[ISN] Surveillance by Design

From: InfoSec News (isnat_private)
Date: Fri Aug 17 2001 - 01:35:21 PDT

  • Next message: InfoSec News: "[ISN] Stuph for sale"

    http://www.sciam.com/2001/0901issue/0901scicit5.html
    
    LONDON -- A legislative move in Europe that would also affect the U.S.
    is threatening the sometimes controversial ability of Internet users
    to mask their real-world identities. The move, which is heavily backed
    by the U.S. Department of Justice, is the cybercrime treaty, designed
    to make life easy for law enforcement by requiring Internet service
    providers (ISPs) to maintain logs of users' activities for up to seven
    years and to keep their networks tappable. The Council of Europe, a
    treaty-building body, announced its support of the cybercrime effort
    in June.
    
    Anonymity is a two-edged sword. It does enable criminals to hide their
    activities. But it is also critical for legitimate citizens:
    whistle-blowers, political activists, those pursuing alternative
    lifestyles, and entrepreneurs who want to acquire technical
    information without tipping off their competitors.
    
    Even without the proposed legislation, anonymity is increasingly
    fragile on the Net. Corporations have sued for libel to force services
    to disclose the identities of those who posted disparaging comments
    about them online. Individual suits of this type are rarer, but last
    December, Samuel D. Graham, a former professor of urology at Emory
    University, won a libel judgment against a Yahoo user whose identity
    was released under subpoena.
    
    Services designed to give users anonymity sprung up as early as 1993,
    when Julf Helsingius founded Finland's anon.penet.fi, which stripped
    e-mail and Usenet postings of identifying information and substituted
    a pseudonymous ID. Users had to trust Helsingius. Many of today's
    services and software, such as the Dublin-based Hushmail and the
    Canadian company Zero Knowledge's Freedom software, keep no logs
    whatsoever.
    
    But if the cybercrime treaty is ratified, will they still be able to?
    Would they have to move beyond the reach of the law to, say, Anguilla?
    More than that, will the First Amendment continue to protect us if
    anonymity is effectively illegal everywhere else? Says Mike Godwin,
    perhaps the leading legal specialist in civil liberties in cyberspace:
    "I think it becomes a lot harder for the U.S. to maintain protection
    if the cybercrime treaty passes." Godwin calls the attempt to pass the
    cybercrime treaty "policy laundering"--a way of using international
    agreements to bring in legislation that would almost certainly be
    struck down by U.S. courts. (On its Web site, the U.S. Department of
    Justice explains that no supporting domestic legislation would be
    required.)
    
    In real-world terms, the equivalent of the treaty would be requiring
    valid return addresses on all postal mail, installing cameras in all
    phone booths and making all cash traceable. People would resist such a
    regime, but surveillance by design in the electronic world seems less
    unacceptable, perhaps because for some people e-mail still seems
    optional and the Internet is a mysterious, dark force that is
    inherently untrustworthy.
    
    Because ISPs must keep those logs and that data, your associations
    would become an open book. "The modern generation of traffic-analysis
    software not only can link to conventional police databases but can
    give a comprehensive picture of a person's lifestyle and
    communications profile," says Simon Davies, director of Privacy
    International. "It can automatically generate profiles of thousands of
    users in seconds and accurately calculate friendship trees."
    
    In the not too distant future, nearly everything that is on hard copy
    today will travel via e-mail and the Web, from our medical records to
    the music we listen to and the books we read. Whatever privacy regime
    we create now will almost certainly wind up controlling the bulk of
    our communications. Think carefully before you nod to the mantra
    commonly heard in Europe at the moment: "If you have nothing to hide,
    you have nothing to fear." Do you really want your medical records
    sent on the electronic equivalent of postcards?
     
    
    - By Wendy M. Grossman
    
    Wendy M. Grossman, who writes about cyberspace issues from London, is
    also on the board of Privacy International.
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 03:34:46 PDT