Back

PP Home

Update Sign-up
IEEE-USA

Eye on Washington

Contact Us

 


March - April 2002

 

U.S. Security and Public Privacy: 
Where Do the Lines Get Drawn?

by Terry Costlow

In the hunt for Al Qaeda terrorists around the world, America's ability to monitor conversations and track people down is widely admired. But when that same technology is used to eavesdrop on people inside U.S. borders, many people's views quickly change.

That's the dilemma for law enforcement agents and judges, who must determine when U.S. security requires listening in on conversations, and when such monitoring erodes people's privacy.

Engineers' Role In the Privacy Arena

The engineers who design the technology for electronic eavesdropping are among those striving to ensure that privacy rights are protected in the new climate. Congress recently made quick changes in the legal climate, and the technical field is likely to continue on a rapid evolution. Some observers feel that average citizens will ultimately determine where to draw the lines between security and privacy.

"It's not necessarily a legal issue, and it's not necessarily a technical issue, it's an issue of trust," said William Wulf, president of the National Academy of Engineering. "For example, the FBI has asked for greater access to voice and data. The real question is whether all of us trust them to use that in the right way."

While the public will ultimately determine where the lines are drawn, the courts and engineers will likely be more directly involved in determining how law enforcement monitors conversations as officers attempt to ensure security for U.S. citizens. As EEs develop new technologies, they are playing a more important role in helping lawmakers determine how to limit technology's application.

"Legislators and judges are more likely to listen to engineers now than they were before," said Brian O'Connell, a computer science professor who teaches ethics at Central Connecticut State University in New Britain, and is vice president of IEEE's Society on Social Implications of Technology. "Technology is now a fundamental component of legal decisions."

Just How Much Access Is Enough?

One of the most pressing current issues is figuring out how much access government agents have when they're monitoring e-mail and other web-related communications. The Patriot Act, passed on 24 October 2001 in response to the September 11th terrorist attacks, gave investigators the right to intercept senders' and receivers' e-mail addresses, just as with telephone surveillance. However, as was the case during discussions about the FBI's Carnivore monitoring software, the lines between addresses and data are not as distinct with e-mail as they are with telephone communications.

"The courts assume that when you dial the phone, you know that information (on the phone number) is going to the phone company and possibly others, so it's public information. But your conversation is private," O'Connell said. "In the computer world, it's hard to tell the difference. There's a level of concern about data collected by the government. They want to collect the entire data package, which often has both the header and the private message."

When law enforcement agents are authorized to get the data as well as the addressing information, they will have to hope that their target does not expect to be monitored. Those who feel they're likely to be monitored — often the most dangerous lawbreakers — are quite likely to make every effort to protect their communications.

"Whatever snooping device you use, it is only an interim approach," said Alan K. McAdams, chair of IEEE-USA's Committee on Communications and Information Policy. "If you are successful with your snooping, it puts enormous pressure on the person being snooped to encrypt everything. If you snoop and get encrypted data, it takes a lot of resources — first to decide what is worth decrypting and then to decrypt it."

The Patriot Act: Have the Waters Been Muddied?

Another concern is that the hasty passage of The Patriot Act made an already murky situation even less clear. Some say it is now more difficult for technical personnel to know what they should hand to the government and what they should keep to protect their customers' privacy. Civil libertarians are concerned that officers might have been given too much leeway.

"The Patriot Act leaves standards up in the air for engineers and people who run ISPs," said Ari Schwartz, associate director for the Center for Democracy and Technology in Washington, D.C. "It's difficult for people to know what to do if the government comes and wants information; they're not sure what to turn over and what to keep. The law is written very vaguely. The problem is how to stop the rogue actor."

There's also some concern that when the government tells ISPs and others exactly what to keep, they will stifle creativity while providing known guidelines that criminals might find simpler to exploit. "We're for standards, for setting rules about what is content so that people have an idea what to get and what to keep," Schwartz said. "But we're against design mandates, telling innovative engineers how they have to build systems. If terrorists know the systems only store information for 90 days, why not wait 91 days before they act? Specific mandates can make it easier for them to work around."

 

Terry Costlow has written about the electronics industry for more than 20 years, covering a wide range of technologies and topics.

 

 All rights reserved.  Copyright © 2002 IEEE.