TechKnowledge No. 20

Cyber-Surveillance in the Wake of 9/11

By Adam D. Thierer and Clyde Wayne Crews Jr.
September 18, 2001

Among the many nagging questions that we will be asking ourselves in the wake of the September 11 terrorist attack is what additional steps could have been taken on the cyber-security front to prevent this tragedy from occurring. Could government’s increased use of cyber-surveillance technologies have helped?

“Cyber-snooping” has been the subject of heated debate in recent years between the law enforcement community and many privacy advocates who seek to secure their right of free speech and to guard against “unreasonable searches” that new technologies can make easier. The fears of both sides are well-founded.

Technologies exist that allow law enforcement and national security officials to eavesdrop on voice and electronic communications, as well as match peoples’ faces with those in a database as they pass by cameras. Since the potential for the “eye in the sky” exists, the challenge is to assure that citizens enjoy the same protection from unwarranted surveillance in the digital age that they’ve been accustomed to since the Bill of Rights was passed.

It’s important to note with respect to the coordinated terrorist attack that this was not an Internet crime per se. It could have taken place without coordination across the Internet. Information coordination is just one aspect of a complex cascade of “what ifs” that encompass flimsy doors, cosmetic security checks, flight-school background checks, the fact that terrorists lived and worked among us for years, foreign policy itself, and endless other second-guessing.

The law enforcement community wants to ensure it has all the tools at its disposal to do its job: to protect the individual rights of American citizens in a world that is often hostile to that objective.

But here’s the dilemma. Part of that arsenal, they argue, must be not just traditional telephone wire-tapping systems, but new digital wire-tapping and e-mail tracing systems, and even wireless eavesdropping technologies and “key stroke logging.” Such a tool allows law enforcement to install a hidden device in a suspect’s computer keyboard to record and monitor the words and sentences he types. Other technologies likely exist that the public isn’t aware of. The law enforcement community argues they need to be able to liberally use these technologies domestically and abroad to make credible threat assessments before the bad guys can strike.

On the other hand, privacy advocates and many civil libertarians argue that these cyber-surveillance efforts can go too far and threaten the liberties of innocent parties. Why should law enforcement be given open-ended authority to engage in cyber-snooping, especially of its own citizenry? Are we forgetting about the Fourth Amendment’s stipulation that, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable search and seizures, shall not be violated…”?

The truth is somewhere in-between and turns on the phrase “open-ended.” The authority of law enforcement to use surveillance technologies must not be open-ended. Balancing privacy and security has always been tricky and rife with controversy. How much liberty are we willing to give up to guarantee the safety of our cities and homes? No one would feel comfortable knowing the FBI and CIA had carte blanche authority to listen in to telephone conversations or e-mail communications in an attempt to unearth parties discussing or planning hostile activities.

In addition to the insult to privacy and the ability to comfortably speak one’s mind, driftnet-style surveillance could lead to innumerable misunderstandings and errors. An endless amount of voice or electronic chatter involves casual talk that might be construed to be dangerous. Teenagers often use euphemisms or slang like, “It’s the bomb” to describe a favorite song or artist. And during fits of anger, many adults are prone to utter-or type in an email-“I’m going to kill him,” though they don’t mean it.

Part of the answer is to ensure that government can’t comb our communications in a blanket manner anytime it gets the urge. The delicate balancing act between the equally important values of liberty and security will require a renewed focus on what constitutes an “unreasonable search and seizure” in the world of seamless communications. As Cato’s constitutional scholar Roger Pilon has stated, technology does not render a search a non-search. Governments must acquire clearances equivalent to those that they must secure in the non-digital world.

In that sense, nothing has changed (or should change) in cyberspace. “Probable cause” in terms of issuing warrants still has meaning. We must debate how broadly or narrowly search warrants should be tailored when they are issued. We’ll likely often deal in legal shades of gray rather than black and white. But given information that has emerged, it is clear that government would have had no trouble securing the necessary clearance to execute surveillance against those implicated in the WTC/Pentagon outrage. Indeed, no one is outraged that government was doing that.

Technology always has potentially bad uses that go along with the good. Trying to put the technological genie back in the bottle is not a constructive way to start this debate. Calls for global prohibitions on encryption products, for example, are a non-starter, in the sense that trying to prohibit bad actors from getting their hands on computer hardware or software is futile in today’s global, integrated marketplace. The law enforcement community should instead ensure its own access to those same technologies and know how to use them better. Moreover, technology is not a silver bullet solution to our security concerns. There is no substitute for more traditional human resource information gathering efforts. Technology can assist this effort, but it cannot replace it.

The new debate over cyber-surveillance seems to stem from the fact that technology, while it frees us from physical constraints, does the same for those who wish to do harm. But the answer is not to sacrifice the civil liberties of citizens to safeguard citizens from terrorists’ atrocities.

Adam Thierer (athierer [at] cato [dot] org) is the Director of Telecommunications Studies and Clyde Wayne Crews Jr. (wcrews [at] cato [dot] org) the Director of Technology Studies at the Cato Institute in Washington, D.C.