To track terrorists, government snoops
will have to track you, too
Khalid Al-Midhar came to the attention of federal
law enforcers about a year and a half ago. As the Saudi Arabian strolled into a
meeting with some of Osama bin Laden's lieutenants at a hotel in Kuala Lumpur in
December, 1999, he was videotaped by a Malaysian surveillance team. The tape was
turned over to U.S. intelligence officials and, after several months,
Al-Midhar's name was put on the Immigration & Naturalization Service's
"watch list" of potential terrorists. When the INS discovered in August that
Al-Midhar was already in the U.S., the FBI assigned agents to track him
down.
By the time the FBI figured out where Al-Midhar was, downtown
Manhattan was in flames, part of the Pentagon had been destroyed, and more than
5,000 people were dead. Racing to reconstruct the disaster, agents pulled the
manifest of hijacked American Airlines Flight 77--and discovered that Al-Midhar
had bought a ticket for the flight using his real name.
As politicians,
businesspeople, and terrorism experts try to prevent the horror of September 11
from ever being repeated, they are taking a closer look at the story of Khalid
Al-Midhar. Could the tiny shred of information about him--his name and his
image--have been used to thwart the attack? The answer may be yes. Technology
exists that, had it been far more aggressively deployed, might have tracked down
Al-Midhar before he stepped on board the plane. The FBI's list of potential
terrorists, for instance, could have been linked to commercial databases so that
he might have been apprehended when he used his Visa card days before the
attack.
The videotape of Al-Midhar also could have been helpful. Using
biometric profiling, it would have been possible to make a precise digital map
of his face. This data could have been hooked up to airport surveillance
cameras. When the cameras captured Al-Midhar, an alarm would have sounded,
allowing cops to take him into custody.
The aim of these technologies is
simple: to make it harder for terrorists to hide. That's top priority now--and
it's likely to drive a broad expansion of the use of intrusive security
measures. Polls taken since September 11 show that 86% of Americans are in favor
of wider use of facial-recognition systems; 81% want closer monitoring of
banking and credit-card transactions; and 68% support a national ID card. But
the quest for safety is also going to come at an incalculable cost to personal
privacy. Any tool that is powerful enough to strip away the anonymity of Khalid
Al-Midhar--one dangerous traveler among millions of innocents--will do the same
thing to ordinary citizens. Their faces will have to be scanned by the same
cameras, their spending habits studied by the same computers.
The war on
terrorism is still in its early days, but one thing is already clear: In the
future, information about what you do, where you go, who you talk to, and how
you spend your money is going to be far more available to government, and
perhaps business as well. "September 11 changed things," says former Federal
Trade Commissioner Robert Pitofsky, one of the most forceful privacy advocates
in recent decades. "Terrorists swim in a society in which their privacy is
protected. If some invasions of privacy are necessary to bring them out into the
open, most people are going to say, `O.K., go ahead."'
Across a wide
range of battlefields, privacy is on the retreat. Many high-tech surveillance
tools that were deemed too intrusive before September 11, including the FBI's
"Carnivore" Internet eavesdropping system, are being unleashed. Pre-attack
legislation aimed at protecting people from unwanted privacy invasions has been
shelved, while Congress is on the verge of passing an anti-terrorism law giving
cops broad new powers to wiretap, monitor Internet activity, and peer into
personal bank accounts. The notion of forcing citizens to carry a national
identity card--once anathema to America's open culture--is getting more serious
consideration than ever in U.S. history.
These developments could wind up
having profound implications for our democracy. Privacy involves the most
fundamental issue in governance: the relationship of the individual to the
state. Since the forefathers, Americans have been committed to the idea that
people have the right to control how much information about their thoughts,
feelings, choices, and political beliefs is disclosed. It's a matter, first and
foremost, of dignity--creating a boundary that protects people from the prying
eyes of the outside world. That, in turn, helps to shield religious minorities,
political fringe groups, and other outsiders from persecution by the
majority.
By reducing our commitment to privacy, we risk changing what it
means to be Americans. To the extent that ID cards, databases, and surveillance
cameras help the government track ordinary citizens, they may make people
marginally less willing to exercise basic freedoms--to travel, to assemble, to
speak their minds. "It's possible that through a tyranny of small decisions, we
could make a nightmare society," says Harvard Law School Professor Laurence H.
Tribe.
Of course, we're still a long way from that point. Although many
civil libertarians worry that the era of Big Brother is dawning, polls show that
Americans are still committed to personal privacy and are unwilling to give law
enforcers a blank check. President George W. Bush quickly dismissed the notion
of a national ID card. And a coalition of left- and right-wing libertarians gave
the Anti-Terrorism Act far rougher going than most commentators initially
expected. Furthermore, none of the proposals currently on the table--such as
installing facial-recognition systems at airports or linking the FBI's databases
to those run by the airlines--fundamentally threatens civil
liberties.
But this is a rapidly evolving issue. We have already
abandoned a number of old privacy taboos. If new attacks come and the U.S. is
powerless to stop them, a mandate could develop for greater levels of
surveillance. Here are some of the key areas in which personal privacy could
begin to erode:
What You Do No matter how hard terrorists try
to keep a low profile, they live in the real world. The team that attacked the
World Trade Center had to buy plane tickets, take flying lessons, communicate
with one another, and draw money from bank accounts.
