private wiretappers to use those definitions to slip through a blind spot in the law and escape punishment. Wiretappers would face liability under either the wire fraud statute or the Communications Act, he said.

Nonetheless, Blakey, like many other experts in this area, said he would "applaud any effort by Congress to take a look at the specific protections" available for computer communications. Several legislators already are. Kastenmeier's staff has been looking at the issue, and Sen. Walter D. Huddleston, D-Ky, a member of the Select Committee on Intelligence, has indicated he would support legislation to protect non-aural communications.

Whatever the state of the law, catching private wiretappers is not easy. No one has a good estimate of the amount of private wiretapping that is going on, said computer security expert Ware.

Although it is technically easy to intercept microwave transmissions, most would-be wiretappers are deterred from seeking to tap the phone company's network that way because of the high cost of sifting through the mass of messages flowing through the microwave links to find the ones they want. (That is not a problem if the wiretapper is looking for the messages of a single company, such as Citicorp, that are carried along a private network.) Usually private wiretappers seek to intercept messages by breaking into local phone lines near the subject, say security experts.

The Carter Administration, which was concerned about the Soviet Union's intercepting microwave transmissions with equipment in its offices in New York, San Francisco and Washington, undertook a series of steps to increase the security of government communications and pushed private companies to protect their communications through encryption, or encoding of the information. Only about 100 companies, mainly financial institutions worried about embezzlers sending phony messages to transfer funds, encrypt their data communications, said a government official.

Firms have resisted encryption because

56 NATIONAL JOURNAL 1/14/84

fers cost twice as much to send as the electronic mail messages.

To some extent, new telecommunications technology itself will offer greater protection against interception. More messages are being sent through packet switching technology, which breaks up a communication into separate pieces and routes each piece along whatever space is free on many different communications paths. The result is that a single message may travel on several different paths, and the bits of information following each other on any single path may be unrelated.

AT&T is changing its current system under which a phone conversation follows on the same communications path as the tones that indicate which phone number has been dialed. That system allows wiretappers to program their computers to look for a specific phone number and then begin recording. Under the new system, which is already in place in half of the interstate network, the tones will travel along a different path from the communication itself. Neither of these offer insurmountable problems to the most sophisticated wiretappers--such as the Soviet Union-but they do make the job harder, communications experts say. COMPUTER MATCHING

Another area where privacy laws are fuzzy is the use of computer matching, a technique used by government investiga tors to find fraud. Matching takes many forms, but generally it entails the computer comparison of two lists to find anomolies that would indicate fraud.

In Massachusetts, for example, state welfare officials have compared recipient roles for welfare, medicaid, food stamps and other benefit programs against account records in the state's banks to find beneficiaries with more than the legal limit in assets. The Health and Human Services Department (HHS) has matched welfare rolls against lists of federal employees and compared the employee lists with the list of those who have defaulted on student loans. The depart ment's Project Spectre compares medicaid and medicare death files to social

security payment records to uncover payments to people who have died

In one case, during the final months of the Carter Administration, a regional HHS office in Sacramento analyzed its enforcement records to compile a portrait of what it called a "welfare queen" and then ran that profile against a list of county welfare recipients. Those who met the characteristics were singled out far further investigation, though because af staff limits, the office actually investi gated only a few of those identified

Over all, an HHS official estimated, the federal government has undertakes 2,000-3,000 matches, many of which are repeated regularly

Supporters say that matching is a costeffective and efficient way to uncover possible fraud in federal programs without creating an undue invasion of privac "Of course we have to match," said for mer privacy commission chairman Linowes "You have a need for law <7 forcement, for proper administration government You just can't say one thing is completely wrong in most cases"

Critics say that even if each individu s. use can be justified, the cumulative uses of computer matching can constitute a serious invasion of privacy. Public oppose tion quickly grounded plans discussed by the Johnson Administration to create a national data bank that would have centralized all the data held on individuais by the government Matching, said John H. Shattuck, national legislative director of the American Civil Liberties. Leon (ACLU), accomplishes the same end "through the back door”

