The Golden Rule of Surveillance
Just hours after the first bombs fell on Afghanistan in October 2001, the Arabic television network Al-Jazeera broadcast a grainy videotape that showed Osama bin Laden reveling in the destruction of the World Trade Center. Partly because of the timing of the tape’s release, the Internet was quickly filled with speculations that the tape and others that followed were counterfeited by bin Laden’s confederates or the U.S. government. After all, video is easy to fake, isn’t it?
Nonsense, says Steve Sullivan, R&D director for Industrial Light and Magic, the well-known digital-effects company. Such spoofing, he says, “is simply not possible with any techniques I’m aware of.” Even for modest video quality, today’s computational power and rendering skills fall far short of what would be required to model a human realistically enough to fool viewers. “You could hire an actor to impersonate [bin Laden], I suppose,” Sullivan says. “Basically, though, when you see surveillance video, it’s real.”
Nonetheless, the impulse toward suspicion is fundamentally correct. Video may not yet be easily spoofed, but most other forms of digital data-spreadsheets, documents, and records of all types-are easy to alter subtly. “Sheer size and complexity are your enemy,” says Bruce Schneier, chief technical officer for Counterpane Internet Security, in Cupertino, CA. “The vast majority of data stored or used by computers are never seen by people. Answers are assumed to be correct, but the integrity of every part of the system is nearly impossible to verify.” In other words, even if original surveillance data are correctly observed and entered-far from a foregone conclusion-the deductions made by databases using such information must be treated with care.
Without safeguards, the security problems of large surveillance databases could quickly get out of hand. “It’s like Willie Sutton,” says Herbert Edelstein, president of Two Crows, a database consulting firm in Potomac, MD. “He said he broke into banks because that’s where the money was. Well, identity thieves will try to break into large databases of personal information because that’s where the identity data are.” For similar reasons, any government database compiled for hunting criminals and terrorists will be irresistibly attractive to its own targets.
Unfortunately, computers are notoriously hard to secure, and this difficulty increases as they grow more numerous, complex, and heavily used. People were sharply reminded of this vulnerability on January 25, when the Slammer worm hit the Internet. (A worm is a malicious computer program that hijacks one computer after another, forcing each compromised machine to send out more identical worms.) Within 10 minutes of its appearance, Slammer had infected some 75,000 computers, many of them critically important to business. Alas, Slammer was not unique: almost every major site-from the New York Times to the CIA and FBI-has been cracked at one time or another. On the basis of a General Accounting Office analysis last year, Congressman Stephen Horn (R-CA) issued failing grades to 14 of the 24 major federal agencies on his annual “computer security report card” for Uncle Sam. Given such dismal statistics, operators of government, corporate, and other databases must assume their networks will be periodically compromised, and they should plan accordingly.
Yet this inescapable lack of trustworthiness-perhaps surprisingly-is not all bad. Indeed, the very need to be constantly suspicious of the integrity of large databases is a powerful argument for the accountability measures that would mitigate their impact on privacy.
Stringent monitoring of database usage and public access to those records constitute what might be dubbed the Golden Rule of Surveillance. “If the police can track us as we go about our daily routine, we need to be able to see the police as they go about theirs,” says Carl S. Kaplan, a New York City appellate lawyer and former New York Times columnist on Internet law. ( Kaplan conducted TR’s Point of Impact interview in this issue. See ” Curbing Peer-to-Peer Piracy ,” ) In his view, surveillance databases will be less prone to misuse if the same rules apply to everyone. “It’s a fact of life that some police officers lie,” he says. “Equal access would either make it a lot harder for them to lie or make them a lot more careful about what surveillance they use.”