Among the legends of CFP is that it offers a rare opportunity for cops and hackers to drink together, debate, and perhaps enlighten each other.. Today's 11:15 panel doesn't have a hacker, but it has two cops and a judge: FBI agent Paul George, Justice Department official Paul Kendall, and California judge Tom Cecil join CDT's Jim Dempsey and George Tomko of Photonics Research Ontario to consider the interplay between privacy and technology in the criminal justice context.
As technology pervades every aspect of daily life - as more people are using the Internet to work, make purchases, or just entertain themselves - it is natural that crime would move online too. With a growing online population and recent influx of wealth into "e-space," criminals have been quick to upgrade and take advantage of new opportunities.
While criminal investigators sometimes claim publicly that their ability to fight crime is hurt by technology advancements, law enforcement agencies have long been innovative adapters of technology. Civil libertarians fear that the digital revolution has ushered in a golden age of surveillance.
The panel will consider whether new technologies really increase police effectiveness in pursuing criminals? By giving governments the power to track suspected criminals, will law-abiding citizens also be pursued? As the government collects information to prevent crime, how will it be stored, who will have access to it, and if the government can gather information, who else can, too?
One of the many things the panel was able to do was cut through some of the hype. As Neal Stephenson would recommend later in the evening, we would be given more information to reevaluate Big Brother's place in our threat model. For example, privacy advocates are fond of pointing out that out of the hundreds of wiretaps requested by the FBI in the last decade, none have been rejected by a judge. It is about time that we have had an FBI agent present to point out that three applications, yes three, were finally turned down last year. More importantly, Paul George was able to point out that the reason for the low rejection rate has less to do with gullible judges and more to do with the very strict internal guidelines and review process that a U.S. Attorney must go through before a wiretap application will even be approved by DOJ. Even so Jim Dempsey makes a strong case that wiretaps are an area to watch: the FBI system of information gathering is growing, and the potential to gather and analyze information will increase substantially. Wiretaps, having increased 12% in 1998, could increase by 300% with the implementation of Digital Storm, a new FBI program to bring digital technology to bear on wiretap problems.
Beyond such fun facts, the panel showed that future technological choices will have to balance privacy/security with efficiency/convenience. One such balancing acts comes with the push for integration of government databases. Judge Cecil, while wanting greater integration within the justice system, recognized that such compilations do increase the risks to citizens' privacy. Integration cuts through past systematic inefficiencies built into to trying to obtain information from the government. Instead of having to go to the proper room, in the proper building, to fill out the proper paper work, the fear is that it will soon be possible to access from anywhere such diverse public records as a person's divorce proceedings to their car registration.
While ease of access is seen as an inherent threat to privacy, the panel illustrated that when access is combined with an enhanced, integrated government database, the potential for data mining to perform either marketing or fraud grows substantially. Private abuse is only the beginning of what the panel covered, inter-government abuse of privacy may grow. A practical example of this is the use of biometric encoded ID cards to reduce welfare fraud. If the creation of such a card system entailed the implementation of a fingerprint database, criminal investigators could infringe on privacy rights by using the welfare databases in investigating crimes. Because of the potential of such abuses, George Tamko argued that it is not enough to pass laws to prevent unauthorized, secondary uses of biometrics, the system must be built to restrict access by leaving the biometric information with the user. This can be done by encoding the biometric on the card (or trusted hardware device), and then using it to encrypt PIN numbers. Having the user retain their biometric information will allow for identification without the creation of centralized database open for abuse.
Audience questions showed that as the government improves its technologies, it too, will be watched.