All of these moves
leave traces on widely dispersed computer databases. That's why the tool that
probably has the most potential to thwart terrorism is data-mining. Think of it
as a form of surveillance that casts its eye on computer networks. If cops could
survey the nation's computer systems and discover that a member of an extremist
group also bought explosives and visited a Web site about building demolition,
they might be able to halt a potential attack. Or if someone tried to purchase
anthrax, the seller could run an instant background check.
Today, those
databases aren't linked. The FBI's watch list of suspected terrorists hasn't
even been connected to the INS or the State Dept., much less the private sector.
A wide variety of laws and taboos has prevented the government from hooking up
its files with those of airlines, credit-card companies, and private
data-collection organizations. But that's already changing: On Oct. 11, INS
chief James Ziglar told a Congressional committee that he is moving to link the
agency's computers to the FBI's central database of bad guys. He also wants to
require air carriers to submit passenger lists to the INS to prevent suspected
terrorists from boarding U.S.-bound planes.
Some people, including Oracle
Corp. CEO Lawrence J. Ellison, are recommending the creation of even broader
databases. Other industry experts, all of whom stand to profit from such a plan,
argue that such vast systems are already feasible. For example, Wal-Mart Stores
Inc. and Kmart Corp. have databases containing over 100 terabytes of information
about everything from sales to inventory to deliveries. That's the equivalent of
about 200 billion documents--some 100 times larger than the Internal Revenue
Service's commercial tax-filing database. "There are real-life data warehouses
that absorb information in near real time, process it, and issue alerts within
seconds or minutes," says Richard Winter, an independent expert on large
database systems.
A key challenge will be developing sophisticated
software to sift through the databases, pinpointing likely terrorists and
suspicious behavior. Working together, a team of criminologists and software
developers would need to design profiles of potential evildoers. That has been
done in the past to track down serial killers and to thwart hijackings with
mixed results. The airline industry's Computer Assisted Passenger Screening
system (CAPS) failed to pick out almost all of the September 11 terrorists. But
there's good reason to believe the technology can improve. Software maker Sybase
Inc.'s new mining software can already analyze up to 1,000 variables, vastly
increasing cops' ability to find the needle in a haystack of personal
data.
Of course, there are huge political and legal hurdles to launching
such systems. For one thing, government officials have a long history of abusing
their power to collect personal information. Remember J. Edgar Hoover and
Richard M. Nixon? For another, databases created for one purpose have a way of
being reused in unintended ways. Files that Massachusetts accumulated about
citizen health insurance claims, for example, had to be turned over to the
tobacco industry when the state sued cigarette makers (though the state took
steps to ensure that individuals' identities were masked). Over the long term,
widespread deployment of data-mining will depend in large part on the ability of
law enforcers to persuade the public that effective guidelines can be
designed--and followed.
Who You Are One of the most
controversial issues on the privacy landscape is that of national ID cards. Many
Americans are instinctively repulsed by the idea. Passion runs so strong on this
issue that the government has repeatedly blocked efforts to use Social Security
numbers for drivers' licenses, voter registration, and prison records. The fear
is that the Social Security number would become the equivalent of a national ID
card.
More than 100 other countries, many of them democracies, disagree.
They come in many varieties. Germany, after the human rights abuses of the
Nazis, takes a minimal approach. Cards contain basic information, including
name, place of birth, and eye color. Malaysia, on the other hand, this year
launched a project to issue 2 million "multipurpose" cards in Kuala Lumpur. A
computer chip allows the card to be used as a combination drivers' license, cash
card, national health service card, and passport.
That's only the
beginning of what's theoretically possible. Given the power of digital
technology, criminal records, immigration data, and more could be packed onto ID
cards. In fact, they could contain so much data that they become the equivalent
of portable personal files.
That's still a long way off. From a cop's
perspective, ID cards are desirable because they make anticrime databases work
better. As things stand now, one typing error at the airline check-in
counter--say, John Smiht--and all the fancy efforts to unite Delta Air Lines
Inc.'s database with the INS watch list don't add up to much. Forged drivers'
licenses or passports--not to mention legitimate alternative spellings, such as
Jon Smith or John K. Smith--produce the same problem.
A national ID card
solves this by turning every person into a reliable data point for entry into
larger databases. Once national ID cards are in place, airlines, explosives
manufacturers, and border-crossing guards will know exactly which John Smith
they are dealing with. So terrorists will have a harder time passing themselves
off as ordinary citizens. True, ID cards can be forged. But that problem can
largely be managed via "smart" cards equipped with computer chips that can store
the cardholders' fingerprints or iris scans as biometric authentication
devices.
The concern, of course, is that ID cards could lead the country
down a slippery slope. Over the long run, say critics, they might be used as a
platform for creating new databases. Starting with a card like, say, the one
Malaysia just launched, governments could require the ID cards to be swiped into
electronic readers every time people shopped, traveled, or surfed the Web and
could accumulate an unprecedented quantity of information on their
citizens.
