On The Horizon: When Do Plain Old Cybercrooks Become Terrorists?
The Patriot Act cracks down on illegal Web use, but privacy advocates say it goes too far
They have names such as Zyklon, Mindphasr, Shadow Knight, MostHate D, and Mafiaboy. Unlike their predecessors, who had names such as Baby Face and Pretty Boy and used guns and brute force, this new brand of criminal uses a computer to deface Web sites, steal identities and information, and, in even more serious situations, commit fraud and threaten national security. They're cybercriminals, but are they terrorists?
Prior to Sept. 11, cybercriminals were essentially viewed as nonviolent, often domestic computer hackers mostly responsible for economic loss. However, terrorists' exploitation of the Internet to communicate and coordinate internationally has blurred the line between terrorism and cybercrime. If you hack into a network critical to the United States, where does cybercrime end and terrorism begin?
This question is just one of many raised by the USA Patriot Act, signed into law by President Bush in October. The act is designed to "deter and punish terrorist acts in the United States and around the world" and to "enhance law enforcement investigatory tools...." Mounting cybercrime numbers and the fear of another domestic terrorist attack gave Congress the leverage to pass the act by a vote of 356-66 in the House of Representatives and 98-1 in the Senate.
Civil libertarians and privacy advocates have widely criticized the act. "We have given sweeping new powers to both domestic law enforcement and international intelligence agencies and have eliminated the checks and balances that previously gave courts the opportunity to ensure that these powers were not abused," the Electronic Freedom Foundation says. Many provisions "are aimed at nonviolent computer crime" rather than terrorism, the foundation adds. Laura Murphy of the American Civil Liberties Union says, "This law is based on the faulty assumption that safety must come at the expense of civil liberties."
The act is 342 pages long. In effect, it addresses law-enforcement and foreign-intelligence gathering. Domestically, it gives the government much broader surveillance and information-gathering authority and options such as phone-to-phone and computer-to-computer roving wiretaps. It expands other domestic information-gathering options that require a standard of less than probable cause. It will therefore be easier for the government to gain access to voice mail, E-mail, and Web-surfing records.
In a corollary situation, the act expands the authority of U.S. foreign-intelligence agencies under the Foreign Intelligence Surveillance Act. As a result, noncriminal investigations of Americans in the United States may increase in an effort to gather so-called foreign-intelligence information.
In the name of domestic security, the Internet is being further drawn into the legal mainstream. Jerry Berman, executive director of the Center for Democracy and Technology, says of the Patriot Act, "The attorney general is making a full-court press on the Internet...." The question in this wartime environment is, how do we strike a balance? One thing critics of the act are clearly ignoring is that the Fourth Amendment search-and-seizure protection still exists. Whatever expanded enforcement authority and related tools the act provides still must be consistent with United States Supreme Court decisions and a long line of case law that exists in this area of criminal law. Given the ongoing debate, we also can expect a number of lawsuits that will help resolve some of the issues swirling around the act.
The Justice Department often finds the sledding very difficult when it seeks more legal authority or more enforcement tools. Our history reminds us that we don't want too much power vested in the government. Yet the events of Sept. 11 had many of us turning to the government for answers. That's perfectly understandable. The Patriot Act was passed in the wake of that emotional turmoil. In this case, national security may have trumped civil liberties to some extent. But we still have adequate protections. We also have to remember that a new kind of war is being waged. In that context, we may have to give up more privacy than we want to. In the end, as always, the American people ultimately will decide how much privacy is needed and whether the trade-off is worth it.
David Post is a Temple University law professor and senior fellow at the National Center for Technology and Law at the George Mason University School of Law. Reach him at firstname.lastname@example.org. Bradford C. Brown is chairman of the National Center for Technology and Law at the George Mason University School of Law. Reach him at email@example.com.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.