Some critics say that matching undermines 4th Amendment protections, since the records of all individuals in a program are searched, not only those for whom program administrators have reason to suspect of a crime. Others, such as Sen William S. Cohen, R-Maine, worry that in the rush to find waste and fraud the privacy implications of the growing use of matching are being overlooked

"As you look at each case, you can make a reasonable case for an exemption from our privacy law," Cohen said in ar interview. "I'm trying to say we need to stand back and take a broader view ...There is another pressure (bes. des looking for fraud), more constitutiona more indigenous to our society, which a not being felt at this time the need to protect privacy in our technological socie ety."

The Massachusetts case demonstrates both the advantages and hazards of matching. In one instance, the state ter minated the medicaid benefits of an elderly woman in a nursing home because she possessed assets over the limit. But i was later revealed that her major hold ng

was a funeral bond, which is permitted under the rules. Since then, the state has made procedural changes in the match program that have alleviated many of the concerns of advocates for benefit recipients. And the state estimates it has saved at least $5 million by finding 2,000 benefit recipients with assets over the legal

limit

The law governing the use of federal records is the 1974 Privacy Act. The act generally prohibits the dissemination of government records outside of the agency that collected them. But because of a concession made to get the bill through, the law allows agencies to exchange records for "routine use." That is defined as a purpose "compatible" with the one for which the records were originally collected.

The routine use exemption has become the legal basis for matching. Matching critics say that the intent of the privacy law was to prevent records from being passed between government agencies on a regular basis. "I don't think there was anything more clearly thought about than that," said James M. Davidson, a former Senate aide who helped draft the law. "That is what the Privacy Act is about." When the Carter Administration proposed its first match of federal employees against welfare rolls, the Civil Service Commission initially resisted on the ground that such use of employment records would violate the act.

But eventually, the commission backed down. And Shattuck said that whatever the intent of the Privacy Act's drafters, the language of the statute makes it virtually impossible to challenge a match in court. "I think any match that uses information that is not clearly in the public domain is a violation of the Privacy Act," he said. "Unfortunately, the act is written in such a way as to make that extremely difficult to prove in a court of law."

Christopher C. DeMuth, administrator of the Office of Management and Budget's (OMB) office of information and regulatory affairs, which is charged with ensuring federal compliance with the Privacy Act, agreed that the law does not offer clear guidance on what matches might be inappropriate. Congress, he said, "had to settle for a formulation that is sometimes attacked as too nebulous." But he said the fears about matching have proven unfounded. "The fears that these matches would be used as fishing expeditions have not come to pass," he said in an interview. "The matches have been quite narrow and related to highly plausible concerns about fraud and abuse."

With budget cuts forcing welfare program administrators to trim benefit rolls, few legislators have expressed much con

Sen. William S. Cohen says there is a "need to protect privacy in our technological society."

cern about the privacy implications of matching. The House Government Operations Committee recently criticized OMB for not monitoring agency compliance with the Privacy Act. Cohen held hearings in December 1982 on matching and is planning hearings on matches conducted by the Internal Revenue Service, including the use of mailing lists purchased from private firms to look for tax evaders and the growing use of IRS data for nontax purposes such as aiding in the collection of student loans. Recently, the National Senior Citizens Law Center won a case in the U.S. District Court for the District of Columbia stopping a proposed Social Security Administration program that would have required recipients of supplemental security income benefits to disclose their tax returns.

But over all, said Cohen, there is "not a whole lot of interest" in the subject among his colleagues. "The potential for abuse is there," he said, "although it does not seem imminent to most individuals."

That assessment does not surprise Robert Ellis Smith, who has been watching these issues for almost a decade as publisher of the Privacy Journal. "I think legislation often gets enacted by anecdote." he said. "And the anecdotes are often more compelling on the side of access."

