By David Banisar For a few days following the events of September 11th, it appeared that
the national psyche was changed, and perhaps in a positive way. It looked
like people would get over the petty tiffs of the roaring-90's and come
together to work for ways to improve our society.
But sociologists say that in times of crisis people fall back on familiar
routines. So it comes as no surprise that many people are using the excuse
of terrorism and the tragedy in New York for their political and economic
benefit, with serious consequences for privacy and security.
It is a given that the politicians would provide the negative leadership
in this realm. In September, the Senate passed the first of several
anti-terrorism bills with 30 minutes of discussion. When I was a kid, we
learned in civics class that the Senate was the greatest debating body in
the world, yet they spent less time figuring out how to carve up the
Constitution than they did eating lunch that day.
Then the White House offered its bill -- rehashing nearly every proposal
rejected for Constitutional problems in the last 20 years. Following some
reasoned discussion in the House and secret deals in the Senate, we now
have the USA-Patriot Act, approved with no debate in the House, and only
Senator Russ Feingold opposing it in the Senate.
Very little in the bill has to do with terror, and much of it has to do
with a government wish list of powers that they have been demanding for
years but could not get before. It allows secret searches of people's
homes, not limiting them to terrorism cases, but permitting them when
investigating any type of crime. It permits national orders for wiretaps,
which mostly will be used for drug cases, and easier access to email and
other stored communications using a search warrant, rather than a wiretap
The Act includes expanded use of Carnivore to intercept Web traffic
without a real court order, and, best of all, creates the crime of
"cyber-terrorism" for interfering with various government machines, so the
next time the FBI or DOJ is embarrassed by some 12-year-old defacing their
Web site, they will be able to lock the kid up for twenty years.
As if to make it clearer that the government is going to be less
accountable with all these new powers, Attorney General Ashcroft sent a
memo to employees at federal agencies who handle Freedom of Information
Act (FOIA) requests telling them that they should be more restrictive with
release of all information, and that the Justice Department would defend
their secrecy in court, if need be. President Bush has also reportedly
signed off on a plan to limit FOIA in the name of protecting critical
infrastructure, so now the public will never know how insecure networks
One Nation, One Database to Abuse
Another bad idea that has come back into currency is the national I.D.
card. This idea is like herpes -- it shows up every so often, causes a
lot of pain, is treated, and goes away to come back another day. What is
different this time is it's the tech companies, so desperate for sales,
that are out in front pushing it, instead of the politicians who still
remember the pain from last time.
Tech lord Larry Ellison at Oracle wants to sell a national I.D. card and
link all the government and private databases together. He has offered
the software to the government for free, but doesn't mention the fat
consulting fees and software upgrades, and all the people who will have to
buy his software to be compatible.
Not wanting to be overshadowed in calls for privacy invasions, Scott "you
have no privacy (because we sell the hardware to invade it) so get over
it" McNealy proposes national I.D. cards based on Java. With Sun's stock
tanking at $10 a share, McNealy must be getting desperate to raise the
value of his options a bit more.
The privacy implications of creating a giant tracking system of all people
in the U.S. does not seem to bother these modern Masters of the Universe.
After all corporate profits and ego are more important than the little
And of course no one bothers to mention the security aspects of creating a
giant national database linking all of a person's activities and movements
together, accessible to all cops in the name of fighting terrorism.
This would likely be grafted to the current backbone of law enforcement
databases, the National Crime Information Center (NCIC), which is
notoriously insecure. Cops, private detectives and others regularly abuse
it. The U.S. General Accounting Office (GAO) looked at the security of the
system in 1993, and found that there were 50,000 authorized users, and
little or no access controls and audit trails. The GAO found many
incidents of abuse, including one in which an ex-cop in Arizona used it to
track down his former girlfriend and kill her.
Things have not gotten any better in the intervening time. In January
2001, prosecutors charged Los Angeles DEA
agent Emilio Calatayud with peddling information from NCIC and two other
law enforcement databases to a private investigator for six years,
charging between $60 and $80 per search. (Calatayud has plead not guilty
and is set for trial in December).
And in July 2001, the Detroit Free Press ran a two-part series on police
abuses of the Michigan Law Enforcement Information Network, which is part
of the NCIC. The paper found "Over the past five years, more than 90
Michigan police officers, dispatchers, federal agents and security guards
have abused the Law Enforcement Information Network. In many cases,
abusers turned a valuable crime-fighting tool into a personal search
engine for home addresses, for driving records and for criminal files of
love interests, colleagues, bosses or rivals."
Imagine what they will use it for when every aspect of your life is
accessible from the mobile data terminal (that's the one encrypted with
the sophisticated ASCII encryption scheme) in every police car.
Pushing Facial Identification Technology
But the award for the slimiest opportunists must go to the facial
recognition software companies. Following September 11, Visionics
Corporation put out a press release for a "Framework For Protecting
Civilization" and called for the U.S. to link cameras from public and
private organizations to the FBI through the Internet. Tom Colatosti, the
CEO of Visionics competitor Viisage, chimed in with this gem, told to
Reuters: "I am frustrated and, in fact, feel guilty that we allowed all of
this dialogue around this red herring called privacy to get in the way of
Both companies forget to mention that the technology is so inaccurate for
identification that it would be worthless for counter-terrorism. The U.S.
Department of Defense found
that in real world testing facial recognition had an inaccuracy rate of
over 30 percent. Former Monty Python actor John Cleese was able to fool
one system currently in use in the U.K. by donning a fake beard and
These questions about utility are not keeping the technology from being
implemented in at least ten U.S. airports including DC National, Oakland
and Boston Logan.
Do we really feel safer knowing that the police will think that one-third
of all people are terrorists because the technology is telling them so?
If this is saving civilization, I think I'd prefer a cave somewhere,
thanks, because the cops are going to be too busy chasing phantoms to
This is not just a U.S. phenomenon. Governments around the world are using
the tragedy as an excuse to adopt new restrictive laws. The Canadian
Parliament is pushing through a bill that would increase wiretapping,
allow the CSE (NSA's baby Canadian brother) to monitor domestic calls,
adopt the controversial COE Cybercrime treaty without a debate, and limit
the ability of people to access government records. In the U.K., the
government is proposing changes to regulations to require ISPs to retain
data on net traffic for one year.
We're left with lots of new schemes and technologies that are likely to be
time and resource wasting and counterproductive and lead to less security.
So much for the end of business as usual. At least there are plenty of
candidates for the Big
Brother Awards next year. We may have to come up with new categories
to make sure no one is left out. David Banisar is a research fellow at the Harvard Information
Infrastructure Project at the Kennedy School of Government at Harvard University and Deputy-Director of Privacy International.