[ISN] Filtering Out Terrorists?

From: InfoSec News (isnat_private)
Date: Tue Apr 16 2002 - 00:24:54 PDT

  • Next message: InfoSec News: "[ISN] Letter to the editor - Token effort on IT security"

    Forwarded from: bob <bobat_private>
    by Paul Eng
    ABC News
    April 15, 2002
    Teenagers, traveling professionals and tourists vie for one of the
    store's 800 computer terminals. Nearly every spot is taken during the
    evening peak hours, when $1 buys about 30 minutes of high-speed
    Internet access.
    Such Internet cafes - stores that provide food and drink along with
    Net access - are a convenient boon to many. But besides serving
    tourists or others without home computers, some "cybercafes" -
    especially those overseas could be attractive to terrorists.
    Already, some criminals have found how easy it is to use Net cafes.
    During the war in Afghanistan, U.S. intelligence officials confirmed
    that al Qaeda members used Internet cafes in Pakistan to e-mail each
    other in attempts to regroup after American air attacks.
    And in February, those responsible for kidnapping and killing
    journalist Daniel Pearl e-mailed ransom notes and threats from similar
    computer-equipped cafes in Pakistan.
    Hiding in Plain Sight?
    Why use Net cafes? Simple. Unlike accessing the Net from a personal
    computer, public access terminals offer terrorists multiple layers of
    protection against discovery.
    "The main thing a cybercafe provides is the Internet equivalent of a
    public pay phone," says Lee Tien, senior staff attorney for the
    Electronic Frontier Foundation. In other words, cybercafes provide
    unmonitored and often anonymous access to the Internet.
    Much like public pay phones, Internet cafe terminals are available for
    use by anyone - all without registering a name or other information
    with any service provider. And with hundreds, perhaps thousands of
    other patrons visiting a particular cafe on any particular day,
    criminal users can easily "blend in" with the crowd.
    What's more, practically anyone can set up a store with computers and
    offer Internet access from their so-called cybercafe - and often with
    their own "rules." For example, some Internet cafes may require photo
    identification before patrons log on, but others won't have such
    Regulating the Net Cafes
    But unlike public telephones, Internet terminals at cafes aren't
    necessarily completely anonymous. The very nature of Internet
    technology means suspicious users and activities can be monitored and
    tracked. So-called key-logging software, for example, keeps track of
    what is typed into a public terminal. Another piece of software
    monitors where each visitor goes on the World Wide Web or even blocks
    them from accessing certain sites. Less technical, but possibly easier
    to implement, means of tracking Internet cafe users would be to
    install closed-circuit TV cameras and record who ever comes in to a
    use a terminal.
    Some countries - most notably China and India - have or are trying to
    mandate such requirements in local cybercafes. But the global
    community of Internet cafes itself remains largely a cottage industry
    that is neither tracked or regulated. And it's unlikely to change
    anytime soon - especially in Western countries.
    "The governments that we have seen regulate easy and anonymous
    Internet access are the governments like the Chinese who have a
    tradition of controlling communication facilities," says David Sobel,
    general counsel for the Electronic Privacy Information Center. But it
    would be completely unheard of in countries where personal freedom and
    privacy are cherished.
    "If we were to see our [United States] or European governments take
    steps against the anonymity of cybercafés, that would be a serious
    departure from the principles that those societies have generally
    upheld," Sobel said.
    Impossible and Impractical to Track
    Besides potentially violating privacy rights, it would be extremely
    difficult to regulate a global Internet industry, Internet cafe owners
    and privacy proponents note.
    Joie Kelly, president of CSNetwork Multimedia Cybercafe Industry, an
    organization that has been trying to establish itself as an
    international association of cybercafes, says there are tens of
    thousands of Internet cafes around the world. "Its impossible to
    manage and track all of them," she says.
    What's more, Kelly and others argue that requiring cybercafes to
    implement even the simplest of security and monitoring setups would be
    of dubious value.
    "You could try to require photo IDs when you go online at these
    places," says EFF's Tien. "But minors regularly purchase alcohol with
    false IDs, too. You can waste a lot of energy trying to prevent the
    And indeed, the experience of some cybercafe owners show that such
    efforts make little sense at all. James Rothnie, a corporate spokesman
    for London-based EasyInternetCafe, says the high traffic through many
    of its 24-hour cafes such as the one in New York's Times Square would
    make it nearly impossible to check everyone's ID.
    "To get everyone that uses [our] Internet cafes and require them to
    show their passports would be as efficient as [identifying everyone]
    at a bus station," says Rothnie. And with nearly 2 million people
    visiting their busiest cafes per month, "it would be impractical." he
    says. Owners Take Charge — For Now
    But Rothnie says the company doesn't completely ignore the potential
    threats against cybersecurity. "We've lived with terrorism for the
    past 20 years," he says. He says each cafe's manager is responsible
    for complying with any local laws that may require anti-terrorist
    monitoring schemes. 
    In the London cafes, for instance, that means using close-circuit
    cameras and monitors. And since the first London cafe opened in 1999,
    Rothnie says the monitoring systems has been used to spot pickpockets
    more often than help police catch terrorists.
    Allowing individual Net cafe owners to decide how to best implement
    tracking technologies - if at all - is probably the best solution,
    says CSNetworks' Kelly. She says she encourages Net cafe operators to
    work with local governments and law agencies to develop the correct
    and necessary safeguards.
    "There is no 'one size fits all' solution for this," she says.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 03:43:38 PDT