More on politics and society from The Atlantic's archive.
More on science and technology from The Atlantic's archive.
More Flashbacks from The Atlantic's archive.
From the archives:
"Keeping the Net Secure" (January 2002)
September 11 demonstrated the great strength of the Internet. Now it's time to address the Internet's weaknesses. By Reed Hundt
"The Futility of 'Homeland Defense'" (January 2002)
Don't even try to close the holes in a country, and a society, designed to be porous. By David Carr
"The Reinvention of Privacy" (March 2001)
The public fears that the last of privacy will perish in the information age. But what technology has taken away it will soon give back. By Toby Lester
From the archives:
Flashbacks: "Criminal Computing" (February 17, 2000)
Two Atlantic articles highlight the difficulties of protecting Internet users from the dangers of computer crime.
Technology and Security
August 21, 2002
ollowing the devastation last September 11, the FBI was widely criticized for having failed to detect the planning and preparation of the terrorist attacks. Many argued that the agency's lack of high-tech equipment and computer savvy may have been its crucial flaw. But as the nation now moves to upgrade its various surveillance and detection systems, one author writes in the September Atlantic that we should be wary of placing too much faith in the capacity of technology to protect us. In "Homeland Insecurity," Charles Mann argues that most technological screening devices, such as iris and fingerprint scanners, can be tricked into uselessness, and that much simpler and more effective security measures are being given short shrift by the U.S. government. Such measures as reinforcing cockpit doors and teaching passengers how to fight back against hijackers, he suggests, could do far more good than most of the complicated new security technologies now under consideration.
Mann quotes Bruce Schneier, a top security expert profiled in the article, on security and common sense:
"The trick is to remember that technology can't save you
. We know this in our own lives. We realize that there's no magic anti-burglary dust we can sprinkle on our cars to prevent them from being stolen. We know that car alarms don't offer much protection. The Club at best makes burglars steal the car next to you. For real safety we park on nice streets where people notice if somebody smashes the window. Or we park in garages, where somebody watches the car. In both cases people are the essential security element. You always build the system around people."
Earlier this year, in "Losing the Code War" (February 2002), Stephen Budiansky made a similar case against excessive reliance on technology as a means of protection. In the past, he explained, code-breaking was a useful way for the United States to gain important intelligence about its enemies. But encryption software has become so sophisticated and widely available that coded messages are now virtually impossible to decipher. Today, physical action by law enforcement is a better way to ferret out usable information.
As an example, Budiansky described the case of Nicodemo Scarfo Jr., a crime boss who had encrypted all of his files. Federal agents acquired the files not by breaking Scarfo's code, but by entering his house and installing a device to capture his password. "Bad guys make mistakes," Budiansky wrote. "They sometimes still use the phone or radio when they need to communicate in a hurry." It is under these circumstances, Budiansky argued, that information can most effectively be discovered.
Eight years before, in "Open Secrets" (June 1994), James Fallows described how the government was then seeking, with little success, to use a technological solution to address the problem of indecipherable codes. The concern, he explained, was that "the government would lose its ability to hear what other governments, and in certain cases its own citizens, were saying."
The National Security Agency had devised a proposal that the Clinton Administration approved, whereby an encryption device called the Clipper chip would be built into government-issued phones. Any coded interactions that took place over those phones could be decoded not only by those on either end of the line, but also by government agencies that would have access to the encrypting information. Though the Clipper chip plan was welcomed by the FBI, Fallows pointed out that it was flawed in several important ways.
One drawback was that if people in government had access to the Clipper encryption codes, there would be nothing to prevent a corrupt official from turning either the codes or the content of encrypted conversations over to criminals or enemy governments in exchange for bribes. Moreover, it would not be impossible for criminals or enemy governments to crack the codes themselves: "The scrambled messages produced by Clipper phones are vulnerable to anyone who somehow obtains their codes, including the ID number built into each phone."
Another obvious drawback was that no one outside of the U.S. government was required to use the Clipper phones, which meant that anyone wishing to avoid eavesdropping by the U.S. government could simply use a different encryption system. Unsophisticated criminals, Fallows conceded, might not know any better than to choose the Clipper system. But it would be precisely those individuals and groups most dangerous to national security who would be savvy enough to circumvent the Clipper system:
The stated reason for a scrambling chip that permits wiretapping is that otherwise terrorists, drug dealers, and other criminals might use untappable scrambling schemes. With Clipper they still can
There was a strong backlash against the Clipper proposal by those who feared that, because the government would be able to listen in on anyone using the Clipper, it represented a Big Brotherish invasion of privacy. The government later retracted the proposal, but has since proposed modified versions.
It is guaranteed to be least effective against the most serious criminal opponents such as state-sponsored terrorist rings that will not be limited to what they can find at Radio Shack.
Finally, yet another example of the government's interest in using technology to combat terrorism is the recent spate of proposals to issue national identification cards. In "The Mother of Reinvention" (May 2002), Walter Kirn considered the possible repercussions of such a policy. The cards, he speculated, would be very sophisticated:
Such a card might feature a "biometric" identifier: an electronic map of, say, its owner's iris or palm print. Card readers might be installed in airports, highway-patrol cars, and government buildings—no one really knows yet.
But the very fact that so much information would be pooled within each card, and that use of the card would be required for so many different kinds of transactions, could make the card itself a potential danger:
With so much more identity to steal, identity theft would go from being a headache to something approaching virtual murder, consigning the victim to a physical and economic no-man's-land.
One shudders to think how such cards might be abused.
Perhaps most insidious of all, Kirn suggested, would be the irreparable damage that the issuing of such cards could inflict on the nature of American identity itself:
Out would go the old notions of personal metamorphosis and spiritual plasticity, to be replaced by the dead gray matrix of one's palm lines
For the purposes of a national ID card, identity is a unique, unchanging set of distinguishing characteristics: the flecks in one's iris, the ridges of one's left thumb
. As Americans, though, we have a higher identity: free agent, self-legislator, citizen. It's a common identity held individually. It's what allows us to bond and make a nation or, if necessary, dissolve our bonds. This identity can't be captured on a card, but there is a risk it could be supplanted by one.
—Ivan Boothe and Sage Stossel
Discuss this article in the Science & Technology conference of Post & Riposte.
More Flashbacks from The Atlantic's archive.
Ivan Boothe was recently a new media intern for The Atlantic. Sage Stossel is an editor for The Atlantic Online.
All material copyright © 2002 by The Atlantic Monthly Group. All rights reserved.