Cybersnooping to thwart terror deserves support
Source: The Straits Times
By Andy Ho
Date: November 15, 2003
PEOPLE with nefarious intentions can exploit the Internet for their dastardly deeds, but most Internet service providers (ISPs) can't track them down.
From the state's perspective, most to be feared is the cyberterrorist, who uses cyber tools to shut down critical infrastructures, like energy, transport, water, telecommunications and other government operations.
Particularly at risk are the more developed nations, as these have become very dependent on infocomm technologies for their public and private sector operations.
Aware that this could be Singapore's Achilles heel, Parliament has amended the Computer Misuse Act to allow 'pre-emptive action' to protect computer networks here against unauthorised entry. This has prompted concern about privacy rights being infringed. But Singapore will hardly be the first country facing this dilemma. In the United States, cybersnooping programmes have been deployed by the Federal Bureau of Investigation since 2000.
When attached to an ISP server, the cybersniffer records all traffic coming through, including e-mail messages, webpages accessed and chatrooms visited. This data gets stored as evidence.
These sniffers are also used in the private sector in many countries to monitor employees' Internet activity. The Home Affairs Ministry refused to speculate whether their sniffer, if deployed, will resemble Carnivore or not.
Why the fuss about privacy being invaded? Because nabbing cyberterrorists is easier said than done: Tapping the Internet is more difficult than tapping a phone as information is transmitted quite differently.
In telephony, the circuit-switching process automatically allocates one phone line for use between two parties. That line can be easily identified and tapped.
By contrast, the Internet uses packet switching to deliver data over one of tens of thousands of different possible routes. Tracking is a monumental task.
Also, in packet switching, an entire message is divided into tiny packets of data that get transmitted separately at very, very high speeds, to be recompiled into the original message at their destination. These packets comprise zeros and ones that zip by so fast no human can read and translate them into content immediately.
Unlike phone taps, where actual conversations are heard and recorded, e-mail messages cannot be read in real time as they stream past as zeros and ones on the information superhighway.
The upshot is that cybercrimes can be committed with much stealth and speed - unless a sniffer is used to capture a suspect's e-mail message at his ISP server even as it zips on by to the intended recipient.
Making a mountain of a molehill? Hardly.
Within months of the Sept 11 attacks, evidence had mounted that Osama bin Laden coordinated the assault using the Internet and wireless technology. From court testimony, the Jemaah Islamiah bombings in Bali and Jakarta were also organised and coordinated through e-mail messages. Bear in mind too that a number of captured terrorists had degrees in computing.
Terrorists use infocomm technologies to formulate plans, raise funds, spread propaganda, and communicate securely. Although these groups may not have the ability to infiltrate Singapore's critical infrastructure yet, their infocomm expertise suggests that they could launch an attack sooner rather than later.
As it is, ascertaining the identity of suspects early is already difficult. E-mail messages are increasingly also electronically camouflaged. Decoding an encrypted, or scrambled, e-mail message takes time.
In addition, terrorists tend to use ISPs that offer anonymous registration. By the time a terrorist act has been perpetrated, the digital trail of a suspect may have already been erased from his ISP servers.
If despite these technical difficulties, and knowing how horrendous the consequences of a successful cyberattack will be, we still hold individual privacy rights to be supreme, the only option left would be turning a blind eye to cyberterrorism. On the other hand, if we agree that national interests trump individual rights on this issue, the only option is to deploy a sniffer onto a suspect's ISP server.
Privacy concerns are understandable, but there are procedures to rein in rogue cops. Private details about innocent bystanders elicited by the cybersniffer will, for instance, be protected under the Official Secrets Act.
Responsible cybersnooping to avert cyberterrorist attacks deserves to be supported, not treated with suspicion.
^macro[showdigestcomments;^uri;Cybersnooping to thwart terror deserves support]