After the attacks on the World Trade Center towers, the Patriot Act was implemented with the obvious goal of protecting the country from future threats – most notably through the implementation of increased governmental cyber security and surveillance powers. With the passing of this legislation, many became much more aware of how their rights are affected by the common need for national security. While this exemplifies the age-old private versus public interest debate, it is not as simple as black and white. A multitude of critics have rallied against the push for increased governmental cyber security – many of whom propose some form of the question, “are the rights of our citizens worth sacrificing in order to gain more security?” It appears to me that this is the wrong question to ask. There is no strict dichotomy between personal liberties and national security. Both can exist simultaneously in differing capacities; it’s a matter of knowing when to shift the balance in either direction. I believe that the issue society should really be examining is where this “point of compromise” needs to lie. It’s no secret that in the era when the Constitution was drafted, America existed in a much different world. With the advent of computers and modern technology, information is now transferred instantaneously. Many people still view their rights in the context of how they existed over 200 years ago. It’s crucial that society understand how the relationship between personal rights and national security has changed in the face of an increasingly technologically advanced and globalized society. Furthermore, it is up to the general public to utilize this technology to take an active role in supporting the policies they feel are righteous, and to fight back when they deem that dissent is necessary.
The Patriot Act greatly broadened and strengthened many of the surveillance powers available to the American government, most notably their “cyber-surveillance” powers – the ability of law enforcement to conduct surveillance through the use of modern technology. Although some of the powers discussed or referred to have been altered or nullified since their inception, they are still relevant for analysis because they were legal at some point in the very recent past.
One of the more controversial powers expanded under the Patriot Act is the ability of law enforcement to ask a judge for permission to secretly conduct a search on an individual’s personal property, and to delay indefinitely, notification to him or her that a search was even carried out (MacDonald.) Also known as “sneak and peek” warrants, these can be used by law enforcement investigating any type of federal crime, including misdemeanors. Before the policy changes, this type of warrant could only be used for a short time span and under very specific conditions, such as when a person’s life was in direct and immediate danger (Stambaugh). Now, delayed notice warrants can be used in any situation in which there is a risk of interference with an investigation (Stambaugh). Many critics make the argument that the nature of sneak and peek warrants are the very exemplification of what the Constitution defines as an “unreasonable search”, especially since they can be used in cases of lowly misdemeanor violations.
The previous discussion on sneak and peek warrants serves as a sort of a “micro view” or case study to represent the way most people currently view the larger theme of governmental cyber-surveillance powers. In other words, most of the people currently analyzing these powers do so by relating them to the United States Constitution – a document created over two hundred years ago. While this view is important and certainly has its merits, it’s equally valuable to examine these surveillance powers from a new perspective: the way in which technology complicates and changes the issue. This is something that the founding fathers of America couldn’t have accounted for in their drafting of the Constitution – which is why it’s critical to understand the limitations of examining the surveillance powers only in terms of their constitutionality.
Modern technology and computers have brought about the era of instantaneous information transfer. From the ability of computer hackers to send out viruses that can take over control of thousands of other machines, to the power of spy satellites that can read the print off of an open phonebook from over one hundred miles in the sky – technology such as these have “changed the game” so to speak. It’s essential that society understand that our rights and liberties exist in this modern context. While it is impossible to know exactly how every personal freedom must be adapted to fit every situation, it’s helpful to look at some specific scenarios.
Take for example, two provisions granted / enhanced upon under Patriot Act legislation: national security letters (NSLs), and the expanded scope of information that can be obtained with subpoenas. A national security letter is used to obtain certain information from a person or entity – without requiring that the subject be a suspect in any criminal investigation. Additionally, the usage of an NSL does not require the demonstration of probable cause, nor is it subject to judicial oversight (Dept. of Justice, sec 505). As for the change to subpoenas, they can now be used to retrieve the following information from Internet and phone service providers: the person or entity’s name, address, billing records, phone number, IP address, and payment methods, such as credit card or bank account numbers (Dept. of Justice, sec 210). Additionally, these service providers can voluntarily give this information to law enforcement if they have reason to believe that there is a risk of bodily injury or death. Now, if an examination were to be conducted on NSLs and the adjusted subpoena powers using the “common” or “old” perspective, through an analysis of their constitutionality, many flaws would arise. For NSLs, it’s understandable to see how the lack of suspect status, probable cause, and judicial oversight could form the foundation for a strong argument that this power is in violation of America’s founding principles. Similarly, it’s not unreasonable to recognize how the new subpoena guidelines could be a target for criticism.
