Civil Liberties in Cyberspace

[ Site Index] [ Journalism Index] [ Feedback ]

A bombing in Oklahoma

Morning, in front of a busy office block occupied by government agencies. People are going into work, to queue in the benefits office downstairs, to get on with the day-to-day business of their lives -- when suddenly there is a huge explosion. The front of the building collapses, trapping hundreds in the wreckage; many die. The town the building was located in is Oklahoma City: and the first question people ask after they hear the news is why. "Why would anyone do such a thing?" And, more to the point, "is there anything we can do today to stop them from doing it again?"

Some people are asking themselves another question, though, with more ominous implications. "Why didn't we see it coming? And how can we ensure that the internet remains free while preventing its like from happening again?" The internet? What on earth does the internet have to do with terrorism? The answer is, both more and less than most people suspect.

Communities in cyberspace

The myth the electronic frontier attracts any number of desperados and anti-social elements has become a mainstay of tabloid journalism. In fact, experienced net users tend to groan whenever they see a story about the internet in a mainstream magazine or newspaper; it's almost invariably written by someone who has just discovered that it is possible to download smutty pictures with the aid of a modem, or who has ventured into a discussion forum for the first time and been roundly told off for some display of bad manners or ignorance. That such coverage is negative, goes without saying.

However, there is a grain of truth in it. Archives of pornography exist on the net (however furtively guarded they may be). Wild and intemperate speech, both in public and in private, is as much the rule as the exception. And the net attracts fringe groups like a magnet -- individuals who share unusual interests but are geographically scattered can for the first time share common ground as a group, rapidly and conveniently.

To take an innocuous example, I'm interested in Cambridge Z-88 portable computers -- a rarity, these days. I'm in touch with a mailing list for users of these machines, which gives me the opportunity to ask, or answer, questions and provide help. Mail sent to the list is exploded -- copied -- to everyone who subscribes to it, virtually instantly. If I had to rely on local resources for help I would be isolated, effectively on my own. But with the access to other isolated individuals that such a list provides, I can discuss my somewhat geekish habit with like-minded people as easily as if we were in the same office.

It doesn't have to be Z-88's, though. Lists exist for virtually all known interests; model-making, modeling (for artists of whatever stripe), and -- for all I know -- bomb-making.

Different types of communication

Electronic mail is fundamentally a one-to-one communications medium. It can be extended to one-to-many, but you can in principle nail down just who a message was written by and who it was sent to. Whether the originator really did write it -- or it was a cunning forgery in their name -- is another matter, as is whether it arrived and was read; but the principle is the same. An email conversation is like an exchange of letters, or a phone call, while the most suitable metaphor for an email list is a party line or conference call.

But email is not the only communications medium provided by the net. Also worth considering is usenet, the internet news system. News looks like email, but there's a fundamental difference. If you post (publish) an article on one computer, it is forwarded to every other news server on the internet that carries articles in the news group (conference area) you published it on. Thus, news is a broadcast medium. Discussions in a newsgroup often resemble those on a mailing list -- but anybody, literally anywhere, can listen in.

Finally, there are the much more complex, newer information systems like the world wide web. The web is a distributed hypertext. You can publish a set of web "pages" on the internet, and include links in them that point to any other web document on the net. In this way, a huge sea of online text has filled out over the past two years, to the point where the web is now arguably on its way to becoming the biggest single textual information resource available to humanity. It's an invaluable tool -- but there is no way of restricting the content published on it, because it has no centre; a document published in Scotland might offend sensibilities in Singapore, and is certainly accessible to web browsers in that country, but there's no way of doing anything about it.

The whole point of the internet is that there is no centre; it is a huge amorphous jellyfish of networks, all tangled together, and anything that is published on one computer might as well be sitting on the hard disk of every other machine on the net. The various services conveyed by the net -- mail, news, the web (and others) -- have very different characteristics, but have all evolved to operate in such an anarchic, decentralized system.

But that's all right; it's just words ...

Three years in prison for answering the phone?

In February 1994, a press release was issued by the Post Office in California:

"Robert and Carleen Thomas of Milpitas California were arrested today by United States Postal Inspectors. The Thomas's were arrested for distribution of obscene material and receipt of child pornography. : The Thomas's were also indicted on six counts of transporting obscene material, specifically computer generated images from California to the Western District of Tennessee in violation of Title 18, United States Code, Section 1465. The Thomas's operated a computer bulletin board service specializing In pornographic material enabling other computer users throughout the country to receive pornographic material via their computer."

Robert and Carleen Thomas operated a commercial bulletin board in California. Indeed, they were two of those luridly-portrayed "computer pornographers", beloved of journalists. Some time before they were arrested, the San Francisco police paid them a polite visit. There had been complaints about the images available for download on their system, and the police were beholden to investigate. However the SFPD declined to bring charges; "pornography" is defined fairly vaguely under US law, in terms defined by the local jurisdiction; and the jursidiction of San Francisco is quite laid back about such matters.

Tennessee, in the middle of the bible belt, is another matter. A largely fundamentalist city, stuff like the pictures the Thomases were purveying would be considered far beyond the pale. And when postal inspector David H. Dirmeyer went after them, he chose some rather unconventional tactics.

