Big Brother Covets the Internet

Several weeks later, on November 22, 1994, NBC News with Tom Brokaw underscored his point with an alarmist segment by Robert Hager: A Pentagon unit is poised to combat unauthorized entries into some of the world's most sensitive computer systems. But despite all the safeguards and a computer security budget in the hundreds of millions of dollars, attempts were made to break into the Pentagon's computers on 254 separate occasions in the last twelve months alone, almost always through the Internet.... NBC News has learned that intrusions into the Defense Department's computers go unreported 98 percent of the time -- 98 percent! -- often because no one is aware information is being pirated. Pentagon officials are worried the nation's security is being compromised.

Only Joe McCarthy knows how Robert Hager came up with a figure of 98 percent for undetected break-ins, and then pretended it was worth repeating. Hager continued with his voice-over and began talking about hackers breaking into one nameless hospital's records and reversing the results of a dozen pap smears. Patients who may have had ovarian cancer, Hager claimed, were told instead that they were okay.

If this were an isolated story, then the Newsgroup subscribers on who reacted to Hager's segment, by speculating that something must be behind it, might be dismissed for weaving yet another paranoid thread. But here I have to agree that even if you're paranoid, they still might be after you. On this story, at least, NBC seems to be the mouthpiece for larger forces.

"Organized Crime Hackers Jeopardize Security of U.S." reads the headline in "Defense News" (October 3-9, 1994). This article reported on a conference sponsored by the Center for Strategic and International Studies, a prestigious Washington think tank with close connections to the intelligence community. Dain Gary from the Computer Emergency Response Team in Pittsburgh, a hacker-buster group funded by the Pentagon, claimed that "there are universities in Bulgaria that teach how to create more effective viruses." Mr. Gary did not respond to my letter requesting more information.

The government started the Internet, and then over a period of years it lost control. This was partly due to the unique architecture of the Internet, which has its roots in a 1964 Rand Corporation proposal for a post-Doomsday network. Rand's idea was that information packets could contain their own routing information, and would not have to rely on centralized switching. Anarchy, it seems, is the best antidote to vulnerable communications systems.

Recently the government, due to a combination of tight budgets and a trend toward deregulation, has allowed big business to take over the main conduits, or "backbone" of the Net. Corporations smell a huge potential cybermarket, and are investing money to get themselves positioned on the Net. They want to be ready when it comes time to harvest the expected profits.

Today we have a global network with 30 million users. No one is in control, and no one can pull the plug. If one telecommunications company decided to shut off the segment of the Net that they administer, other companies could simply route their traffic around them. And if it weren't for password protection and the "firewalls" installed by corporations to protect their local turf from other computers, each of Internet's users would have access to all the other computers on the Net.

Passwords and firewalls don't always work. A hacker who burrows in and obtains the right sort of access can watch the passwords of other users fly by, and can capture them for later use. In November 1994, General Electric's robust firewalls were circumvented by hackers, according to a company spokeswoman, and GE had to pull their computers off the Net for a week to revamp their security procedures. In two other incidents, a group of hackers calling itself the Internet Liberation Front managed to break into systems. On one they posted a message warning corporate America against turning the Internet into a "cesspool of greed."

So Big Brother has a problem. But it's not so much a problem of national security, except perhaps in the broad sense of economic vulnerability. Defense and intelligence systems that are classified are not connected to the Internet. When the Pentagon complains to NBC about national security, what they really mean is that they might have to forego the convenience of Internet contacts with their contractors, and use other means instead.

No, Big Brother in this case is not the Pentagon, it's really big business. They're chomping at the Net's information bits, while the computer security problem is reining them back. Until this problem is solved, the Net cannot be used for serious commercial transactions. Big business seems to be feeding scare stories to the media, and the Pentagon is helping them out by raising the time-tested bugaboo of national security -- the only surefire way to scare Congress into repressive legislation. America leads the world in information technology, and the Internet is potentially a lucrative link in tomorrow's profit chain. If only those pesky hackers would go away.

The hackers that do exist are grist for the system's disinformation mill, so if they didn't exist the system would probably have to invent them. The bottom line for those whose opinions matter is that the Internet has potential to help the rich get richer. Hackers belong in jail, of course, but there's also the Net surfer who's clogging bandwidth with idle chatter, or even swapping copyrighted material with their friends. Frequently this unprofitable silliness is subsidized by the universities. All big business wants from these folks is consumption -- they may browse through online catalogs and debit their credit lines, but forget all this virtual community stuff. It's got to go.

The way to reboot the system is to boot the little guy, and the best way to do this has always been to let the government bash some heads. The digital equivalent of this is the one-two punch of the Clipper chip and the Digital Telephony Bill. Clipper is an ongoing government effort to encourage the mass marketing of a encryption standard that can be tapped by them. It was developed with help from the National Security Agency (NSA), which is worried about the emergence of encryption that can't be easily broken by their supercomputers. The FBI's favorite is the Digital Telephony Bill, which was passed without debate by Congress last October. It forces telecommunications companies to modify their digital equipment so that the government has access to wiretapping ports when they come calling with a warrant.

Warrants? When was the last time the intelligence community took warrants seriously? Just in case a few of them get nervous while breaking the law, the Foreign Intelligence Surveillance Act of 1978 set up a secret court to issue warrants in situations involving a foreign threat. This court has yet to turn down a single request put before it -- even rubber stamps don't perform this well. All it would take is a vague rumor of a Bulgarian virus with Russian organized crime lurking close behind, and presto, a secret warrant is issued to tap the Internet backbone so that U.S. spooks can look for nasty digital germs. The judges aren't competent to evaluate technical rumors, and with their track record, no one pretends that they will call in their own experts. Why bother, since the proceedings are secret and there's no accountability?

