Slate's Bizbox
dialogues: E-mail debates of newsworthy topics.

Civil Liberties in Wartime

dialogues
entries
123456
from: Stewart Baker
to: Eugene Volokh

Posted Wednesday, Sept. 19, 2001, at 9:00 PM ET

Stewart Baker is head of the technology practice at Steptoe & Johnson, a former general counsel of the National Security Agency, and co-author of a book titled The Limits of Trust: Cryptography, Governments, and Electronic Commerce. Eugene Volokh teaches constitutional law at UCLA School of Law and is the author of a textbook on the First Amendment and many law review articles on rights questions. This week they discuss specific security technologies that the U.S. government might adopt in the wake of recent terrorist attacks, and their effect on civil liberties.

Dear Eugene,

We've been talking about civil liberties and about giving the police new wiretap powers to catch terrorists. In part, that's a question about how much privacy we can afford in this new world. But partly it's about how much we can trust the police. Today I'd like to talk about trust in two contexts.

1. First, Carnivore. Used properly, Carnivore wiretaps are no big deal from a privacy point of view. The police get a court order allowing them to intercept their target's Internet communications. They attach Carnivore to a network, and it sorts through the contents of the network. Once the device has found the communications that are covered by the court order, it makes them available to the police. Carnivore raises some technical concerns, of course. Understandably, some network owners don't want to put an unfamiliar device on their fragile systems, but I didn't see a privacy problem with Carnivore.

As long as you trust the police to use it lawfully.

This was your point, and a good one. In the old days of Ma Bell, the police got the intercept orders, but it was the phone company that actually did a lot of the work when the tap was implemented. Their billing department matched the name to the phone number. Their technicians figured out what line went with what number and often hooked up the tap. I'm sure that the phone company did this mainly to protect the network from inadvertent harm. But putting the phone company in the middle also had a kind of civil liberties value—not so much by protecting privacy directly as by building trust in the system. A disinterested phone company technician wasn't likely to get caught up in a desire to capture crooks at any cost. If the police wanted to do more than the court order allowed, the phone company was likely to balk.

As you point out, that safeguard is missing with Carnivore, which is typically programmed by the police. The Internet service providers or ISPs whose networks are tapped have much less control of the tap than the old phone companies did. I agree with you that it would be better to have a third party in the middle, and I'm glad that some ISPs and portals insist on using their own wiretap solutions rather than taking Carnivore off the shelf. But we should also remember the limits of this third-party check. ISPs are often new, financially strapped startups offering retail service for a fixed fee. They aren't a regulated monopoly that can pass on wiretap costs to their customers. So the smaller companies are likely to adopt whatever wiretap solution looks quickest and cheapest. That's why I think we make a mistake in trying to bring back the old Ma Bell model for Internet wiretaps. We ought to focus on other ways to make sure we can "trust but verify" how the police carry out wiretaps.

2. The trust issue, rather than direct privacy protection, is also at the heart of another issue that Attorney General Ashcroft has raised recently. He has been saying that wiretaps should follow the suspect, not the suspect's phone. He wants more authority for "multipoint" or "roving" wiretaps. That way, if a target uses three or four different phones or buys a new phone from Wal-Mart during the investigation, the police will have authority to quickly activate a new tap of the suspect's new phone. (Since a version of this authority already exists for criminal wiretaps, his proposal isn't all that clear; he may simply want to expand the existing authority to cover foreign intelligence cases; we'll have to await the details of his proposal to know for sure.)

Whatever the precise scope of the proposal, though, it's hard to see a problem from a privacy point of view. In fact, you could say that this is a pro-privacy approach. In the old days, the police tapped land-line phones in the suspect's house, which meant they listened to the suspect—and his wife, and his teen-age daughter, and the housekeeper calling home, and the neighbor who dropped by and needed to check his messages by phone. By focusing the tap on the suspect, we may actually be able to protect those other people's privacy a little better.

As with Carnivore, the real issue is how much you are willing to trust the police. It's not possible to build a technology that will identify the target automatically when he moves from phone to phone. The success of roving wiretaps will depend a lot on the police's ability to identify which phones the suspect is using. Which means that the phone company will no longer be in the middle, using its billing records to help match the wiretap order to particular phones. Instead, the police will likely just tell the phone company to "Move the tap to 555-5692 now; that's where the suspect is calling from." The phone company can't be sure that's true. It has to trust the police.

