Commentary

“Crisis” and Response: Is a Larger Federal Role in Combating Computer Crime Warranted?

By Ivan Eland
This was written for Bridge News and published on Feb.11, 2000
The recent binge of attacks by computer hackers on America’s favorite Web sites has prompted former and current FBI officials to complain that the bureau has been hamstrung in its efforts to battle computer crime. According to the Washington Post, former FBI agent John Guido lamented that the bureau cannot match cyber crooks. “Law enforcement is way behind the curve… . The technology is just ahead of us.”

Other news reports have confirmed that the FBI is losing the battle against hackers. Only 1.5 percent of FBI agents are trained in solving computer crimes. The roaring economy and higher salaries in the commercial world hamper the bureau’s efforts to hire and retain qualified computer specialists.

Of course, such arguments help the FBI to further the goals of any bureaucracy — grabbing more personnel and resources. Also, the FBI bureaucracy uses such highly visible crimes to push for an increase in the powers of law enforcement. Rumblings are about that the bureau may seek longer prison sentences for computer hacking. More important, FBI director Louis Freeh is pressuring Congress to make the country’s telephone and computer networks more compatible with wiretaps. The proposed increase in wiretaps should raise a red flag about the erosion of constitutional civil liberties and the question of whether the federal government should be the first line of defense against computer hackers. Increased wiretaps will not please a computer industry that is already suspicious of federal law enforcement and is reluctant to cooperate with federal authorities for fear of losing business secrets.

Any time a “crisis” occurs, pressure arises for the federal government to expand its activities to do something about the problem. The government needs to show a response to the problem — even if its efforts have a minimal effect or are counterproductive. The Melissa virus, the Y2K bug and now the hacking of prominent Web sites have all intensified pressure for a federal response. Responding to that pressure, President Clinton will meet with the country’s most prominent computer security experts and technology executives to talk about the hacking and his $2 billion budget request to safeguard the nation’s computer networks.

Yet the recent activities by computer hackers hardly qualify as a national crisis. The hackers’ attacks were not a threat to national security and had an economic effect that was small. One estimate noted that about $100 million in commerce was lost by the hackers’ overloading Web sites with junk Internet messages and another $100 million will be spent on increased computer security. (Deputy Attorney General Eric Holder estimated the losses in commerce and the measures to respond at only “tens of millions of dollars or more.”) The biggest loss — $1 billion — came in the form of lower stock prices for the Internet companies attacked. But those stock prices are already rebounding. In the worst case, the $1.2 billion in total damage may seem like a lot; but in an almost $9 trillion U.S. economy, the amount is chump change.

Federal law enforcement should not use the problem of computer hacking — which the computer industry has ample incentives to counter — as an excuse to expand its activities. The possibility of losing commerce, and, therefore, profits, will spur the industry to take measures — in the short and long term — to defend against such attacks. In the short term, industry can use filters (to screen out junk messages) and increased bandwidth (capacity) to counter any hacker’s attempt to create cyber gridlock. In the long-term, more industry resources will be devoted to developing defenses of greater sophistication. The computer industry cannot afford for the nation’s businesses and consumers to lose faith in the reliability of electronic commerce.

Such cyber defenses will do much more to deter and discourage hackers than increased wiretaps, which have the potential to undermine the constitutional liberties of the wider society. Tracking hackers is best done cooperating Internet service providers, not law enforcement. The FBI is losing the battle against hackers for one fundamental reason: the government cannot keep up with the constantly changing conditions in the market — particularly in the fast-paced computer industry. Law enforcement has some role to play, but in the accelerating arms race on the cyber battlefield, only the private sector is equipped to parry the rapidly changing offensive techniques of the hackers.

Ivan Eland is director of defense policy studies at the Cato Institute.