty, Salon.com, 22 September 2001

(10) See the Center for Democracy and Technology website

(11) Liberty curtailed in the land of the free, Guardian, 19 September 2001

(12) Press briefing on encryption policy, White House, 16 September 1999

(13) See Bin Laden: Steganography master?, Wired News, 7 February 2001

(14) For information on Carnivore, see the Carnivore FOIA litigation section of the Electronic Privacy Information Center website

(15) Anti-attack Feds push Carnivore, Wired News, 12 September 2001

(16) ISPs aid FBI in terrorist search, CNET News.com, 13 September 2001

(17) See the Electronic Frontier Foundation website

(18) Civil liberty the next casualty?, Wired News, 13 September 2001

(19) Anti-attack Feds push Carnivore, Wired News, 12 September 2001

(20) Poll: revenge and return, CBS News, 15 September 2001

(21) Poll: strong support for war effort, CBS News, 24 September 2001

(22) Information security: a new priority, Industry Standard, 14 September 2001

(23) Oracle boss urges national ID cards, offers free software, SiliconValley.com, 22 September 2001

(24) Senate OKs FBI net spying, Wired News, 14 September 2001

(25) See the Narus Inc website

(26) See the Visionics Corp website

(27) See A cautionary tale for a new age of surveillance, Jeffrey Rosen, New York Times 7 October 2001

(28) 1984 + 17: crisis monitoring, New York Times, 30 September 2001

(29) Don’t expect quick passage of anti-terrorism package, Washington Post, 25 September 2001

(30) Congress weighs anti-terror bill, Wired News, 25 September 2001

(31) Cyber-spy with caution, Los Angeles Times, 19 September 2001

(32) See the Privacy International website

(33) ‘The land of the free may become less so’, Los Angeles Times, 21 September 2001

(34) Anti-terrorism legislation threatens privacy, EFF, 17 September 2001

(35) Terrorism and freedom, then and now, Jeffrey Rosen, 13 September 2001

(36) Bush submits his laws for war, Wired News, 20 September 2001

(37) Wiretap bill gets third degree, Wired News, 26 September 2001

(38) Liberty curtailed in the land of the free, Guardian, 19 September 2001

(39) ‘Balancing liberty with security measures’, Los Angeles Times, 24 September 2001

(40) Why liberty suffers in wartime, Wired News, 24 September 2001

(41) Civil rights and censorship, BBC News, 8 October 2001

(42) Concern over proposed changes in internet surveillance, Carl S Kaplan, New York Times, 21 September 2001

(43) Face recognition software gets a boost, Register, 24 September 2001

(44) Congress weigh anti-terror bill, Wired News, 24 September 2001

(45) ‘Push for increased surveillance worries some’, Los Angeles Times, 25 September 2001

(46) Clash looms on civil liberties, Guardian, 2 October 2001

(47) Senate democrats pressured on terror bill, New York Times, 3 October 2001

(48) Information security: a new priority, Industry Standard, 14 September 2001

(49) See the In Defence of Freedom Coalition website

(50) See the mission statement on the In Defence of Freedom Coalition website

(51) No silver bullets – giving up privacy for security will leave us with neither, SFGate, 18 September 2001

(52) See the Foundation for Information Policy Research website

(53) See ’There’s only one way to stop terrorists using net’, Caspar Bowden, BBC News, 2 October 2001

(54) ‘Senators agree on anti-terror bill’, Los Angeles Times, 3 October 2001

(55) The terrorism bill does too much and not enough, Jeffrey Rosen, New Republic, 4 October 2001

(56) A senator’s lonely privacy fight, Wired News, 11 October 2001