Privacy vs. Protection: A Delicate Balance
Legal issues include the law of unintended consequences.
It is hard to resist the Big Brother analogy to describe law enforcement agencies’ use of new technologies for catching lawbreakers. From thermal scanners that monitor the amount of heat emanating from a suspect’s house to hidden cameras that catch red-light runners to software that leads to the capture of cybercriminals, new capabilities have brought with them new privacy questions.
Law enforcement officials from the federal government to local municipalities are working hard to assure the public that they operate within the law and the U.S. Constitution. But while officials keep an eye on illegal activity, privacy advocates are keeping an eye on them to ensure that technology-enhanced monitoring techniques do not go too far.
According to Richard J. Wilhelm, vice president, Booz•Allen & Hamilton, Bethesda, Maryland, one of the greatest challenges the government faces today is addressing both national security and privacy concerns. “The government has a problem dealing with privacy issues in the information age. It has to balance competing requirements for national security, law enforcement and economic competitiveness,” Wilhelm relates.
Information security is an integral part of this equation. “Technology has created an environment where an unauthorized person can get to data. This has created a large market for security that goes above and beyond where it was in the past. Those of us who have talked about information security throughout the years have spoken in terms of having data protected against a foreign source of intrusion—a one-dimensional approach. That is no longer the case. The rise of privacy issues is a reason for having robust security systems,” he explains.
Current information assurance techniques pose a dilemma. Strong encryption is essential for information protection, and companies that develop effective tools want to be able to sell them freely. However, the national security establishment is concerned that encryption that is likely to be unbreakable will land in the hands of its opponents, Wilhelm notes.
The issue came to a head several years ago as public key infrastructure technologies became more widely used. A question arose about a third party holding a duplicate private key in escrow for security purposes. Industry representatives were concerned about this proposal, especially when it appeared that a government agency would be the additional key holder.
“The privacy community worries about the government or anyone having access to encryption. And when there is a competing interest between protecting privacy and law enforcement needs, privacy advocates think that privacy trumps. The government has to balance these competing requirements, but it is very, very difficult,” he adds.
Citing ongoing initiatives, a spokeswoman says that right now the U.S. Department of Justice cannot comment on law enforcement’s use of technology and privacy issues.
However, the Federal Bureau of Investigation (FBI) became fully aware of just how complicated obtaining a balance between privacy concerns and security needs can be when it announced the creation of a new diagnostic tool for monitoring e-mail. Carnivore, later renamed DCS1000 (SIGNAL, November 2001, page 17), enables the FBI to surgically intercept and collect communications that are the subject of a lawful order while ignoring those that they are not authorized to intercept.
DCS1000’s architecture consists of a one-way tap into an Ethernet data stream, a general-purpose computer to filter and collect data, additional general-purpose computers to control the collection and examine the data, and a telephone link to the collection computer. This final element is typically installed without a keyboard or monitor. A commercial product from Symantec Incorporated, called pcAnywhere, allows the additional computers to control the collection computer via the telephone link. An electronic key protects this link so that only a computer with a matching key can collect the information.
The device works much like commercial sniffers and other network diagnostic tools. When placed at an Internet service provider (ISP) site, the collection computer receives all packets on the Ethernet segment to which it is connected and records packets or packet segments that match DCS1000 filter settings. The one-way tap ensures that the technology cannot transmit data on the network, and the absence of an installed protocol stack ensures that it cannot process any packets other than to filter and optionally record them. Because the data at this stage is only in machine-readable format, FBI personnel cannot read any of the information. After the process is complete, law enforcement officials view only the data allowed by the court order.
Under Title III of the Omnibus Crime Control and Safe Streets Act of 1968, applications for interception require the authorization of a high-level Justice Department official before the local U.S. Attorneys’ offices can apply for such orders. Interception orders must be filed with federal district court judges or before other courts of competent jurisdiction. In addition, interception of communications is limited to investigations of specified federal felony offenses.
Applications for electronic surveillance must demonstrate probable cause and state with specificity the offenses being committed, the telecommunications facility or place from which the subject’s communications are to be intercepted, a description of the types of conversations to be captured, and the identities of the persons allegedly committing the offenses. Court orders are limited to 30 days, and interceptions must terminate sooner if the objectives are met. Judges often require periodic reports to the court advising it of the progress of the effort.
Representatives from the FBI met with U.S. Congress members to explain the need for DCS1000 and to describe its capabilities. Aware that its own assurances about the technology’s proper use may not be enough to address congressional or public concerns, the bureau demonstrated the technology to journalists and Capitol Hill personnel. In addition, the bureau submitted the technology to an independent review by the Illinois Institute of Technology Research Institute (IITRI), McLean, Virginia.
In its final report, IITRI addresses Justice Department questions as well as concerns raised by privacy organizations. The study shows that, when used in accordance with a Title III order, DCS1000 provides only the information permitted by the court order. Operating the technology does not introduce operational or security risks to the ISP network unless the provider must make changes to its network to accommodate DCS1000. Such changes could cause unexpected network behavior.
In addition, the review states that the technology reduces but does not eliminate the possibility of both intentional and unintentional unauthorized acquisition of electronic communication information by FBI personnel, but it introduces little additional risk of acquisition of the data by people other than FBI personnel. Finally, IITRI found that operational procedures and practices appear sound. However, DCS1000 does not provide protections, especially audit functions, commensurate with the level of risks, the report concludes.