CONTROLLING RECORDS

For records held by the federal government, the Privacy Act establishes minimum standards that allow individuals to

see and correct their own records. But for the vast majority of records held by private firms, there are no laws. Congress has passed legislation placing some limits on the use of records held by banks, credit bureaus and educational institutions. And last year, as part of cable television legislation, the Senate voted to limit the use of information about subscribers without their consent. Similar provisions are contained in the House version of the bill, which has passed the House Energy and Commerce Subcommittee on Telecommunications, Consumer Protection and Finance. In full committee, it is likely that efforts will be made to revise those standards to reflect objections from the cable industry and advertisers who sell products on cable.

But generally, Congress has paid little attention to the central thrust of the privacy commission's study in the mid1970s. The commission argued that basic principles were needed to govern data collection and use of information about individuals held by institutions and to ensure that individuals could see and correct information about themselves. Since that report, only the legislation governing bank records, which is considered weak by many privacy experts, was enacted. Another major proposal dealing with medical records failed.

Like the issues of electronic mail and protection of computer transmissions, the use of privately held records has not yet attracted sustained political attention. "Our concepts involving information privacy haven't even begun to be addressed," said former privacy commission chairman Linowes. "We don't have a public policy on information protection and privacy."

Such a policy would not require limiting the advance of computer and communications technology, Linowes and other experts argue, but would establish principles of law. "The technology makes it easier both to collect and disseminate personal information without the person's knowledge," said Richard M. Neustadt, who worked on privacy issues as an associate director of the domestic policy staff in the Carter Administration and is now the senior vice president of Private Satellite Network Inc. "But that's nothing new. We've had personal records existing in file cabinets for a long, long time. All the computer does is put more records in and make it easier to get at.

"What we're seeing is old problems made more complicated, more real. But they are solvable. I think you can have your cake and eat it too, if we write some good rules about this stuff. Unfortunately, there doesn't seem to be much interest in doing that in Washington

now,

NATIONAL JOURNAL 1/14/84 57

THE CHRISTIAN SCIENCE MONITOR

MONDAY, APRIL 16, 1984

"US satellites are the best in the world," says a former military intelligence officer, arms waving with excitement as he discusses the subject. "Easily the best in the world."

They are also the cutting edge of a technology most Americans know little about: high-tech surveillance equipment. Over the last five years, microchips and miniaturization have led to tape machines that can record 40 conversations at once, tiny TV cameras that see in starlight, and "bugs" disguised as picture hooks.

One firm even predicts that cameraequipped computers will soon be able to recognize individual people.

These devices, for the most part, are intended for good use: catching crooks, plant protection, international intelligence gathering. In many ways they make

our lives more secure.

Yet the very existence of these hightech eyes and ears compels our vigilance - just in case-say those who study privacy subjects.

"We have all the technology [Orwell] anticipated," notes Robert Smith, publisher of Privacy Journal, "and more."

In fact, an amazing array of surveil lance devices are available off the rack, like ready-to-wear suits. Others can be easily assembled from parts sold at many radio and drug stores.

The Dictaphone "Veritrac." sold mainly to law-enforcement agencies, is a refrigerator-size tape recorder capable of monitoring 40 phone calls at once. At the other end of the scale, CCS Communica tions of New York sells (in states where it's legal) a desktop humidor that contains a tiny, voice-activated recorder.

"There are microcassettes (recorders) advertised in the Wall Street Journal that are vastly better than anything the gov ernment had five years ago," claims an electrical engineer who has worked with intelligence agencies. "They fit right in your palm. They don't even stick out beyond your fingers."

Video cameras the size of a deck of cards will be available this spring from RCA Corporation. In place of bulky image tubes, these tiny eyes use slices of photosensitive silicon. Cameras currently on the market can already "see" by starlight and transmit pictures by microwave.

