« السابقةمتابعة »
Nonetheless, Blakey, like many other experts in this area, said he would "applaud any effort by Congress to take a look at the specific protections" available for computer communications. Several legislators already are. Kastenmeier's staff has been looking at the issue, and Sen. Walter D. Huddleston, D-Ky., a member of the Select Committee on Intelligence, has indicated he would support legislation to protect non-aural communications.
Whatever the state of the law, catching private wiretappers is not easy. No one has a good estimate of the amount of private wiretapping that is going on, said computer security expert Ware.
Although it is technically easy to intercept microwave transmissions, most would-be wiretappers are deterred from seeking to tap the phone company's network that way because of the high cost of sifting through the mass of messages flowing through the microwave links to find the ones they want. (That is not a problem if the wiretapper is looking for the messages of a single company, such as Citicorp, that are carried along a private network.) Usually private wiretappers seek to intercept messages by breaking into local phone lines near the subject, say security experts.
The Carter Administration, which was concerned about the Soviet Union's intercepting microwave transmissions with equipment in its offices in New York, San Francisco and Washington, undertook a series of steps to increase the security of government communications and pushed private companies to protect their communications through encryption, or encoding of the information. Only about 100 companies, mainly financial institutions worried about embezzlers sending phony messages to transfer funds, encrypt their data communications, said a government official.
Firms have resisted encryption because
56 NATIONAL JOURNAL 1/14/84
it costs more to send an encrypted message. Citicorp uses a simple encryption for its electronic mail and a much more sophisticated system for its electronic funds transfers, whose security is of far greater concern to the bank. Those trans
fers cost twice as much to send as the electronic mail messages.
To some extent, new telecommunications technology itself will offer greater protection against interception. More messages are being sent through packet switching technology, which breaks up a communication into separate pieces and routes each piece along whatever space is free on many different communications paths. The result is that a single message may travel on several different paths, and the bits of information following each other on any single path may be unrelated.
AT&T is changing its current system under which a phone conversation follows on the same communications path as the tones that indicate which phone number has been dialed. That system allows wiretappers to program their computers to look for a specific phone number and then begin recording. Under the new system, which is already in place in half of the interstate network, the tones will travel along a different path from the communication itself. Neither of these offer insurmountable problems to the most sophisticated wiretappers--such as the Soviet Union-but they do make the job harder, communications experts say.
Another area where privacy laws are fuzzy is the use of computer matching, a technique used by government investigators to find fraud. Matching takes many forms, but generally it entails the computer comparison of two lists to find anomolies that would indicate fraud.
In Massachusetts, for example, state welfare officials have compared recipient roles for welfare, medicaid, food stamps and other benefit programs against account records in the state's banks to find beneficiaries with more than the legal limit in assets. The Health and Human Services Department (HHS) has matched welfare rolls against lists of federal employees and compared the employee lists with the list of those who have defaulted on student loans. The department's Project Spectre compares medicaid and medicare death files to social
security payment records to uncover payments to people who have died.
In one case, during the final months of the Carter Administration, a regional HHS office in Sacramento analyzed its enforcement records to compile a portrait of what it called a "welfare queen" and then ran that profile against a list of county welfare recipients. Those who met the characteristics were singled out for further investigation, though because of staff limits, the office actually investi gated only a few of those identified.
Over all, an HHS official estimated, the federal government has undertaken 2,000-3,000 matches, many of which are repeated regularly.
Supporters say that matching is a costeffective and efficient way to uncover possible fraud in federal programs without creating an undue invasion of privacy "Of course we have to match," said former privacy commission chairman Linowes. "You have a need for law en forcement, for proper administration in government. You just can't say one thing is completely wrong in most cases.
Critics say that even if each individual use can be justified, the cumulative uses of computer matching can constitute a serious invasion of privacy Public opposi tion quickly grounded plans discussed by the Johnson Administration to create a national data bank that would have centralized all the data held on individuals by the government. Matching, said John H. Shattuck, national legislative director of the American Civil Liberties Union (ACLU), accomplishes the same end "through the back door"
Some critics say that matching under mines 4th Amendment protections, since the records of all individuals in a program are searched, not only those for whom program administrators have reason to suspect of a crime. Others, such as Sen William S. Cohen, R-Maine, worry that in the rush to find waste and fraud, the privacy implications of the growing use of matching are being overlooked
"As you look at each case, you can make a reasonable case for an exemption from our privacy law," Cohen said in an interview. "I'm trying to say we need to stand back and take a broader view.
was a funeral bond, which is permitted under the rules. Since then, the state has made procedural changes in the match program that have alleviated many of the concerns of advocates for benefit recipients. And the state estimates it has saved at least $5 million by finding 2,000 benefit recipients with assets over the legal limit
The law governing the use of federal records is the 1974 Privacy Act. The act generally prohibits the dissemination of government records outside of the agency that collected them. But because of a concession made to get the bill through, the law allows agencies to exchange records for "routine use." That is defined as a purpose "compatible" with the one for which the records were originally collected.