But then, who needs a warrant? According to reports, the NSA, Britain's Government Communications Headquarters (GCHQ), and Canada's Communications Security Establishment, all practice what might be termed the "sister agency gambit." They do this by stationing liaison officers in each of the other agencies. When they want to tap their own citizens without a warrant, they just call over the liaison officer to throw the switch. Now it's called "intelligence from a friendly foreign agency" and it's all legal.

Particularly with the Internet, where jurisdictional problems involve many nations, this sort of transnational cooperation will be the rule rather than the exception. The excuse for monitoring the Net today might be the security problem. Tomorrow the security problem may be solved, one way or another, and the Net will be used for commercial transactions. Then the excuse for monitoring will be the need to detect patterns of commerce indicative of money laundering, much like FinCen does today.

FinCen, the Financial Crime Enforcement Network, monitors Currency Transaction Reports from banks, and other records from over 35 financial databases, as well as NSA intercepts of wire transfers into and out of the U.S. This data is shared with the DEA (Drug Enforcement Administration), CIA, DIA (Defense Intelligence Agency), IRS, FBI, BATF (Bureau of Alcohol, Tobacco, and Firearms), and the Secret Service. FinCen, which began in 1990, is an attempt to track, cross-reference, and apply artificial-intelligence modeling to all the relevant data from government agencies. Now they are floating a proposal for a deposit tracking system. When the Internet begins carrying financial transactions, FinCen is sure to be poking around behind the scenes.

One characteristic of the Internet is that surveillance on a massive scale is easy to accomplish. With telephone voice or fax transmissions, the digital signal is an approximation of the analog signal. Massive computing power, relatively speaking, is needed to extract the content in the form of words or numbers. This is called "speech recognition" for voice, or "optical character recognition" for fax. Data on the Internet, on the other hand, is already in the form that computers use directly. Moreover, each packet conveniently includes the address of the sender and receiver.

It's a simple matter to tap an Internet backbone and scan every packet in real time for certain keywords. With voice and fax, it's only practical to capture specific circuits, and then examine them later for content. On the Internet, even encryption doesn't solve the privacy problem, because the Net is also ideal for message traffic analysis. A stream of encrypted messages between two points could be detected by a computer, which then spits out a report that's sure to attract attention. Each end of this stream is now identified as a target, which means that other types of surveillance are now practical. The Internet, in other words, increases opportunities for surveillance by many orders of magnitude, with or without encryption.

Those who have the resources can try to befuddle the spooks who monitor them by disguising their transactions. Shell corporations, off-shore banks, and cash-intensive businesses will still be popular with money launderers. Seemingly innocent transactions will slip through the net, and for the most part only the little guy without transnational resources will get caught.

Which is exactly the point. The little guy on the Net is surfing on borrowed time. There are too many pressures at work, too many powerful interests to consider. The Net is too important to the Suits -- if not now, then soon.

If it were only a case of Us and Them, it would be easier to sort it all out. But the self-styled Internet Liberation Front, and similar types with hacker nonethics, are part of the problem as surely as the greedy capitalists. Nor is it easy to see much hope in the way the little guy -- the one who obeys the law -- has used the Internet. The entire experiment has left us with 30 million connections but very little public-sector content. Apart from the sense of community found in Newsgroups, list servers, and e-mail, not much is happening in cyberspace. And just how deep is this community when the crunch comes? Not nearly as deep as the counterculture of the 1960s, and look what happened to them.

Rand Corporation, meanwhile, is churning out studies on cyberwar, netwar, and information warfare. The Defense Department, at the urging of their Advanced Research Projects Agency (which started the Internet), recently signed a memorandum of understanding with the Justice Department, at the urging of the FBI and the National Institute of Justice. This memorandum anticipates a coordinated effort on high-tech applications for "Operations Other Than War" and "Law Enforcement." The game is on, and the high-tech high rollers are getting it together.

The neat graphics and sassy prose in "Wired" and "Mondo 2000" magazines notwithstanding, the Net-surfing culture is more virtual than real. Cyberspace cadets are no match for the real players, and it's going to be like taking candy from a baby. Lots of squeals, but nothing to raise any eyebrows. It's all so much spectacle anyway. Guy Debord (1931-1994) summed it up in "Society of the Spectacle" in 1967, when Rand was still tinkering with their Doomsday idea: The technology is based on isolation, and the technical process isolates in turn. From the automobile to television, all the goods selected by the spectacular system are also its weapons for a constant reinforcement of the conditions of isolation of "lonely crowds." The spectacle constantly rediscovers its own assumptions more concretely.... In the spectacle, which is the image of the ruling economy, the goal is nothing, development everything. The spectacle aims at nothing other than itself.

Then again, the Spectacle does make for excellent Internet watching, once silly notions like "information wants to be free" are discarded, and the drama can be enjoyed for what it is. Basically, it's one more example of something that happens frequently in history. The little guy thinks he has created something new and powerful. He's so busy congratulating himself, that when the Big Dogs begin to notice, the little guy doesn't. In the end, it's merely another dog-bites-man nonstory that won't be found on NBC News. This just in: "Little guy gets screwed."