Assuming all this impressive high-tech wizardry is fully operational, how could a band of terrorists, including many already suspected as such, operate within U.S. borders for years and still escape detection-undoubtedly making phone calls and exchanging e-mail with coconspirators all the while? The answers, unfortunately, don’t provide a basis for optimism about the ability of these systems to offer much protection in the new war against terrorism.First, security and intelligence experts agree that the mass of information generated every day around the world far outstrips the capacity of present-day technologies to process it. “You’re talking about incredible mountains of information, and trying to find that needle,” says McGraw.
Intelligence agency leaders themselves have admitted their vulnerabilities. “We’re behind the curve in keeping up with the global telecommunications revolution,” National Security Agency director Michael Hayden told CBS’s 60 Minutes in a rare public admission last February. In testimony to Congress days after the attacks on the World Trade Center and Pentagon, Attorney General John Ashcroft warned that terrorists still have the “competitive advantage” when it comes to domestic espionage, and that “we are sending our troops into the modern field of battle with antique weapons.”
Then there is the matter of encryption technologies that can turn even intercepted communications into gobbledygook. “The odds are nigh on impossible that the NSA or anybody else is going to be able to break” an encrypted message, says security expert and author Schwartau. Another technology that Osama bin Laden’s minions reportedly used falls under the rubric of steganography: cloaking one type of data file within another. It is possible, for example, to hide a text file with attack plans within a bit-mapped photo of Britney Spears. Just try to filter down the number of those images flying around the Internet.
And even the most advanced spying technology can be stymied by embarrassingly primitive countermeasures. Conspirators can go the old-fashioned route of disguising their activities by using simple ciphers that substitute letters for numbers or other letters; Thomas Jefferson used such codes in his international communiqus as George Washington’s secretary of state. Cigital’s McGraw says this would be the easiest way to avoid detection: “To use a crude example: maybe the terrorists substituted the word banana’ for bomb’ and orange’ for World Trade Center.’ Do you flag every unusual pattern with random associations?”
Beyond the pure technology issues lies the question of how these tools can be used in a way that is compatible with an open and democratic society. Even in the rally-round-the-flag mood following the attacks, many U.S. citizens expressed concern about the government’s expanding authority to snoop on their movements and communications. Organizations like the Electronic Frontier Foundation are highly vigilant about governmental attempts to expand the use of surveillance technologies such as Carnivore. “We really have no sense beyond a few basics they decided to reveal about how they use these tools,” says Lee Tien, senior staff attorney for the organization. “They just want us to accept that they need them, without explaining why or how.”
And while technologies like Carnivore have proved useful in investigations of specific individuals, they could be abused when directed at wider groups. People can quickly become “suspects” on no more evidence than an e-mail received or a Web site visited.
In the end, computer-based surveillance technologies may be best employed after the fact, says John Pike, director of GlobalSecurity.org, a Web-based military and intelligence policy group headquartered in Alexandria, VA. He notes that Carnivore, in particular, “was very effective in tracking down” and arresting former FBI agent and Soviet spy Robert Hanssen. “It also helped dramatically after the bombing to track down these terrorists’ activities. It helped them detain at least 400 to 500 other people as suspects.” According to Pike, U.S. citizens are going to have to become comfortable with such mass arrests if this type of technology is going to be used.
Even if the obstacles of bureaucracy, societal resistance and technical limitations were all to be surmounted, there’s no assurance that high-tech spyware would ever provide the kind of security that people now crave. Will these technologies help recognize the danger next time? Even the most sophisticated intelligence paraphernalia still can’t guarantee success when pitted against the malevolent combination of human ingenuity and capacity for evil.