September 2009
Skype's EULA (12 September 2009
Update to Skype's EULA (15 September 2009
A Good Mailer for Mac OS? (21 September 2009
The Problem of Computerized Search (26 September 2009

The Problem of Computerized Search

26 September 2009

I've often written about the risks of unbridled wiretap or "data tap" technology, whether it is escrowed key cryptography or back doors in phone switches. Now, though, there is an arrest in what appears to be a very serious attempted terrorism incident, and the investigation was aided by computer searches. Was I naive? Or is the subject — and my views — far more complex and nuanced than yes or no? I submit that the latter is the case. (Note: we do not know all of the facts in this case yet. The NY Times article notes that frequently, "senior government officials have announced dozens of terrorism cases that on closer examination seemed to diminish as legitimate threats". The facts as recited by the government, and for that matter as seen on store surveillance videos are pretty damning — but again, we've only heard one side of the story.)

Wiretaps are inherently intrusive. This is recognized by Federal law, which must "be conducted in such a way as to minimize the interception of communications not otherwise subject to interception". Taps are only authorized for certain serious crimes (though the list has been expanding over the years). Other methods of investigation must be found to be infeasible or too dangerous. But what are the rules for computer searches?

Computer searches have the potential to be far more intrusive. Indeed, a recent decision by the United States Court of Appeals for the Ninth Circuit imposed strict rules on how such searches can be conducted. But we know nothing of the criteria being used today.

We do not know if remote search techniques were used. The government's detention memo speaks of a "lawfully-authorized search" of Zazi's laptop, apparently after his car was towed for a parking violation. But the memo also notes that "Zazi transferred the bomb-making instruction notes onto his laptop and/or accessed the notes on his laptop in June and July 2009". Learning when a file was created or last modified is relatively straight-forward. Many computer systems will record when a file was last read, but any subsequent reads of the file will overwrite that date. To assert that a file was "accessed" in June or July solely from a search in September seems implausible, unless the file was never read in the interim. Did Zazi memorize the 9 pages of instructions? Print them out? Copy them to another file? All of these are possible; none seem especially likely to me.

Questions like this will no doubt be resolved at trial; the legal and technial issues, though, are far broader than any one case. Technical surveillance measures carry their own risks: the entry pointed used by law enforcement can be abused by others. Even if Zazi were planning to bomb transportation facilities (and I commute to campus by commuter rail and subway, so I take this very personally), the preconditions for remote search to work may be worse. Imagine if hackers affiliated with a nation-state or terrorist group successfully attacked the power grid during a Chicago winter. The CIA claims that extortionists have already done things like this in other countries.

It is certainly possible that some of the actual techniques used for remote search would be endangered if the details were revealed. That said, there are questions that can and should be asked — and answered — in public, for the sake of the Constitution and public safety.

These issues can certainly be discussed without endangering national security. Most criminals and terrorists have not stopped using phones because wiretaps exist; the Attorney-General is legally required to file reports on the subject. (If they do stop using the Internet, that's a benefit, too; the Internet is a productivity enhancer for everyone, good and bad.) There is no reason to suppress such issues because computers are involved, and the Constitution applies to everyone.