However, when analyzed in relation to the way in which technology plays a role in the issue, a case could be made for both the usage of NSLs and broadened subpoena powers. Take for example, a computer hacker who is using malware to gain access to sensitive information in a CIA database. He is a first time offender and isn’t currently a suspect in any criminal investigation. By the time the authorities work their way through all the bureaucratic red tape of seeking approval for a warrant, getting a probable cause hearing, and possibly even getting judicial restrictions placed on it, all trace of the hacker could be lost. However, the usage of a national security letter expedites the process and gives law enforcement the immediate discretionary power necessary to conduct surveillance on him. Furthermore, the broadened subpoena powers could be utilized to access information from the Internet service provider that is crucial to apprehending him, such as his IP address and personal information. As demonstrated above, a critical analysis of the NSL and subpoena power from both of the different “perspectives” yield two different results.
This highlights the need for society to examine government cyber security and surveillance powers from both angles, and then determine where on the continuum between constitutional rights and national security a “point of compromise” can be found, depending on the situation. It will not always be practical or appropriate for the judicial system to carry out this critical analysis in every situation, which is why it is so important for the general public to play a role in acting as “watch dog” of the executive branch in every case possible.
Also essential to the debate on cyber security and surveillance powers is how they will fit into the future of a technologically globalized society. Jo Bavisi, president and co-founder of the International Council of E-Commerce Consultants (EC-Council) claims that “as our national and global economies become ever more intertwined with the Internet”, America’s biggest national security threat will be attacks from cyberspace (Bavisi). In August 2011 alone, there was an attack on San Francisco’s Bay Area Transit system, a hacker who released the personal information of hundreds of thousands of users from the Seiko Epson Corporation database, and an attack on the Hong Kong Stock Exchange that suspended the trading of several major companies for over two days (Hoffman.) These cyber attacks made on San Francisco’s transportation infrastructure and on Hong Kong’s financial institutions demonstrate the importance of implementing Bavisi’s recommendations, such as the creation of an Office of Cyberspace Policy, and the need to give our president emergency powers to protect the nation’s systems in case of a major security breach. However, he also emphasizes the need for limitations to keep these executive powers in check, such as, Congressional notification, time constraints, and the assurance that the president will not have a “kill switch” to shut off American Internet services.
A related issue is that of “political hacktivists” – a term coined for people who use hacking as a means to a political end. In recent months, there was an attack on the Syrian Ministry of Defense website that posted a video of Syrian protesters being killed by the military, and a claim that the regime should be tried for treason (Hoffman.) Additionally, there was a breach in the database of American defense contractor Vanguard Defense Industries, in which a hacker released a multitude of confidential counter-terrorism documents (Hoffman.) Just as people have protested the actions of their governments for thousands of years, the same is being done now, but under the veil of Internet anonymity. This raises serious concerns in regard to governmental surveillance powers and their role in national security. In decades past, it would take a large, organized uprising to be able to put up any sort of real opposition to a major government. Now, a teenage kid with an affinity for computer hacking anywhere in the world could potentially shut down major electronic systems in America. Again, the tug-of-war between personal rights and national security presents itself, but in a modernized way. While Bavisi’s suggestions appear to be an effective way to mitigate the detrimental effects of these actions, it’s important to keep in mind that political hacktivism does have it’s place in modern society as a sort of governmental “watch dog”, such as in the scenario where hackers exposed the murder of Syrian protesters. Some of Bavisi’s limitations, such as the recommendation that no one – not even the president – be given the ability to “shut down” the Internet, are absolutely critical. They work double duty as both a check on the executive branch, and also as a way to offer some assurance that the helpful, or “good” kind of political hacktivism still has a chance to reach the ears of those who will listen.