For starters, he obtained an account on the bulletin board under an assumed name ("Lance White"), and proceeded to download some pornographic files -- illegal in Tennessee. Then, to provide a suitable basis for a search warrant, he mailed them some child pornography (care of the US Postal Service). Mere posession of some types of material is a Federal crime, carrying a stiff sentence; fifteen minutes after the fat envelope flopped into the Thomases letterbox, police officers armed with a warrant were banging on their door. By involving the Federal offense of "receiving child pornography", Dirmeyer transformed the local (Tennessee) pornography case into a federal affair, permitting the Thomases to be tried in Memphis instead of San Francisco.

Although the charges relating to receipt of child pornography were later dismissed, the charges of supplying pornography via electronic media came to trial in Memphis. Because the definition of pornography was set in Tennessee, rather than California, the material that had been downloaded from a jurisdiction where it was quite legal became the basis of a successful prosecution; and on being found guilty, the Thomases both received hefty prison sentences.

Although at first glance this doesn't appear to be very out of the ordinary, this case sent shockwaves through the internet. The main issue was one of jurisdiction. In effect, Tennessee's more restrictive standards had in law been shown to override the less restrictive standards enforced in California. By implication, activities on the net could be limited to those permitted in the most restrictive jurisdiction. Moreover, given the decentralized nature of the net, it is virtually impossible to prevent someone, somewhere, from accessing some information that you publish on it locally. Imagine the consequences of trying to avoid offending everyone, everywhere, at the same time, and you might begin to grasp the scale of the problem.

Decent communications

A second cause celebre on the internet has been Senator Exxon's oddly-named "Communications Decency Act" of 1994. Senator Exxon put forward this act, which creates a new offense (in the USA), of transmitting indecent material by electronic means. The draft Act is so badly drawn up that no distinction is made between the liability of whoever originated some objectionable material -- and the distributor of it. Thus, any internet provider (or even telephone company carrying internet traffic) could be prosecuted for content transmitted without their knowledge.

The senator came in for some serious criticism as soon as the text of his bill was published. While it would certainly target obscene telephone callers, he had little idea that it might infringe upon the freedom of expression of millions of internet users -- and even less idea about how unenforceable it might be. For it really would be unenforceable.

An internet provider handles many gigabytes of traffic per day; a volume impossible to read by eye, or even to scan for byte patters. One provider, Prodigy, tried. Prodigy is notorious for a "family values" policy; apparently it uses software that scans for four-letter words and deletes them from messages. Vietnamese text, when transmitted through email messages, is encoded in such a way that various pairs of ASCII characters are used to represent native characters. Unfortunately, when Prodigy set up a south-east asian subsidiary, nobody realised that the blue-nosed software was still in place -- and that one of the commonest digraphs in Vietnamese was represented by the sequence "SH" and "IT".

While this might sound like a comical example, it is quite serious. Even a trivial scan for "obscene words" is difficult; checking the content of all message traffic for threatening or subtle wording that amount to the same thing is next to impossible. And trying to sift through blocks of anonymous binary data for encrypted messages is even worse. Encryption, by its very nature, tries to render the plaintext message indistinguishable from white noise. A related technology, steganography, works by masking data invisibly into other data. For example, consider a colour graphics file. If 24 bits are used to encode the colour of each pixel, then it is feasible to mask one bit from a secret message into each pixel. The resulting image file will look virtually the same to a viewer -- except the colour balance for each pixel, which is slightly skewed. But if the original isn't available for comparison, who is to know that there's a hidden message constituting perhaps 10Kbytes in amongst the 240Kb of the image file?

Encryption: the festering sore

This article is about to commit an offense carrying a maximum penalty of ten years in prison, and a million-dollar fine (in the USA).

#!/usr/local/bin/perl -- # export-a-crypto-system sig, RSA in 4 lines of PERL:
die"$0 -d|-e key mod out\n"if(($_,$k,$n)=@ARGV)!=3|!/^-[de]$/;$v=$w= ~1&1+
$e=`echo 16oOi\U$m SM$n\Esn1$_ p|dc`;print pack("H$v",'0'x($v+1-length$e).$e);}

The box-out above contains the source code to a program, in the Perl high-level language, that encrypts and decrypts files using the RSA public-key encryption algorithm. (Perl is really much nicer than this somewhat evil chunk of code might suggest. It's also a very powerful language, hence the tiny size of the program. For more information about this program, look on the world-wide web under

Believe it or not, if you take this magazine into the USA, then leave with it again, you are technically violating the International Trade in Arms Regulations (or ITAR), under the terms of the Arms Export Control Act of 1976. Because in the USA, encryption technology -- even foreign encryption software, like this program -- is classified as a munition, along with bombs, missiles, and tanks.

Encryption has become a festering sore on the internet civil liberties scene. It is virtually impossible to effectively ban all forms of encryption; and there are many reasons why a ban would be undesirable. Most internet communications are carried out in plain text; before it can be used safely for commercial transactions, security (involving encryption) must be brought in. On the other hand, government agencies (notably the NSA and their UK counterparts, GCHQ) are extremely unhappy about the spread of "strong" encryption technology into civilian hands. While the old cold war demons have subsided, the threat of terrorist organizations with uncrackable communications still terrifies them -- and for good reason.

