Surveillance by Design

[InfoSec News <isn () c4i org>]

http://www.sciam.com/2001/0901issue/0901scicit5.html

LONDON -- A legislative move in Europe that would also affect the U.S.
is threatening the sometimes controversial ability of Internet users
to mask their real-world identities. The move, which is heavily backed
by the U.S. Department of Justice, is the cybercrime treaty, designed
to make life easy for law enforcement by requiring Internet service
providers (ISPs) to maintain logs of users' activities for up to seven
years and to keep their networks tappable. The Council of Europe, a
treaty-building body, announced its support of the cybercrime effort
in June.

Anonymity is a two-edged sword. It does enable criminals to hide their
activities. But it is also critical for legitimate citizens:
whistle-blowers, political activists, those pursuing alternative
lifestyles, and entrepreneurs who want to acquire technical
information without tipping off their competitors.

Even without the proposed legislation, anonymity is increasingly
fragile on the Net. Corporations have sued for libel to force services
to disclose the identities of those who posted disparaging comments
about them online. Individual suits of this type are rarer, but last
December, Samuel D. Graham, a former professor of urology at Emory
University, won a libel judgment against a Yahoo user whose identity
was released under subpoena.

Services designed to give users anonymity sprung up as early as 1993,
when Julf Helsingius founded Finland's anon.penet.fi, which stripped
e-mail and Usenet postings of identifying information and substituted
a pseudonymous ID. Users had to trust Helsingius. Many of today's
services and software, such as the Dublin-based Hushmail and the
Canadian company Zero Knowledge's Freedom software, keep no logs
whatsoever.

But if the cybercrime treaty is ratified, will they still be able to?
Would they have to move beyond the reach of the law to, say, Anguilla?
More than that, will the First Amendment continue to protect us if
anonymity is effectively illegal everywhere else? Says Mike Godwin,
perhaps the leading legal specialist in civil liberties in cyberspace:
"I think it becomes a lot harder for the U.S. to maintain protection
if the cybercrime treaty passes." Godwin calls the attempt to pass the
cybercrime treaty "policy laundering"--a way of using international
agreements to bring in legislation that would almost certainly be
struck down by U.S. courts. (On its Web site, the U.S. Department of
Justice explains that no supporting domestic legislation would be
required.)

In real-world terms, the equivalent of the treaty would be requiring
valid return addresses on all postal mail, installing cameras in all
phone booths and making all cash traceable. People would resist such a
regime, but surveillance by design in the electronic world seems less
unacceptable, perhaps because for some people e-mail still seems
optional and the Internet is a mysterious, dark force that is
inherently untrustworthy.

Because ISPs must keep those logs and that data, your associations
would become an open book. "The modern generation of traffic-analysis
software not only can link to conventional police databases but can
give a comprehensive picture of a person's lifestyle and
communications profile," says Simon Davies, director of Privacy
International. "It can automatically generate profiles of thousands of
users in seconds and accurately calculate friendship trees."

In the not too distant future, nearly everything that is on hard copy
today will travel via e-mail and the Web, from our medical records to
the music we listen to and the books we read. Whatever privacy regime
we create now will almost certainly wind up controlling the bulk of
our communications. Think carefully before you nod to the mantra
commonly heard in Europe at the moment: "If you have nothing to hide,
you have nothing to fear." Do you really want your medical records
sent on the electronic equivalent of postcards?
 

- By Wendy M. Grossman

Wendy M. Grossman, who writes about cyberspace issues from London, is
also on the board of Privacy International.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.