The routine use exemption has become the legal basis for matching. Matching critics say that the intent of the privacy law was to prevent records from being passed between government agencies on a regular basis. "I don't think there was anything more clearly thought about than that," said James M. Davidson, a former Senate aide who helped draft the law "That is what the Privacy Act is about." When the Carter Administration proposed its first match of federal employees against welfare rolls, the Civil Service Commission initially resisted on the ground that such use of employment records would violate the act.
But eventually, the commission backed down. And Shattuck said that whatever the intent of the Privacy Act's drafters, the language of the statute makes it virtually impossible to challenge a match in court. "I think any match that uses information that is not clearly in the public domain is a violation of the Privacy Act," he said. "Unfortunately, the act is written in such a way as to make that extremely difficult to prove in a court of law."
Christopher C. DeMuth, administrator of the Office of Management and Budget's (OMB) office of information and regulatory affairs, which is charged with ensuring federal compliance with the Privacy Act, agreed that the law does not offer clear guidance on what matches might be inappropriate. Congress, he said, "had to settle for a formulation that is sometimes attacked as too nebulous." But he said the fears about matching have proven unfounded. "The fears that these matches would be used as fishing expeditions have not come to pass," he said in an interview. "The matches have been quite narrow and related to highly plausible concerns about fraud and abuse."
With budget cuts forcing welfare program administrators to trim benefit rolls, few legislators have expressed much con
cern about the privacy implications of matching. The House Government Operations Committee recently criticized OMB for not monitoring agency compliance with the Privacy Act. Cohen held hearings in December 1982 on matching and is planning hearings on matches conducted by the Internal Revenue Service, including the use of mailing lists purchased from private firms to look for tax evaders and the growing use of IRS data for nontax purposes such as aiding in the collection of student loans. Recently, the National Senior Citizens Law Center won a case in the U.S. District Court for the District of Columbia stopping a proposed Social Security Administration program that would have required recipients of supplemental security income benefits to disclose their tax returns.
But over all, said Cohen, there is "not a whole lot of interest" in the subject among his colleagues. "The potential for abuse is there," he said, "although it does not seem imminent to most individuals.
That assessment does not surprise Robert Ellis Smith, who has been watching these issues for almost a decade as publisher of the Privacy Journal. "I think legislation often gets enacted by anecdote." he said. "And the anecdotes are often more compelling on the side of access."
For records held by the federal government, the Privacy Act establishes minimum standards that allow individuals to
see and correct their own records. But for the vast majority of records held by private firms, there are no laws. Congress has passed legislation placing some limits on the use of records held by banks, credit bureaus and educational institutions. And last year, as part of cable television legislation, the Senate voted to limit the use of information about subscribers without their consent. Similar provisions are contained in the House version of the bill, which has passed the House Energy and Commerce Subcommittee on Telecommunications, Consumer Protection and Finance. In full committee, it is likely that efforts will be made to revise those standards to reflect objections from the cable industry and advertisers who sell products on cable.
But generally, Congress has paid little attention to the central thrust of the privacy commission's study in the mid1970s. The commission argued that basic principles were needed to govern data collection and use of information about individuals held by institutions and to ensure that individuals could see and correct information about themselves. Since that report, only the legislation governing bank records, which is considered weak by many privacy experts, was enacted. Another major proposal dealing with medical records failed.
Like the issues of electronic mail and protection of computer transmissions, the use of privately held records has not yet attracted sustained political attention. "Our concepts involving information privacy haven't even begun to be addressed," said former privacy commission chairman Linowes. "We don't have a public policy on information protection and privacy."
Such a policy would not require limiting the advance of computer and communications technology, Linowes and other experts argue, but would establish principles of law. "The technology makes it easier both to collect and disseminate personal information without the person's knowledge," said Richard M. Neustadt, who worked on privacy issues as an associate director of the domestic policy staff in the Carter Administration and is now the senior vice president of Private Satellite Network Inc. "But that's nothing new. We've had personal records existing in file cabinets for a long, long time. All the computer does is put more records in and make it easier to get at.
"What we're seeing is old problems made more complicated, more real. But they are solvable. I think you can have your cake and eat it too, if we write some good rules about this stuff. Unfortunately, there doesn't seem to be much interest in doing that in Washington now,"
NATIONAL JOURNAL 1/14/84 57
THE CHRISTIAN SCIENCE MONITOR
MONDAY, APRIL 16, 1984
"US satellites are the best in the world," says a former military intelligence officer, arms waving with excitement as he discusses the subject. "Easily the best in the world."
