26 September 2009
I've often written about the risks of unbridled wiretap or "data tap" technology, whether it is escrowed key cryptography or back doors in phone switches. Now, though, there is an arrest in what appears to be a very serious attempted terrorism incident, and the investigation was aided by computer searches. Was I naive? Or is the subject — and my views — far more complex and nuanced than yes or no? I submit that the latter is the case. (Note: we do not know all of the facts in this case yet. The NY Times article notes that frequently, "senior government officials have announced dozens of terrorism cases that on closer examination seemed to diminish as legitimate threats". The facts as recited by the government, and for that matter as seen on store surveillance videos are pretty damning — but again, we've only heard one side of the story.)
Wiretaps are inherently intrusive. This is recognized by Federal law, which must "be conducted in such a way as to minimize the interception of communications not otherwise subject to interception". Taps are only authorized for certain serious crimes (though the list has been expanding over the years). Other methods of investigation must be found to be infeasible or too dangerous. But what are the rules for computer searches?
Computer searches have the potential to be far more intrusive. Indeed, a recent decision by the United States Court of Appeals for the Ninth Circuit imposed strict rules on how such searches can be conducted. But we know nothing of the criteria being used today.
We do not know if remote search techniques were used. The government's detention memo speaks of a "lawfully-authorized search" of Zazi's laptop, apparently after his car was towed for a parking violation. But the memo also notes that "Zazi transferred the bomb-making instruction notes onto his laptop and/or accessed the notes on his laptop in June and July 2009". Learning when a file was created or last modified is relatively straight-forward. Many computer systems will record when a file was last read, but any subsequent reads of the file will overwrite that date. To assert that a file was "accessed" in June or July solely from a search in September seems implausible, unless the file was never read in the interim. Did Zazi memorize the 9 pages of instructions? Print them out? Copy them to another file? All of these are possible; none seem especially likely to me.
Questions like this will no doubt be resolved at trial; the legal and technial issues, though, are far broader than any one case. Technical surveillance measures carry their own risks: the entry pointed used by law enforcement can be abused by others. Even if Zazi were planning to bomb transportation facilities (and I commute to campus by commuter rail and subway, so I take this very personally), the preconditions for remote search to work may be worse. Imagine if hackers affiliated with a nation-state or terrorist group successfully attacked the power grid during a Chicago winter. The CIA claims that extortionists have already done things like this in other countries.
It is certainly possible that some of the actual techniques used for remote search would be endangered if the details were revealed. That said, there are questions that can and should be asked — and answered — in public, for the sake of the Constitution and public safety.
- Is remote search a technique that is lawfully used by the FBI and other law enforcement agencies? (We do know that the FBI has a "computer and Internet Protocol address verifier" (CIPAV), which apparently is an executable that they can introduce onto a suspect's computer.)
- What are the legal and procedural criteria for such warrants? How do they compare to the restrictions on wiretaps?
- How often are such searches done?
- What are the risks if the next Robert Hanssen were to disclose the necessary techniques, tools, or passwords to, say, Al Qaeda? (If it seems improbable that an FBI agent would betray secrets to Al Qaeda, remember that Hanssen was a devout Catholic who nevertheless aided a country that was avowedly atheist.)