Filtering Out Terrorists?

[InfoSec News <isn () c4i org>]

Forwarded from: bob <bob () globaldevelopment org>

http://abcnews.go.com/sections/scitech/DailyNews/cybercafe020415.html

by Paul Eng
ABC News
April 15, 2002

Teenagers, traveling professionals and tourists vie for one of the
store's 800 computer terminals. Nearly every spot is taken during the
evening peak hours, when $1 buys about 30 minutes of high-speed
Internet access.

Such Internet cafes - stores that provide food and drink along with
Net access - are a convenient boon to many. But besides serving
tourists or others without home computers, some "cybercafes" -
especially those overseas could be attractive to terrorists.

Already, some criminals have found how easy it is to use Net cafes.

During the war in Afghanistan, U.S. intelligence officials confirmed
that al Qaeda members used Internet cafes in Pakistan to e-mail each
other in attempts to regroup after American air attacks.

And in February, those responsible for kidnapping and killing
journalist Daniel Pearl e-mailed ransom notes and threats from similar
computer-equipped cafes in Pakistan.

Hiding in Plain Sight?

Why use Net cafes? Simple. Unlike accessing the Net from a personal
computer, public access terminals offer terrorists multiple layers of
protection against discovery.

"The main thing a cybercafe provides is the Internet equivalent of a
public pay phone," says Lee Tien, senior staff attorney for the
Electronic Frontier Foundation. In other words, cybercafes provide
unmonitored and often anonymous access to the Internet.

Much like public pay phones, Internet cafe terminals are available for
use by anyone - all without registering a name or other information
with any service provider. And with hundreds, perhaps thousands of
other patrons visiting a particular cafe on any particular day,
criminal users can easily "blend in" with the crowd.

What's more, practically anyone can set up a store with computers and
offer Internet access from their so-called cybercafe - and often with
their own "rules." For example, some Internet cafes may require photo
identification before patrons log on, but others won't have such
requirements. 

Regulating the Net Cafes

But unlike public telephones, Internet terminals at cafes aren't
necessarily completely anonymous. The very nature of Internet
technology means suspicious users and activities can be monitored and
tracked. So-called key-logging software, for example, keeps track of
what is typed into a public terminal. Another piece of software
monitors where each visitor goes on the World Wide Web or even blocks
them from accessing certain sites. Less technical, but possibly easier
to implement, means of tracking Internet cafe users would be to
install closed-circuit TV cameras and record who ever comes in to a
use a terminal.

Some countries - most notably China and India - have or are trying to
mandate such requirements in local cybercafes. But the global
community of Internet cafes itself remains largely a cottage industry
that is neither tracked or regulated. And it's unlikely to change
anytime soon - especially in Western countries.

"The governments that we have seen regulate easy and anonymous
Internet access are the governments like the Chinese who have a
tradition of controlling communication facilities," says David Sobel,
general counsel for the Electronic Privacy Information Center. But it
would be completely unheard of in countries where personal freedom and
privacy are cherished.

"If we were to see our [United States] or European governments take
steps against the anonymity of cybercafés, that would be a serious
departure from the principles that those societies have generally
upheld," Sobel said.

Impossible and Impractical to Track

Besides potentially violating privacy rights, it would be extremely
difficult to regulate a global Internet industry, Internet cafe owners
and privacy proponents note.

Joie Kelly, president of CSNetwork Multimedia Cybercafe Industry, an
organization that has been trying to establish itself as an
international association of cybercafes, says there are tens of
thousands of Internet cafes around the world. "Its impossible to
manage and track all of them," she says.

What's more, Kelly and others argue that requiring cybercafes to
implement even the simplest of security and monitoring setups would be
of dubious value.

"You could try to require photo IDs when you go online at these
places," says EFF's Tien. "But minors regularly purchase alcohol with
false IDs, too. You can waste a lot of energy trying to prevent the
unpreventable."

And indeed, the experience of some cybercafe owners show that such
efforts make little sense at all. James Rothnie, a corporate spokesman
for London-based EasyInternetCafe, says the high traffic through many
of its 24-hour cafes such as the one in New York's Times Square would
make it nearly impossible to check everyone's ID.

"To get everyone that uses [our] Internet cafes and require them to
show their passports would be as efficient as [identifying everyone]
at a bus station," says Rothnie. And with nearly 2 million people
visiting their busiest cafes per month, "it would be impractical." he
says. Owners Take Charge — For Now

But Rothnie says the company doesn't completely ignore the potential
threats against cybersecurity. "We've lived with terrorism for the
past 20 years," he says. He says each cafe's manager is responsible
for complying with any local laws that may require anti-terrorist
monitoring schemes. 

In the London cafes, for instance, that means using close-circuit
cameras and monitors. And since the first London cafe opened in 1999,
Rothnie says the monitoring systems has been used to spot pickpockets
more often than help police catch terrorists.

Allowing individual Net cafe owners to decide how to best implement
tracking technologies - if at all - is probably the best solution,
says CSNetworks' Kelly. She says she encourages Net cafe operators to
work with local governments and law agencies to develop the correct
and necessary safeguards.

"There is no 'one size fits all' solution for this," she says.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.