They are also the cutting edge of a technology most Americans know little about: high-tech surveillance equipment. Over the last five years, microchips and miniaturization have led to tape machines that can record 40 conversations at once, tiny TV cameras that see in starlight, and "bugs" disguised as picture hooks.
One firm even predicts that cameraequipped computers will soon be able to recognize individual people.
These devices, for the most part, are intended for good use: catching crooks, plant protection, international intelligence-gathering. In many ways they make
our lives more secure.
Yet the very existence of these hightech eyes and ears compels our vigilance - just in case-say those who study privacy subjects.
"We have all the technology [Orwell] anticipated," notes Robert Smith, publisher of Privacy Journal, "and more.
In fact, an amazing array of surveil lance devices are available off the rack. like ready-to-wear suits. Others can be easily assembled from parts sold at many radio and drug stores.
The Dictaphone "Veritrac." sold mainly to law-enforcement agencies, is a refrigerator-size tape recorder capable of monitoring 40 phone calls at once. At the other end of the scale, CCS Communications of New York sells (in states where it's legal) a desktop humidor that contains a tiny, voice-activated recorder.
"There are microcassettes [recorders) advertised in the Wall Street Journal that are vastly better than anything the gov ernment had five years ago," claims an electrical engineer who has worked with intelligence agencies. "They fit right in your palm. They don't even stick out beyond your fingers."
Video cameras the size of a deck of cards will be available this spring from RCA Corporation. In place of bulky im age tubes, these tiny eyes use slices of photosensitive silicon. Cameras currently on the market can already "see" by starlight and transmit pictures by microwave.
Motion sensors that use infrared or ultrasonic waves, once limited to space shots and expensive weapons, have become standard items in the catalogs of such security firms as ADT and Racal They are used in spots where normal cam eras are useless: The National Park Ser vice, for instance, has used infrared sensors in the recent past to count hikers in heavy forest foliage.
Advanced technology has rendered the "bug" planted by the Watergate bur glars as obsolete as a phone made from tin cans and string. Mix together the microphone from a hearing aid, a pared-down
watch battery, and a few odds and ends, and you can today produce an illegal lis tening device the size of a picture hook.
"They only work a few hours or days, but you can't even recognize them as bugs," says Harry Augenblick, head of Microlab/FXR, a company that makes bug detection devices.
Furthermore, surveillance gadgets to day are often linked together in security systems, then turbocharged with add-on electronics. This extra power gives the systems a smattering of "intelligence." RCA's digital motion detector, for in stance, enables cameras to distinguish between a guard on routine rounds and someone entering a restricted area.
Advances in computer technology will eventually make security systems even more discerning.
"Now there are special computers be ing designed that will be able to recognize people," says Harold Krall, an RCA vicepresident of the closed circuit video equip ment division. "This whole industry is in tremendous ferment."
Of course, equipment sold at the corner security store is crude and bulky compared with the high-tech eyes and ears used by the United States government. "Q." the disheveled gadgeteer who makes James Bond's espionage knicknacks, has little imagination compared with the scientists who work for the Pentagon.
US intelligence agencies, for instance, have in the past trained pigeons to deposit bugs on windowsills, according to con gressional documents. They have experimented with microwave lie detectors that measure stomach flutters from half a mile away. Eavesdropping lasers, which work by "listening" to windowpane vibrations, are reportedly standard Central Intelligence Agency (CIA) fare.
But the Mercedes of surveillance devices is undoubtedly the US spy satellite. The most advanced US skyborne eye, the KH-11, orbits the earth at an altitude of 160 to 180 miles, snapping away with both enhanced-color and infrared cameras, according to intelligence and scientific sources. Photos are either beamed straight back to earth or dropped overboard in parachute capsules.
Its multicamera capability allows the Keyhole to see in the dark and strip away camouflage. The satellite can focus on objects as small as a Toyota - but it can't yet pick out lettering on crates, or tell Cuban advisers from Nicaraguans.
"A lot of the stuff you hear (about the KH-11), reading license plates and things
like that, is exaggerated," says one knowledgeable source.
Other surreptitious US satellites include the KH-9, which scuds along in a low orbit for clearer pictures, and the Rhyolite, which eavesdrops on radio transmissions from its parking spot 22,000 miles above the Earth.
The purpose of all this electronic gear is to spy on foreign nations, so the US can know better what's going on in the world. There is evidence, however, that these satellites have in the past turned and focused on Americans.
A CIA memo of May 8, 1973, written by then-Deputy Director Edward Proctor, implies that the US government spied on domestic demonstrations from space. The memo, obtained by the Center for National Security Studies and read by this reporter, says that the agency's satellite photo arm "has examined domestic coverage for special purposes such as natural catastrophes and civil disturbances." In addition, Dow Chemical in 1980 accused the US of using satellite photos to monitor pollution from factories.