For now, though, the question of a national ID card appears to
be off the agenda, though it's nowhere near dead. Even some longtime civil
libertarians are reevaluating. On Sept. 10, "I was a knee-jerk opponent of ID
cards," says Harvard University law professor Alan M. Dershowitz. "Now, I've had
to rethink the whole thing."
Where You Go In recent years,
scientists have made enormous advances in location-tracking tools. Surveillance
cameras with facial-recognition software can pick out criminals in public
places. Global positioning satellite (GPS) transponders in cars, boats--and one
day, in handheld devices such as phones--send out signals identifying people's
latitude and longitude to within 10 feet. Both of these technologies will
flourish in an environment free of many of the privacy concerns that clouded
their future before September 11.
So far, facial-recognition systems are
used primarily in highly controlled situations as authentication devices, to
vouch for the identities of workers entering, say, a nuclear power plant. They
are not often used, especially in the U.S., as a general surveillance device in
public places. Tampa police use them in high-crime districts. A few casinos have
also installed them. But in the wake of the terror attacks, a security committee
formed by Secretary of Transportation Norman Y. Mineta has recommended the
aggressive rollout of facial-recognition systems in airports. But it's still
unclear how useful they will be. They can still be tricked by people wearing
fake beards. And they tend to generate too many false alarms. Unless these
glitches get fixed, the devices may never be appropriate for high-traffic
settings such as tunnels and bridges.
GPS is a different story. The
technology works--and it has been rapidly spreading to new places. Before
September 11, privacy groups and some legislators had been working to limit the
ability of companies to collect location data from customers surreptitiously and
to raise the legal standards for enforcement officials to subpoena this
material. Those battles, for the time being, are lost causes. If GPS information
helps track down terrorists, it will be collected.
Whom You Talk
To Law enforcers need the ability to find out with whom suspected
terrorists are talking and what they are saying. That's why the government
lobbied for the Anti-Terrorism Act, which gives the feds increased powers to
eavesdrop on telephone calls and digital communications made through e-mail,
online service providers, and digital devices.
Unlike facial
surveillance, ID cards, or data-mining--which invade everybody's privacy--the
government's new eavesdropping powers will primarily target known suspects. So
they don't raise as many issues for the public at large.
There's one
major exception: Carnivore, a technology the FBI uses to monitor e-mails,
instant messages, and digital phone calls. Carnivore generated widespread
controversy before September 11 for being too powerful. When installed on a
suspect's Internet service provider, it searched through not only the suspect's
Web activities but also those of people who used the same ISP. After privacy
advocates complained, the FBI scaled back its deployment. Now, the brakes are
off. There are widespread reports that the government has hooked up Carnivore to
ISPs with minimal oversight. The government will probably soon demand that ISPs
and digital wireless providers design networks to make them easier to tap. Just
a few months ago, the FBI wouldn't have dared to ask. Now, such a move would
barely make the papers.
Facial-recognition software. Data mining.
National ID cards. Carnivore. For the near future, these technologies are going
to be deployed as stand-alone systems, if at all. But we live in a digital age.
All of these technologies are built on ones and zeros. So it is possible to
blend them together--just as TVs, computers, video games, and CD players are
converging--into one monster snooping technology. In fact, linking them together
makes each one exponentially more effective.
A national ID card, for
example, could be used to launch a new unified database that would track
everybody's daily activities. Information culled from Carnivore could be stored
in the same place. This super database, in turn, could be linked to
facial-recognition cameras so that an all-points bulletin could go out for a
potential terrorist the second the data-mining program detected a suspicious
pattern of conduct.
Other, more futuristic new technologies could be
added to the mix. Scientists will be able to make much more powerful
surveillance devices if they're freed of the privacy concerns that have
restrained them in recent years. Already, researchers are working on satellites
that can read the unique color spectrums emitted by people's skin and cameras
that can tell whether people are lying by how frequently they blink. Left
unchecked, technologists could eventually create a nearly transparent society,
says David J. Farber, a pioneering computer scientist who helped develop the
Net. "All the technology is there," he says. "There is absolutely nothing to
stop that scenario--except law."
To be sure, nobody is proposing such
systems. And they are a long, long way from technical feasibility. But they are
within sight--and no more far-fetched than, say, eBay Inc.'s auction-everything
Web site was a generation ago. Indeed, unifying the various surveillance systems
makes sense from a technological standpoint, and there's likely to be strong
pressure, once the tools are in place, to try to make them work
better.
As the U.S. enters the next phase of the war on terror, it is
useful to keep this Orwellian scenario in mind, if only as a warning beacon of
some of the hazards ahead. It is also reassuring to know that privacy principles
developed in the past still apply in this new world. Surveillance can be checked
by laws that require regular audits, that call for citizens to be notified when
they're investigated, and that give people the right to correct information
collected about them. That's the best way of guaranteeing that, in our efforts
to catch the next Khalid Al-Midhar, we don't wind up with Big Brother instead.
By Mike France and Heather Green in
New York, with Jim Kerstetter in San Mateo, Calif., Jane Black and Alex Salkever
in New York, and Dan Carney in Washington
