In July 1999, a front page story in The New York Times lifted the lid on a federal plan to allow government agents to monitor email communications and other information moving across private networks. The purpose of the plan, officials said, was to alert law enforcement agents to possible network attacks that might cripple government operations or the nation's economy.
Privacy advocates, such as those who had sent a draft of the plan to The New York Times, warned that the proposed system, which was to be called the Federal Intrusion Detection Network, or Fidnet, could be a first step toward a powerful government surveillance system that could easily undermine civil liberties. Others agreed, and within three weeks Congress deleted the $2 million in startup money that the White House had requested for the $1.5 billion project. In the end, Fidnet was not a victim of left-wing privacy freaks but of a broad coalition of popular forces, including an effort led by Dick Armey of Texas, a Republican representative and House majority leader.
Armey's point man on the issue was aide Richard Diamond, who, two days after The New York Times story appeared, helped Armey draft a letter to Attorney General Janet Reno demanding answers. Armey wanted to know the extent to which the government planned to monitor private computer networks; he wanted to know if the government planned to monitor any company that carried general Internet traffic; and he wanted to know how the government intended to ensure the privacy of individuals.
Diamond was pleased, of course, when Congress voted to kill funding for Fidnet; he thought it was a dangerous idea, and of course, the political victory meant lots of good press for his boss. But even with Fidnet stalled, Diamond was not persuaded that private corporations and private citizens were safeguarded from government eavesdropping. Like many people with access to the intelligence loop in Washington, Diamond knew about another surveillance system that included the interception of email, cellular phone messages and more. This other effort, organised by the National Security Agency (NSA), was known to many as Echelon, and while it was said not to operate in the United States, it was believed to have been working in several other countries for many years.
Reached by phone after Congress had denied funds to Fidnet, Diamond was happy to discuss his concerns about that proposal. But when asked if he had heard of Echelon, Diamond fell silent, admitting later that what he had heard about Echelon suggested it was every bit as disturbing as Fidnet.
Now, six months after the Fidnet fiasco, debates about the government's role in monitoring information, as well as debates about industry's role in enabling government surveillance, are still swirling through the IT community. Yet the voice of CIOs has been conspicuously absent from the political debate.
"They have been invisible," says Diamond. "Especially considering that this is going to have a major impact on their business, one would think that they would be more involved. Do they really want the administration policing their networks?"(For more about CIOs and public policy issues, see "The Influence Peddlers".) The debate has revealed the dark side of the new economy's electronic infrastructure: the advantages of instantaneous global messaging have come at a price. Today there is no such thing as privacy; no information in any computer on any network is safe.
Unofficially, It's Official
US officials have never acknowledged for the record the existence of the surveillance system called Echelon, but speaking on background, some people with close ties to the intelligence community admit that it is alive and well and operated by the NSA.
"The NSA has an extremely active and very vigorous system of globally targeting communications," says one knowledgeable source. "They use an incredible number of technological programs." The NSA has the capability to capture any sort of electronic voice, fax or computer-to-computer communications.
This government official admits the NSA does conduct what he calls "economic espionage" but claims it does so only to track macroeconomic trends.
In the end, this official echoes the opinion of Armey aide Diamond. The official says it is probably true that the spy system known as Echelon does internationally many of the same things Fidnet would have done domestically. The fact that Echelon's practices routinely violate European laws, says the source, is of little concern to the US government. "The US government cares only about US laws," says the source. "And there are also," he adds suggestively, "certain agreements between governments," intimating that as far as Echelon is concerned, some European governments are willing to go along to get along.
America, the Villain
Despite the unwillingness of government officials to talk in any detail about Echelon, several histories have been pieced together by journalists and European government agencies. One of the most revealing is a working document that was published in April 1999 by the Directorate General for Research for the European Parliament, an elected body of 626 representatives that makes policy recommendations to European governments. The document, called Development of Surveillance Technology and Risk of Abuse of Economic Information, makes clear the European perspective on Echelon and similar efforts:
"The United States is behind a worldwide effort to limit individual privacy and enhance the capability of its intelligence services to eavesdrop on personal conversations. The campaign has two legal strategies: The first made it mandatory for all digital telephone switches, cellular and satellite phones, and all developing communications technologies to build in surveillance capabilities; the second sought to limit the dissemination of software that contains encryption."