This sort of evidence leads to the larger issue of control of surveillance technologies. Should we worry about the advent of 40-track tape recorders and fist-size TV cameras? Once computers have been trained to recognize people, will they someday be programmed to search for us?
The advent of computerized informa tion networks- automatic teller systems, electronic mail- makes this question of control of technology more urgent.
"Technology can create new opportunities for privacy invasion, manipulation, and control," concludes an Academy of Political Science privacy paper, "but it does not by itself create the structure of power that commits those abuses."
Notes Anthony Oettinger, head of the Harvard Center for Information Policy Research: "The problem with the metaphor of Big Brother is that it suggests some kind of outrageous dictatorial power (is out there]. Reality is much more subtle than that."
First of six articles. Next: electronic eavesdropping.
aff writer of The Christian Science Monitor
Who's snooping and how?
Washington Pretending to be a Soviet eavesdropper, I peer into the urple mists of northern Virginia, searching for the entagon.
I am standing on the roof of an apartment on upper Visconsin Avenue, one of the highest spots in Washing n. Next door, the spindly legged frame of the new Soiet embassy is just emerging from morning shadows. From this vantage point, two things about the half-finshed embassy quickly become apparent: 1. The Soviets ill have a great view. 2. Their antennas will pick up more than HBO and "This Week with David Brinkley." To the south, next to the gray ribbon of I-395, the Penagon is clearly visible. To the east is American Telehone & Telegraph's (AT&T) Arlington switching staion, which sends an electronic beam of phone calls hooting right over the Soviet site. A few blocks north re the towers of the Naval Security Station and Western Jnion's Tenleytown microwave relay.
The prospect of foreign aerials in the midst of this lectronic interchange illustrates a diemma of modern telecommunications. Whiz-bang technology makes the United States system the best in the world, say elecommunication experts but that same technology makes it relatively easy o intercept messages.
The USSR, from trawlers, trucks, and rooftops, has been listening in on our phone calls for years, say US officials with access to intelligence information.
The National Security Agency, the US government's secretive electronic intelligence arm, scans an unknown amount of US messages headed overseas, according to court records and civil liberties advocates.
APRIL 17, 1984
Wireless phones are vulnerable, too. If you have a cheap model, neighbors may be able to hear parts of your conversation on AM radio. Last December, police in Woonsocket, R.I., used this eavesdrop technique to snare a 19-member drug ring.
All this doesn't mean there are lots of little guys out there listening to your calls. For the most part, only na tions indulge in extensive electronic eavesdropping.
The Soviet Union is the most notorious example. Their buildings - from the old Embassy on 16th Street here, to the United Nations Mission on 67th Street in New York, to the West Coast consulate on top of a San Francisco hill are topped with forests of antennas. From these rooftops and elsewhere, the USSR has been listening in on US phone calls for at least a decade, say government and academic sources.
They are probably after more than military secrets. "Department of Defense [communications) will be encrypted," says an official who worked on the issue for the Carter administration. "The problem is that sensitive private-sector information is vulnerable."
Conversations pulled from the sky have likely helped the Soviets in grain-contract negotiations, for instance, says this source. Their Glen Cove, N.Y., weekend lodge is well-positioned to listen in on Long Island's defense industries. The San Francisco consulate is thought to hide equipment trained on Silicon Valley.
Defensive measures have been taken since the eavesdropping was first discov ered. US government communications have been rerouted underground; impor tant defense contractors have been outfit. ted with government scramblers. AT&T now beams most microwaves in a way that is much more difficult to unravel, says Willis Ware, a Rand Corporation communications expert.
But the USSR, at the same time, has been updating its interception gadgets. Overall, "the situation is more or less the same," claims a congressional aide with access to intelli gence information.
Other nations probably have electronic eavesdropping equipment in the US, though not on the same scale as the Russians. The US itself, however, has high-tech ears that put the Soviets to shame.
The National Security Agency (NSA), the US elec tronic intelligence arm, has six times the number of em ployees of the Central Intelligence Agency (CIA), according to congressional estimates, and has giant antennas from suburban Washington to Pine Gap. Australia.
Most of these ears are trained on other nations, straining to pick up chatter between Soviet pilots or data from Chinese missiles. But some are turned inward to monitor US phone calls and telegrams headed for other nations.
NSA dishes in Sugar Grove, W.Va., can eavesdrop on a nearby COMSAT post that handles half of all US inter national satellite communications, says James Bamford in his book "Puzzle Palace." NSA installations in Maine, Washington State, and California have similar purposes, he claims.
The NSA sweeps up vast numbers of messages headed overseas from the US, according to records from a 1982 court case on use of the agency's intelligence. High-speed computers then rifle through this raw data at