Federal law officers weigh online privacy issues

By Liza Porteus

January 12, 2001

Law enforcement experts and industry representatives Thursday said balancing enforcement and privacy interests in the cyber world is becoming increasingly difficult, especially given the recent heated debates over surveillance systems such as Carnivore and pending international treaties that could set the standard of how cyber crimes are treated abroad.

The FBI's e-mail surveillance program, Carnivore, came under heavy debate last summer as privacy watchdog groups and lawmakers attacked the system as a threat to consumer privacy. Attorney General Janet Reno called for an independent review of the system--which concluded that, although flawed, Carnivore does a decent job of surgically extracting specific packets of information from computer networks. But law enforcement officials still maintain that arguments based on the idea of "rogue" agents spying on personal information are off base.

"You have to, at some point, trust the good faith of public servants to do what is lawfully required of them," Larry Parkinson, FBI general counsel, told a DC Bar Association luncheon. "We're at a very critical point in law enforcement. ... I don't think we can shrink from the need to address these problems ... and Carnivore is a good example of us trying to do that."

But Electronic Privacy Information Center General Counsel David Sobel maintained that Internet service providers should search for necessary data--not the government. He also said the Carnivore debate will continue into the Bush administration, especially if Bush's nominee for attorney general--former Sen. John Ashcroft, R-Mo.--is approved for the position. Ashcroft has been vocal in his "outrage" that government agencies are using such surveillance systems.

"I think it will be very interesting to see what the outlook for this technology may be with the new administration," Sobel said.

Law enforcement officials also face a complication in the international arena. The Council of Europe has yet to approve a draft of an international cyber crime treaty that would outline how countries should address cyber crimes outside their borders. Stewart Baker, former general counsel at the National Security Agency, summarized the draft as "U.S. law written in the form of a treaty," which makes it a crime to hack into one's computer without the authority of the owner. But, he said, the question lies in what constitutes a user's authorization--which countries could interpret differently.

"The only reason these laws work in the United States is [that] federal prosecutors are not crazy," Baker said.

John Ryan, vice president and associate general counsel for America Online, said the treaty should be finalized by the end of summer, but he added that it "opens the door to a Pandora's box of other content-related issues." Specifically, he referred to a recent French court decision to hold Yahoo liable for Nazi-related memorabilia posted on its Web site. The issue, he said, is whether, under the proposed treaty, an ISP based in one country would have to adhere to content laws in another.

"Once you open the door to content regulation, you are going down a very slippery road," Ryan said.

By Liza Porteus

January 12, 2001