In the world of cyber security, the term “black-hat” hacker is used to refer to someone who hacks for an illegal or “bad” purpose, usually for some sort of personal gain. “White-hat” hacker is a person who uses their skill set for “good”, which often means hacking with the intent of revealing the current exploits, loopholes, or areas of vulnerability of a system in order to warn the owners or users of that system (Jackson.) Shawn McCarthy, leading cyber security expert and founder of the U.S. Government IT Infrastructure Program, has been a major proponent of “using hackers to catch hackers” (McCarthy.) “Cyber Challenge” events have been held in America and China for several years, in which white-hat hackers use their hacking skills to discover the latest weaknesses and exploits, as well as make recommendations on how to fix them (McCarthy.) This is probably one of the most promising methods of increasing security in cyberspace. Utilizing people with existing hacking expertise to combat the black-hats who create the malware is intrinsically effective – it’s essentially “fighting fire with fire.” Using hackers to catch hackers also decentralizes the power and responsibility. Rather than having a single agency attempt to do this, thousands of individuals take on bits and pieces of the task, all the while giving hackers who might otherwise have become black-hats an incentive to stay on the “good side.” Additionally, this decentralizing of power reduces the need for checks and balances that a single government bureau might require.
As an exercise in caution, many in the industry look towards China as an example of what can happen if governmental cyber security and surveillance go too far. Several years ago, China launched the “Golden Shield Project”, with one of the main purposes being the strict surveillance of Internet usage, as well as censorship of any Internet content that is deemed to be in opposition of the regime’s ideals, including pornography, certain news sources, and many religious sites (OpenNet Initiative.) While this is an obvious and blatant suppression of human rights, it serves as an essential case study in government security. However, one of the more interesting observations is the way in which the people of China have fought back. Many have discovered loopholes in the system, including the use of proxy servers outside the country to access blocked sites. Additionally, many programs have been created that allow users to bypass China’s firewall, such as Ultrasurf, which was created by Silicon Valley’s Ultrareach Internet Corporation (Ultrasurf.us.) The implications of China’s attempt to monitor and censor Internet activity in the country are far-reaching. This issue demonstrates that when a government’s policies err too far on the side of national security, a kind of “market correction” will occur – meaning that the general public will restore the balance between personal rights and security. In other words, the more resourceful and independent thinkers of a population will find a way to get the rights they deserve through the circumvention of over-zealous policies.
The arrival of modern technology has changed the way personal liberties and national security interact with each other. In order for progress to happen, people must realize how their rights have evolved in response to this technological advancement. The Internet has forced us to think not only in terms of American society, but also in the context of an increasingly globalized community. It is the duty of the people to play the role of governmental “watch dog”, and to employ the use of technology to advocate for policies that work, and to fight back when they deem that dissent is necessary.
Bibliography
Bavisi, Jay. “Biggest National Security Threat: Cyber Attack.” Fox Business.
(2010).
Dept. of Justice. “Text of the Patriot Act.” Department of Justice Website. United
States Federal Government.
Hoffman, Stefanie. “10 Biggest Cyber Attacks in August.” CRN Technology
News. (2011).
MacDonald, Heather. “The Patriot Act is No Slippery Slope.” City Journal. (2005)
McCarthy, Shawn P. “10 Big Issues for Cybersecurity Czar Schmidt.” IDC
Government Insights. (2009).
Jackson, Kelly. “A Call to Disarm Black Hat Hackers in China.” Dark Reading:
Security. (2011).
OpenNet Initiative. “China Including Hong Kong.” OpenNet Initiative. (2009).
Stambaugh, J.J. “Sneak and Peek Warrants Debated.” Knox News. (2007)
Ultrareach Internet Corporation. “Ultrasurf: Privacy, Security, Freedom.”
Ultrareach Internet Corporation. (2011)