Information and communication technologies (ICTs), as the name suggests, enhance our capacity to access and communicate information. How does this affect security? 'Security' means protecting against threats such as terrorism as well as enforcing laws. A government's security powers are often limited by competing interests such as civil liberties. This tension and balancing becomes a security-liberty debate. ICTs change the playing field, creating new challenges for policing, counter-terrorism, and civil liberties.
Simply put, knowledge is power. Both state actors and terrorists gather intelligence which will help further their goals. Terrorists can use technological tools such as mobile phones and href="http://www.nytimes.com/2008/12/09/world/asia/09mumbai.html">Google Earth
to reconnoiter targets. Agencies such as the NSA monitor ICTs to locate and identify potential terrorists. Civilians use Twitter to rapidly communicate relevant information during crises.
Each example poses security
questions:
- How should government treat these new technologies?
- What is the role of ICT providers in all this?
- Is it appropriate or effective to mine ICT traffic to find possible terrorists?
- What can or should we do about terrorist use of technology?
ICTs are shrinking the globe. They increasingly transcend spatial and temporal boundaries, making communication and information exchange more efficient. Yet historically, the scope of state jurisdiction and enforcement has been tied to spatial concepts: 'national borders,' 'privacy of the home' and 'sovereign territory.' Joel Reidenberg argues
that state jurisdiction and enforcement can and should be exercised online
through various means. Enterprising criminals should not be able to href="http://en.wikipedia.org/wiki/Katz_v._United_States">use ICTs to href="http://www.oag.state.ny.us/media_center/2003/feb/feb11b_03.html">escape
state jurisdiction. States have both technological and policy tools to combat criminal use of ICTs. However, it is difficult to effectively implement enforcement tools in an ICT context. Doing so frequently yields unintended consequences.
Filters are often overbroad, restricting legitimate access.
Demands that providers such as eBay or Yahoo prevent access to content (Nazi
memorabilia, e.g.) where prohibited by law are difficult to enforce just for that locality. This frequently results in blanket action by providers which prevents href="http://www.internetnews.com/ec-news/article.php/758221">all users
(not just the affected locality) from accessing such content. Using intermediaries such as internet and search providers for enforcement is problematic in more ways than one. The third party doctrine reduces privacy and Fourth Amendment protections for data relinquished to a third party. In an era when so much of our lives are online, Google and our ISPs probably know more about us than we do. href="http://en.wikipedia.org/wiki/Cloud_computing">Cloud computing will
only exacerbate this trend.
How do you identify potential terrorists before they strike? 'Data mining' is a frequent answer. Daniel Solove defines data mining as "creating profiles by collecting and combining personal data, and analyzing it for particular patterns of behavior deemed to be suspicious. Solove argues that the security-liberty debate is not always a zero-sum game. Currently, though, while data mining has
potential, it is difficult to assess its effectiveness, excessiveness, or exercise meaningful oversight. This tilts the balance against many liberty and privacy concerns. Data mining may implicate interests such as equal protection, due process, or free speech and association (via a ‘chilling effect’). One of the idiosyncrasies of ICT development is that newer technologies such as e-mail are often less constitutionally-protected than older ones such as postal mail. ICTs not only make it easier to speak, but easier to listen in.
After the Mumbai terror attacks, cities such as New York, London, and Washington D.C. considered disrupting ICT services in the event of a terrorist attack. If terrorists plan to use ICTs as tools, why not take their tools away? The problem is essentially utilitarian. The larger number and greater resources of non-terrorists versus terrorists generally suggests that it is better not to disrupt ICTs during a terrorist attack. That is, non-terrorists derive greater utility from ICTs than do terrorists. Terrorists already have the advantage of planning. During an emergency, ICTs allow the public to communicate with each other and authorities. This accelerate the flow of information, allowing for a quicker and more informed response. Finally, although ICTs pose novel challenges, let's not lose our sense of perspective.