Misguided – CyberCrimes and the Patriot Act
One of the most problematic aspects of recent
advances in technology is figuring out how the internet and cyberspace fit into
existing legal structures, and what new approaches must be developed to handle
critical issues. The idea of what “cyber
terrorism” means has changed in the 21st century. Normally, the process
of adapting the law to changes in technology is a long and arduous process.
However, due to the 9/11 attacks on America,
change has been dramatic, rapid, and poorly considered. In the wake of the
terrorist assault, the US government created and passed the "Uniting and
Strengthening America by Providing Appropriate Tools Required to Intercept and
Obstruct Terrorism Act of 2001", otherwise known by the shorthand as the Patriot
Act. While intended to safeguard America from terrorist attacks, the broad
range of the Act has proven problematic on multiple fronts, including its
treatment of computer technology and cyberterrorism. While supporters of
the Patriot Act claim that national security must be protected, the definition
of cyberterrorism advanced in the act is far too broad, leading to a situation
where unnecessarily harsh punishments can be handed out for non-terrorist
infractions.
In the aftermath of 9/11,
the government and the private sector worried that information digitally housed
on computers could be vulnerable to security attacks. Another concern which
arose in the post 9/11 world was how networks who housed confidential information
could be compromised. If networks were to be compromised, potential criminals
could gain access to vital information and manipulate its flow. National
Defense Secrets could be garnered by accessing databases owned and operated by
the CIA, FBI, Department of Defense, or even the offices of the Homeland
Security itself! The response to these concerns was the inclusion of a section
on cyberterrorism in the Patriot Act. The Patriot Act includes incredibly broad
provisions for what can be defined as cyberterrorism, including “unauthorized
access to protected computers,” and “the destruction of communication lines,
stations, or systems.” As if these terms aren’t vague enough, section 814
expands the definition of a “protected computer" to cover even a "computer
located outside the United States that is used in a manner that affects
interstate or foreign commerce or communication of the United States” and says
that people can be prosecuted for even attempting to access a “protected
computer”. In an ideal world, only individuals who were attempting these crimes
for actual terrorism would be prosecuted under these provisions, but in
reality, there are no assurances that common criminals won’t be treated as if
they were terrorists. Under the provisions of the act, a janitor trying to shut
down a computer in an embassy in Botswana in order to save power could be
prosecuted as if he were a hacker attempting to access FBI records. Because
there is no clear definition of cyberterrorism, the government possesses an extraordinary
amount of leeway with no official oversight, which enables them to pursue
domestic criminals and penalize them as though they were international
terrorists. Lawyer Tara Raghaven states “One of the deepest problems associated
with the Act is that the government is allowed to spy on suspected computer
trespassers without a court order, infringing on the civil liberties of
suspected trespassers” (Ragheven).
Defining the term cyber
terrorism has always been a challenge, even before the 9/11 attacks and the
creation of the Patriot Act. As Amy
Zalman points out, “Cyberterrorism is not necessarily designed to cause a
terrifying visual spectacle that can be exploited for propaganda purposes, as
conventional terrorism is” (Zalman). Terrorist attacks in reality focus on
creating fear through wanton death and destruction. Destruction on the internet
doesn’t have nearly the same effect or the same immediately fatal consequences
to innocent victims. While clearly it is possible to perform actions on the
internet with a terrorist intent that further the goals of terrorists, it does
require examining how terrorism online should be defined. Were Americans hackers
who breached the Department of Defense terrorists if they were simply acting as
digital pioneers like Edmund Hilary’s, conquering the ‘mountain’ simply because
it was there? At what point does an action change from being a cybercrime to an
act of cyberterrorism? Raghaven points out that “in fact, the Internet has been
fairly unscathed by international terrorism” (Raghaven). Some theorists broadly
define cyberterrorism as any actions taken by groups or individuals who want to
expand control over cyberspace, but this definition seems far too broad, and
doesn’t include attacks designed to access and steal confidential information. Intriguingly,
because the term 'cyberterrorism' creates a subliminal linkage in listener's
minds to groups such as Al Qaeda and other global terrorist groups, this makes
it possible for the American government and private industry play off of these
fears about Al Qaeda to build support for tighter controls on electronic
information. In truth, only a small amount of cybercrime could actually be designated
terrorism, so the term is actually serving as propaganda for other interests,
which don’t act toward to the stated goal of the Patriot Act, to provide tools
to intercept and obstruct terrorism.
This is not to say that cyberterrorism isn’t a possibility. A number of security experts have concluded that while the threat of cyberterrorism does exist, it is routinely exaggerated by various individuals for political or financial gain. These experts note that not only does the United States exhibit a profound dependency on computer networks for its daily well-functioning, but this technological requirement holds true for most of the world as well. Experts point out that the interrelationship of computer systems means that attacking a single nation without harming the interests of others is much more difficult, especially for a nation as important to the global economy as America As Sandeep Bhardwaj, Research Officer for the Institute of Peace and Conflict Studies states “Using the internet for information dissemination, propaganda and recruitment is possibly the most dangerous aspect of cyber terrorism. Instead of thinking obtusely about how to inflict damage to the system through hacking, terrorists are using internet in its most obvious form as a tool of information dissemination” (Bhardwaj). But both supporters and opponents of the Patriot Act agree that it is important to safeguard critical infrastructure from vulnerability to attack. Raghaven writes that “While bombing physical targets may attract unwanted attention and raise the risk of failure, cyberterrorist attacks can be orchestrated more accurately and easily, and due to the remote location of the preliminary step, the perpetrators are less detectable”(Raghaven). This stance provides support for the sweeping coverage of the Act. Opponents of the broad area covered by the Patriot act critically point out that creating and maintaining a state of anxiety over cyber vulnerability can be profitable for corporations which provide internet security. As Gabriel Weimann pointed out in his article Cyberterrorism: How Real is the Threat, “an entire industry has emerged to grapple with the threat of cyberterrorism” which has resulted in immediate changes; “Private companies have hastily deployed security consultants and software designed to protect public and private targets” (Weimann). The federal government requested $4.5 billion for infrastructure security following 9/11 and the FBI now boasts more than one thousand “cyber investigators.” This illustrates just how big a business cyber security has become, and the powerful allure of profits that can be had so long as the fear of something horrible drives heavy spending in this sector.
In conclusion, it is clear
that the Patriot Act poses a problem because it gives sweeping powers with
little oversight in areas which don’t necessarily have anything to do with
terrorism. Podgor notes that “It is common that congressional acts include
provisions with no relevance to the main purpose and title of the act. What may
be unique here are the speed at which the Patriot Act was passed and the
purpose for the haste. One wonders whether it was necessary, in light of these
extenuating circumstances, to include provisions with far-reaching effects
beyond terrorism.” The scope of the Patriot Act is going to face continual
court challenges because it crosses important lines of civil liberty under the
guise of fighting terrorism. While this was initially accepted in the fearful
climate created by the 9/11 attacks, as time passes and non-terrorists suffer,
the Act’s legality will continually be battled in court. Civil liberty cannot
survive if people are always willing to give up the protection of privacy
simply because of an external fear. When terrorists strike America and freedoms
are curtailed in the wake, then the goal of creating fear has truly been
achieved.
No comments:
Post a Comment