The document describes the government's efforts to control the sophistication of encryption technology that is exported from the United States, a controversial issue that has been widely covered by the American press. It also delves into the little-talked-about efforts of the FBI to successfully lobby Congress to pass the Communications Assistance for Law Enforcement Act (CALEA) in 1994. That law requires all telephone companies, terrestrial carriers, cellular phone services and others to ensure that all of their "equipment, facilities or services" are interceptable by government agencies. A nearly identical resolution was adopted by the European Union Council of Ministers in January 1995, after four years of pressure from US agencies.
According to the document, Echelon is a global surveillance system designed and coordinated by the NSA and involves intelligence agencies in Australia, Canada, New Zealand and the United Kingdom. It intercepts email, fax, telex and telephone communications carried by satellites, and has been operating since the late 1980s. Reports claim that the system combs through millions of communications each second searching for key words and phrases, immediately tagging suspect messages and forwarding them to the requesting country. So, for example, the system captures messages with the words US embassy or nuclear threat.
While in the United States the Echelon system is regarded, if at all, as a bone for conspiracy buffs to gnaw, in Europe, where it operates, it is taken far more seriously. According to the parliamentary document, European business leaders worry that their email and telephone conversations are passed on to corporate competitors in the United States. The document mentions several incidents.
In one case in 1994, the Brazilian government awarded a $1.4 billion contract to US-based Raytheon rather than to two French companies that had presented better offers. The document contends that Raytheon altered its bid when it learned the details of the French proposals, allegedly through FBI intelligence.
In another case, when the French company Airbus Industrie lost a lucrative contract with Saudi Arabia to the American company McDonnell Douglas in 1994, the French press reported allegations that Echelon had provided McDonnell Douglas with inside information about the Airbus deal.
An American official who claims to be familiar with Echelon says that the Europeans are half right. Echelon does intercept corporate communications, but does so, he insists, only to better track economic trends. The NSA system, he says "does not steal trade secrets and give them to US companies. And they do not spy on US citizens who might be enemies of politicians."
Meet the New Plan, Same As the Old Plan
It was the potential to spy on US citizens, not just in Europe, but in the United States as well, that ignited resistance to the Fidnet proposal from across the political spectrum. On the right, there was Armey of Texas. On the left, David Sobel, general counsel to the Electronic Privacy Information Center, a Washington, D.C.-based research center with a focus on civil liberties and privacy. Sobel issued a statement claiming the Fidnet proposal indicates that privacy concerns are being swept under the rug.
The Fidnet plan hoped to, among other things, monitor network activity in telecommunications, banking, transportation and other business sectors for the purpose of maintaining what it calls "robust law enforcement and intelligence capabilities to protect critical information systems." To help do that, Fidnet would turn to the people who organised Echelon, the NSA. According to Wayne Madsen, a reporter for the Intelligence Newsletter, a Paris-based publication aimed at military and political officials, Fidnet would create a new NSA offshoot called the National Security Incident Response Center.
Madsen reported the plan stressed that NSA cooperation was essential because it was the only agency with the technological expertise required.
Stories like that, which suggest to knowledgeable insiders like congressional aide Diamond that the government was about to set up Echelon at home, made the decision to nip Fidnet in the bud an easy call. But many observers on the left and right believe that Fidnet was just the beginning of government efforts to make the new economy's infrastructure transparent to federal peepers.
They appear to be right. At this moment, for example, the Internet Engineering Task Force, a group established in 1986 to set the standards for the Internet, is in the throes of a debate about whether it should accede to the FBI's wishes that it write standards for the next-generation Internet that will make it easy for federal agents to put wiretaps on Internet communications. The FBI has stated it hopes the IETF will help wire the Internet in a way that facilitates surveillance, but it is unable to demand compliance because most legal experts believe that the 1994 CALEA legislation does not cover electronic messaging.
The dilemma puts vendors in the uncomfortable position of having to decide if they will make it easy for government agents to eavesdrop on private communications. And not just by US government agents. Because the Internet is a global network, one that is used by people in countries where liberties are nonexistent, the IETF debate goes further than deciding whether the computer industry should help good cops catch bad criminals.
For vendors in any business, this is a tough issue. For vendors in the business of using technology to empower people, not governments, it is even tougher. And for CIOs, who have, according to congressional aide Diamond, remained blissfully distant from the hard questions, it is an issue with potentially serious ramifications. In Europe, the conviction that the United States is policing corporate networks has led to allegations that the FBI has shared critical business information with friendly corporations. And the government's surveillance system in Europe, many observers fear, is coming home soon.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.