Motion sensors that use infrared or ultrasonic waves, once limited to space shots and expensive weapons, have be come standard items in the catalogs of such security firms as ADT and Racal They are used in spots where normal cam eras are useless The National Park Service, for instance, has used infrared sen sors in the recent past to count hikers in heavy forest foliage.

Advanced technology has rendered the "bug" planted by the Watergate bur glars as obsolete as a phone made from tin cans and string. Mix together the microphone from a hearing aid, a pared-down

tch battery, and a few odds and ends, d you can today produce an illegal lis. ming device the size of a picture hook. "They only work a few hours or days, t you can't even recognize them as gs," says Harry Augenblick, head of crolab/FXR, a company that makes g detection devices.

Furthermore, surveillance gadgets to day are often linked together in security systems, then turbocharged with add-on electronics. This extra power gives the systems a smattering of "intelligence." RCA's digital motion detector, for instance, enables cameras to distinguish between a guard on routine rounds and someone entering a restricted area.

Advances in computer technology will eventually make security systems even more discerning.

"Now there are special computers being designed that will be able to recognize people," says Harold Krall, an RCA vicepresident of the closed circuit video equip ment division. "This whole industry is in tremendous ferment."

Of course, equipment sold at the corner security store is crude and bulky compared with the high-tech eyes and ears used by the United States government. "Q." the disheveled gadgeteer who makes James Bond's espionage knicknacks, has little imagination compared with the scientists who work for the Pentagon.

US intelligence agencies, for instance, have in the past trained pigeons to deposit bugs on windowsills, according to congressional documents. They have experimented with microwave lie detectors that measure stomach flutters from half a mile away. Eavesdropping lasers, which work by "listening" to windowpane vibrations, are reportedly standard Central Intelligence Agency (CIA) fare.

But the Mercedes of surveillance devices is undoubtedly the US spy satellite. The most advanced US skyborne eye, the KH-11, orbits the earth at an altitude of 160 to 180 miles, snapping away with both enhanced-color and infrared cameras, according to intelligence and scientific sources. Photos are either beamed straight back to earth or dropped overboard in parachute capsules.

Its multicamera capability allows the Keyhole to see in the dark and strip away camouflage. The satellite can focus on objects as small as a Toyota - but it can't yet pick out lettering on crates, or tell Cuban advisers from Nicaraguans.

"A lot of the stuff you hear (about the KH-11], reading license plates and things

like that, is exaggerated," says one knowledgeable source.

Other surreptitious US satellites include the KH-9, which scuds along in a low orbit for clearer pictures, and the Rhyolite, which eavesdrops on radio transmissions from its parking spot 22,000 miles above the Earth.

The purpose of all this electronic gear is to spy on foreign nations, so the US can know better what's going on in the world. There is evidence, however, that these satellites have in the past turned and focused on Americans.

A CIA memo of May 8, 1973, written by then-Deputy Director Edward Proctor. implies that the US government spied on domestic demonstrations from space. The memo, obtained by the Center for National Security Studies and read by this reporter, says that the agency's satellite photo arm "has examined domestic cov erage for special purposes such as natural catastrophes and civil disturbances."

In addition, Dow Chemical in 1980 accused the US of using satellite photos to monitor pollution from factories.

This sort of evidence leads to the larger issue of control of surveillance technologies. Should we worry about the advent of 40-track tape recorders and fist-size TV cameras? Once computers have been trained to recognize people, will they someday be programmed to search for us?

The advent of computerized information networks - automatic teller systems, electronic mail - makes this question of control of technology more urgent.

"Technology can create new opportu nities for privacy invasion, manipulation, and control, concludes an Academy of Political Science privacy paper, "but it does not by itself create the structure of power that commits those abuses."

Notes Anthony Oettinger, head of the Harvard Center for Information Policy Research: "The problem with the metaphor of Big Brother is that it suggests some kind of outrageous dictatorial power [is out there]. Reality is much more subtle than that."

First of six articles. Next: electronic eavesdropping.