Responding to concerns raised by organizations such as the American Civil Liberties Union, the Electronic Privacy Information Center and the Center for Democracy and Technology, IITRI personnel determined that the technology can be more effective in protecting privacy and enabling lawful surveillance than can alternatives such as commercial packet sniffers. The report points out that multiple approvals are required prior to DCS1000’s deployment, and safeguards are in place to minimize indiscriminate use.
“Carnivore [DCS1000] does not have nearly enough power ‘to spy on almost everyone with an e-mail account.’ To work effectively, it must reject the majority of packets it monitors. It also monitors only the packets traversing the wire to which it is connected. Typically, this wire is a network segment handling only a subset of a particular ISP’s traffic,” the report states. However, IITRI allows that DCS1000 can conduct broad sweeps and, if incorrectly configured, could record any traffic it monitors.
As a result of its examination, IITRI researchers also determined that DCS1000 does not read and record all e-mail messages, monitor the Web surfing and downloading habits of all the ISP’s customers, or monitor or read all other electronic activity for the ISP.
Recognizing that technologies such as DCS1000 and its successors continue to raise concerns about privacy, IITRI made several recommendations to the Justice Department. It supports use of DCS1000 over other methods because the system enables precise collection that reflects the limitations set by a court order. Centralized control of DCS1000 should remain at the federal level, and its use should require Justice Department approval, institute researchers advise. In addition, examiners suggest several approaches to auditing and controlling use that would protect both privacy and federal agents.
Privacy advocates are not entirely satisfied with the recommendations made by IITRI. Earlier this year, representatives from various groups met with U.S. Attorney General John Ashcroft and made it clear that they believe the ISP and not law enforcement agencies should control the technology used to separate the communications of targets from the communications of nontargets. In addition, they called for updating privacy protections in electronic surveillance laws, specifically protections related to wireless communications.
Burgeoning capabilities in the wireless realm are a new cause of concern for many privacy advocates. Beth Givens, director of the Privacy Rights Clearinghouse in San Diego, points out that cellular telephones may offer great convenience, but not without threatening privacy. “The vision of many corporations and Internet start-ups is to be able to deliver location-specific advertising to these devices. So, if you’re traveling through the city on I-70, you might receive a message telling you that just off the next exit is a restaurant that serves your favorite cuisine, Thai food. O.J. Simpson found out the hard way that cellular telephones can serve as location detection devices. His travels in the Ford Bronco were tracked throughout Southern California because of the ability to triangulate the signals emitted from his telephones to and from the nearest communications towers. In fact, such tracking is now required by federal law. Cellular telephones must now be able to pinpoint the user’s location to the nearest 100 feet for emergency assistance purposes.
“Unfortunately, the trade-off for these conveniences and personal safety features is personal privacy. Our cell phones are location tracking devices. We Americans cherish our ability to travel freely and anonymously. But these new-generation cell phones promise—threaten is perhaps a better word—to be able to track us everywhere,” Givens contends.
Other technological devices that have become commonplace in today’s society also raise privacy issues, she relates. Biometrics, a technique that identifies individuals by unique biological characteristics, was used during this year’s Super Bowl, for example, to single out known criminals and suspected terrorists from among the thousands of faces scanned by cameras.
“Privacy advocates are just beginning to speak out on the threats to our privacy and civil liberties if such technologies are widely deployed, and especially if such uses are unregulated. I personally believe that of the many biometrics technologies that are being developed, facial recognition biometrics is one of the most alarming because it can be deployed secretly and therefore is invisible to the populace,” Givens relates.
Less-high-technology surveillance equipment, such as video cameras, also concerns Givens. “At the risk of sounding alarmist, I fear that we are at risk of losing sight of our precious civil liberties as this technology becomes part of the furniture. We are not as likely to fight to maintain a strong Bill of Rights the more accustomed we become to video surveillance,” she explains.
Thomas Harrison, publisher of Lawyers Weekly USA in Boston, relates that the crux of the balance between law enforcement’s use of technology and concerns about privacy lies in the interpretation of the notion of “reasonable expectation of privacy.” Harrison, who has been covering legal issues for more than 20 years, explains that two elements contribute to this expectation: An effort must be made to keep something private, and society must agree that it should be private.
Harrison offers the example of a woman walking down the street in a blue dress. “You expect that everyone can see that you are wearing a blue dress, so there is no expectation of privacy. But if you have a purse and it is closed, you have a reasonable expectation of privacy. No one would have the right to know what’s in your purse,” he explains.
“How does that apply to online? That’s kind of like the wild, wild west of the legal system,” he observes. “Do you have a right to expect privacy on what Web site you visit? Have you made an effort to keep it private? If there is a reasonable expectation of privacy, then law enforcement officials would need a warrant.”
This reasonable-expectation-of-privacy litmus test appears to continue to be in limbo when it concerns e-mail. “Is e-mail private in a criminal sense? It’s passed through a lot of places. If I have an expectation that my ISP won’t read it, is that a reasonable expectation?” Harrison asks.
If a hacker breaks into a computer system and discovers an embarrassing fact about someone and then publishes that information in a newspaper, that person may have civil recourse but not necessarily criminal recourse, he relates. “The question is, Does the government have the right [to break in] if a crime has been committed?
“Ultimately, law enforcement has the power to do a lot, but it is under the executive branch so it is very political. Video cameras could be put up all over town, but it’s up to society to decide if that’s acceptable. Government agencies could do any number of things legally as long as they don’t violate the Constitution. But it’s a matter of whether society would allow it,” Harrison points out.