In this area, too, my inclination is to give the police the authority to follow suspects as they move from phone to phone and then look for other ways to ensure that our trust is not abused. We can't be naive. Police are human. Sometimes they get carried away with their job, and sometimes they misuse their powers. We need to have checks and audits. But I don't think that we should assume, as too many civil libertarians do, that the police can never be trusted; nor should we insist on any single verification method. As technologies and industries change, so too should the methods we use to keep track of wiretaps. The automation of wiretaps can mean less need for third party intervention, but it also means that we can use the audit and logging functions of modern computers to know exactly which police officer did what at any time to the wiretap system—and to hold them accountable. Properly used, that technology should provide a better check on police abuses than trying to hang on to the old "Ma Bell in the middle" solution every time we are reluctant just to trust the police.

dialogues
entries
123456
from: Stewart Baker
to: Eugene Volokh

Posted Wednesday, Sept. 19, 2001, at 9:00 PM ET
Print This ArticlePRINTDiscuss this in The FrayDISCUSSEmail to a FriendE-MAIL
Share on FacebookPost to MySpace!Share with MixxDigg ThisShare with RedditShare with del.icio.usShare with FurlShare with Ma.gnolia.comShare with SphereShare with Stumble Upon
Stewart Baker heads the technology law practice at Steptoe & Johnson in Washington, D.C. From 1992 to 1994, he was general counsel of the National Security Agency. Eugene Volokh teaches constitutional law at UCLA School of Law and runs the Volokh Conspiracy Weblog.
Join the Fray: our reader discussion forum
What did you think of this article?
POST A MESSAGE | READ MESSAGES



Â


Reader Comments From The Fray:


A question for Mr Baker: Is there any difference (either in current procedures or in the legislation passed by the Senate the other day) in how the government may implement wiretaps and other monitoring of foreign nationals, as opposed to American citizens? If there isn't, shouldn't there be?

Citizenship by itself confers no special virtue, but the evidence I've seen suggests that the terrorists involved in last Tuesday's murders were all foreign nationals. Indeed, they were foreign nationals from a very small group of countries. Does it not make more sense to restrict greatly the civil liberties of a small number of guests in this country than it does to limit generally the liberties of everyone?

--Joseph Britt

(To reply, click here.)


 The biggest question is this: is the freedom for safety trade even a real one? Before we discuss the value of buying safety with freedom, shouldn't we at least have some assurance that we're getting what we pay for? But historically, I can't find many examples (Lincoln's suspension of habeas corpus is the only possible one I can think of, and it's a maybe) where these sorts of legislative changes have done any real good. Here are some examples of things that clearly haven't:

--Outlawing the teaching of German during World War I;
--The crackdown on Socialists during World War I;
--The Palmer Raids;
--Interning Japanese Americans in World War II;
--Airport Security, at least pre-9/11 (if it can't stop even one of four simultaneous hijackings, it pretty obviously wasn't doing much for us);
--The 1996 "Antiterrorism" bill: ditto;
--Widespread security cameras in Britain -- haven't caught a terrorist yet, but they're hell on traffic violators;
--France's ban on encryption--still bombings.

Now they want things like a national ID card. The idea is that--even though the federal government let these guys in despite their presence on watch lists, even though it issued some of them pilots' licenses, even though they got air tickets…that despite all this, the same government will be sufficiently vigilant not to issue a national ID to dangerous people. I don't believe it.

The truth is, no widely-dispersed security measure is much use against people with skills and bad intent. Security is spread thin, and nearly every case any particular person deals with will be a false alarm, pretty much guaranteeing complacency. It's too easy for attackers to attain "local superiority" in force or stealth and bypass widespread security. You just can't maintain impenetrable security everywhere, all the time...

It is an axiom of warfare that he who defends everything, defends nothing…You can try to protect the most important and vulnerable places, figuring that you'll stop some but not all attacks. For the rest, you have to go to the source--incidentally keeping the terrorists off balance and disrupting their planning, training, etc. By doing that you prevent far more calamities than even the most extensive security. And you do it without asking Americans to give up their freedom. And without making yourself look silly and scared (thus granting the terrorists one of their goals) by doing dumb, intrusive stuff like banning nail clippers.

--A.G.Android

(To reply, click here.)

 (9/17)

Washington Post
The Washington Post
OPINIONS
Assessing Sarah Palin
| Newt Gingrich, Grover Norquist, John Podesta and others weigh in.
Colbert King: She's No HillaryEditorial: Is She Ready for This?
PLUS » PostPartisan: Quick Takes from Opinions