The current encryption cause celebre -- besides the Zimmerman PGP case, which grinds on into its third year -- is the Bernstein lawsuit. Daniel Bernstein is a gifted mathematician and computer scientist working at Berkeley. In early 1992, he decided to publish a paper discussing a new encryption algorithm he had invented, along with accompanying source code, via the internet. But being a law-abiding person, he first sought an appropriate license from the State Department. There was no response. A year later, he submitted no less than five formal requests; at which point, each request for permission to publish was turned down.

Bernstein is now taking his case to the courts, with the backing of the Electronic Frontier Foundation. He asserts that by refusing permission, the State Department is infringing on his first amendment constitutional right to exercise free speech without prior restraint; and by not listening to his appeals, it is denying his fifth amendment right to a fair hearing. Not only is this lawsuit directed against the state department; it is aimed squarely at the ITAR regulations, which he believes place a huge block on public freedom of speech in the interests of bolting the stable door long after the horses have fled.

The UK: waking up and smelling the fire

Back home in the UK, we are perhaps two years down the curve that the US is following. We have felt the first uneasy simmerings of net awareness; the Labour party has appointed a Shadow Minister for the Information Superhighway (Chris Smith, MP), while the current government has passed a couple of measures in the past and might well pass more.

Freedom of speech in the UK, as opposed to the USA, is not protected by a bill of rights. Although the European Declaration of Human Rights may be upheld by the European Court on appeal, it is not built into the Scottish or English legal systems. Thus, the tension between the promise of free speech and the threat of dissemination of undesirable material (be it pornography or encryption technology) does not exist. Rather, we have a government that can grant itself whatever powers it needs, to pursue whatever interests it desires.

The Criminal Justice Act (1994) may not have said anything explicit about cyberspace, but it sent a clear message. Under the terms of the act, the police have clear powers over any public gathering of more than ten people. Yet no such powers have yet been granted to them in cyberspace. Those police forces who do have a net presence concentrate on the most extreme violations of social behaviour; looking for child porn (the current bugbear of the censorship lobby), or for software pirates.

However, there are signs that this is going to change in the very near future. Chris Smith, for example, has stated on the record that he believes encryption technology should be banned, except where a "back door" exists to enable law enforcement officers to decrypt encoded messages. In a climate where the right of free assembly has been curtailed, rallying cries for "the need for international agreements to ban groups preaching violence from the information superhighway" (Sunday Times passim) take on a new, and somewhat worrying, meaning.

Special Branch officers recently arrested a BBS operator in Scotland, as part of an investigation into net-based anarchist dissidents allegedly using online media to advocate anti-government violence. Allegedly, the BBS, Terminal Boredom, had archived some of the publications of Spunk Press, a US-based anarchist publisher. It will be interesting to see a list of precisely what information was archived on that BBS. Certainly, all the Spunk publications are well known and available on-line from the USA where, as written documents, they are protected by the First Amendment. There may be just cause for the arrest, but if it is based solely on an issue of the texts that were published on the BBS, it must be concluded that the stable door is wide open; anyone who wants them can get them from another jurisdiction, and prosecution of a local operator cannot be viewed as anything other than political harassment.

There is a slippery slope to censorship, and while the intention might be good (for who can deny that incitement to violence is bad?), the side effects can be dreadful. As the EFF noted in their publication (EFFector): "When governments cannot distinguish between a socio-political philosophy denying governmental authoritarianism and actual conspiracy to commit terrorist crimes, no one's intellectual freedom is safe." The fundamental concern is that the more governments attempt to control a formerly-anarchic medium, the more it will be seen as a threat -- and thus, governments will be presented with a greater stimulus to control.

The real big journalistic internet scoop of 1994, the one that could have foretold the Oklahoma bombing, was never filed. Extreme right-wing American groups have been using the net openly for some years, and since the Waco, Texas massacre of 1992 they have become increasingly vocal in their public calls for resistance to what they see as an oppressive government of occupation. Given the tendency of the net to act as a glue for geographically scattered minority groups, and given the tendency of such groups to work themselves up into a lather over any perceived threat, it should have been obvious that sooner or later someone would tke the rhetoric a step too far. One Tim McVeigh (now in FBI custody) was one of them; he posted outspoken rants to the internet several times in April 1995, promising that "something big is going to happen".

The internet may not have caused the Oklahoma bombing -- in fact, it may well have had nothing to do with it -- but the bombing may well affect the internet. Few people are now willing to say publicly that there shold be no limits to free speech (when it encompasses incitement to acts of terrorism); and in a changing climate of public opinion, the hitherto unquestioned rights and practices of net users are coming in for scrutiny.

The above article was published in Issue 89, July 1995, of Computer Shopper (the title published in the UK by Dennis Publishing Ltd, as opposed to the American magazine of the same name, published by Ziff-Davis).

[ Site Index] [ Journalism Index] [ Feedback ]