Technology

Selling Terror


By David Banisar For a few days following the events of September 11th, it appeared that

the national psyche was changed, and perhaps in a positive way. It looked

like people would get over the petty tiffs of the roaring-90's and come

together to work for ways to improve our society.

But sociologists say that in times of crisis people fall back on familiar

routines. So it comes as no surprise that many people are using the excuse

of terrorism and the tragedy in New York for their political and economic

benefit, with serious consequences for privacy and security.

It is a given that the politicians would provide the negative leadership

in this realm. In September, the Senate passed the first of several

anti-terrorism bills with 30 minutes of discussion. When I was a kid, we

learned in civics class that the Senate was the greatest debating body in

the world, yet they spent less time figuring out how to carve up the

Constitution than they did eating lunch that day.

Then the White House offered its bill -- rehashing nearly every proposal

rejected for Constitutional problems in the last 20 years. Following some

reasoned discussion in the House and secret deals in the Senate, we now

have the USA-Patriot Act, approved with no debate in the House, and only

Senator Russ Feingold opposing it in the Senate.

Very little in the bill has to do with terror, and much of it has to do

with a government wish list of powers that they have been demanding for

years but could not get before. It allows secret searches of people's

homes, not limiting them to terrorism cases, but permitting them when

investigating any type of crime. It permits national orders for wiretaps,

which mostly will be used for drug cases, and easier access to email and

other stored communications using a search warrant, rather than a wiretap

order.

The Act includes expanded use of Carnivore to intercept Web traffic

without a real court order, and, best of all, creates the crime of

"cyber-terrorism" for interfering with various government machines, so the

next time the FBI or DOJ is embarrassed by some 12-year-old defacing their

Web site, they will be able to lock the kid up for twenty years.

As if to make it clearer that the government is going to be less

accountable with all these new powers, Attorney General Ashcroft sent a

memo to employees at federal agencies who handle Freedom of Information

Act (FOIA) requests telling them that they should be more restrictive with

release of all information, and that the Justice Department would defend

their secrecy in court, if need be. President Bush has also reportedly

signed off on a plan to limit FOIA in the name of protecting critical

infrastructure, so now the public will never know how insecure networks

are.

One Nation, One Database to Abuse

Another bad idea that has come back into currency is the national I.D.

card. This idea is like herpes -- it shows up every so often, causes a

lot of pain, is treated, and goes away to come back another day. What is

different this time is it's the tech companies, so desperate for sales,

that are out in front pushing it, instead of the politicians who still

remember the pain from last time.

Tech lord Larry Ellison at Oracle wants to sell a national I.D. card and

link all the government and private databases together. He has offered

the software to the government for free, but doesn't mention the fat

consulting fees and software upgrades, and all the people who will have to

buy his software to be compatible.

Not wanting to be overshadowed in calls for privacy invasions, Scott "you

have no privacy (because we sell the hardware to invade it) so get over

it" McNealy proposes national I.D. cards based on Java. With Sun's stock

tanking at $10 a share, McNealy must be getting desperate to raise the

value of his options a bit more.

The privacy implications of creating a giant tracking system of all people

in the U.S. does not seem to bother these modern Masters of the Universe.

After all corporate profits and ego are more important than the little

people.

And of course no one bothers to mention the security aspects of creating a

giant national database linking all of a person's activities and movements

together, accessible to all cops in the name of fighting terrorism.

This would likely be grafted to the current backbone of law enforcement

databases, the National Crime Information Center (NCIC), which is

notoriously insecure. Cops, private detectives and others regularly abuse

it. The U.S. General Accounting Office (GAO) looked at the security of the

system in 1993, and found that there were 50,000 authorized users, and

little or no access controls and audit trails. The GAO found many

incidents of abuse, including one in which an ex-cop in Arizona used it to

track down his former girlfriend and kill her.

Things have not gotten any better in the intervening time. In January

2001, prosecutors charged Los Angeles DEA

agent Emilio Calatayud with peddling information from NCIC and two other

law enforcement databases to a private investigator for six years,

charging between $60 and $80 per search. (Calatayud has plead not guilty

and is set for trial in December).

And in July 2001, the Detroit Free Press ran a two-part series on police

abuses of the Michigan Law Enforcement Information Network, which is part

of the NCIC. The paper found "Over the past five years, more than 90

Michigan police officers, dispatchers, federal agents and security guards

have abused the Law Enforcement Information Network. In many cases,

abusers turned a valuable crime-fighting tool into a personal search

engine for home addresses, for driving records and for criminal files of

love interests, colleagues, bosses or rivals."

Imagine what they will use it for when every aspect of your life is

accessible from the mobile data terminal (that's the one encrypted with

the sophisticated ASCII encryption scheme) in every police car.

Pushing Facial Identification Technology

But the award for the slimiest opportunists must go to the facial

recognition software companies. Following September 11, Visionics

Corporation put out a press release for a "Framework For Protecting

Civilization" and called for the U.S. to link cameras from public and

private organizations to the FBI through the Internet. Tom Colatosti, the

CEO of Visionics competitor Viisage, chimed in with this gem, told to

Reuters: "I am frustrated and, in fact, feel guilty that we allowed all of

this dialogue around this red herring called privacy to get in the way of

deployment."

Both companies forget to mention that the technology is so inaccurate for

identification that it would be worthless for counter-terrorism. The U.S.

Department of Defense found

that in real world testing facial recognition had an inaccuracy rate of

over 30 percent. Former Monty Python actor John Cleese was able to fool

one system currently in use in the U.K. by donning a fake beard and

earrings.

These questions about utility are not keeping the technology from being

implemented in at least ten U.S. airports including DC National, Oakland

and Boston Logan.

Do we really feel safer knowing that the police will think that one-third

of all people are terrorists because the technology is telling them so?

If this is saving civilization, I think I'd prefer a cave somewhere,

thanks, because the cops are going to be too busy chasing phantoms to

protect anyone.

This is not just a U.S. phenomenon. Governments around the world are using

the tragedy as an excuse to adopt new restrictive laws. The Canadian

Parliament is pushing through a bill that would increase wiretapping,

allow the CSE (NSA's baby Canadian brother) to monitor domestic calls,

adopt the controversial COE Cybercrime treaty without a debate, and limit

the ability of people to access government records. In the U.K., the

government is proposing changes to regulations to require ISPs to retain

data on net traffic for one year.

We're left with lots of new schemes and technologies that are likely to be

time and resource wasting and counterproductive and lead to less security.

So much for the end of business as usual. At least there are plenty of

candidates for the Big

Brother Awards next year. We may have to come up with new categories

to make sure no one is left out. David Banisar is a research fellow at the Harvard Information

Infrastructure Project at the Kennedy School of Government at Harvard University and Deputy-Director of Privacy International.


Silicon Valley State of Mind
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus