Tina Rios
Business Law I
Position Paper

Should Internet Activity be Monitored?

There has been an ongoing debate over many years on whether or not internet activity should be legally monitored by Internet Service Providers or the government. Obviously there many pros and cons to both sides of this issue. There is not only a valid need for internet monitoring of private networks in addition to government systems, but there is also a valid concern for the privacy of our country’s citizens. Both sides of this issue will be addressed as well as my own analysis of this topic. There is quite a bit of history regarding monitoring public internet communications. Some forms of electronic surveillance have been around since the Civil War. The 4th Amendment is a citizen’s primary protection against unreasonable government searches and seizures. As technologies advance the meaning of unreasonable becomes more and more unclear; meaning when private information is transmitted through wire over a long distance is it still considered private information? During the 1920’s, as phone calls were being place through switchboards, it was noticed that more and more conversations regarding illegal activities were being talked through those phone calls. It was then that police asked for clarification from the Supreme Court on whether or not wiretaps went against the 4th Amendment. It was decided that the 4th Amendment did not restrict wiretaps since there was no search not seizure. Government agencies, such as FBI and National Security Administration have argued that national security requires eavesdropping on electronic communications. Due to the terrorists attacks on September 11, 2001, the question went from “Should we continue to protect personal privacy to should we authorize the Bush administration to use surveillance to find terrorists operating inside the United States and stop them before they attack again?” Cyber crimes are increasing and will continue to do so as technology advances and are getting much harder to control and will continue to be difficult to control if something is not put into place. They include numerous types cyber crimes to include: fraud, such as: financial, computer, identity theft, debit/credit card…etc., child exploitation, online gambling, phishing scams, cyber stalking/bullying, and computer viruses, just to name a few. In 2004, Kenneth Flury was charged with bank fraud and conspiracy when he tried to steal debit card account numbers, pins and other personal information from Citibank. The US Secret Service got involved as part of Operation Firewall. He ended up getting over $380,000. He was sentenced to 32 months in prison and 3 years of supervised release and pay $300,000 in restitution to Citibank. In 2005, Jeanson Anceta used botnets to launch destructive spam and adware attacks. Most of his damage affected the computers used by the Federal Government for National Defense. He generated over $100,000 in proceeds. He was sentenced to 5 years in prison and has to undergo 3 years of supervised release which limits his internet and computer use. He also has to pay the Weapons Division of the United States Naval Air Warfare Center $15,000 in restitution and relinquish $58,000 of his profits from his illegal activities. In November 2008 a mother reported that a 20 yr old male was having sexual conversations with her 12 yr old son through Xbox live. She gave the tip line his first name, numerous screen names, and a possible location. The Exploited Children’s Division conducted internet searches using the screen names and found a discussion board posting and discovered an email address. After analyzing the information the analyst notified the New Jersey Internet Crimes Against Children task force. After further investigation, it was found that there were previous complaints against the suspect and due to the tip from the Cyber Tip Line authorities were able to tie up the lose ends of prior reports and arrest a 21-year old suspect for possession of Child Pornography and multiple counts of Endangering the Welfare of a Child. At this time it is believed that there are at least 10 child victims. In 1996, the FBI only investigated 113 cases involving child exploitation via the internet; in 2001 the FBI opened 1,559 cases. The Internet Crimes Against Children program was launched by Congress and the Department of Justice in 1998 and between then and 2001 these task forces have arrested over 900 predators. There are numerous cases on cyber crimes that may have been preventable if internet activity were being monitored. FBI Director Robert Mueller said “the idea balances on one hand, the privacy rights of the individual who are receiving the information, but on the other hand, given the technology, the necessity of having some omnibus search capability utilizing filter that would identify the illegal activity as it comes through and give us the ability to preempt that illegal activity where it comes through a choke point.” The federal government is launching an expansive program called “The Perfect Citizen” to detect cyber assaults on private companies as well as government agencies like power and water companies that make up the critical infrastructure of the nation. The program will focus on monitoring network activity and identifying suspected cyber attack against government and critical networks. A US military official called this program long overdue and said any intrusion of privacy is no more than what the public already comes across from traffic cameras. The program would rely on sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting a cyber attack, but wouldn’t monitor the whole system continuously. It is still in the early stages and there are still many aspects of this program that still needs to be worked out, such as which systems will be monitored and how the data will be collected. Although the government cannot force companies to work with them, it may offer incentives. The key issue is how to build the confidence with American people that the government is doing is the right step in the right direction. Einstein technology will also assist in the Internet monitoring process. It is designed to detect and prevent electronic attacks to networks operated by the private sector even though it was created for federal networks, says the Department of Homeland Security’s top cyber security official. It is already in place at 15 federal agencies, but DHS has said it’s still preparing the necessary privacy impact assessment for a proposed $293 million government wide Einstein expansion. Einstein 3 has the ability to read content of emails and other messages. According to the Dept of Homeland Security, “if it performs as well as we hope, it could help unprepared companies fend off cyber attacks, including worms sent through e-mail, phishing attempts, and even denial of service attacks.” During its packet inspection to prevent botnets from accessing certain web pages, it could also be used to prevent pedophiles from accessing illegal child pornography, prevent individuals from downloading copyright-infringing music, or offshore gambling sites. At a recent conference, Homeland Security Secretary Janet Napolitano stressed “We need to have a system that works together.” She also states “Fighting homegrown terrorism by monitoring internet communications is a civil liberties trade-off the U.S. government must make to beef up national security. As terrorists increasingly recruit U.S. citizens, the government needs to constantly balance Americans’ civil rights and privacy with the need to keep people safe.” She says that it is wrong to believe that if security is embraced that liberty is sacrificed. Jacob Appelbaum, a security researcher and programmer, said “It’s clearly a win for people without the security know-how to protect their own networks but also a clear loss of control. And anyone with access to that monitoring system, legitimate or otherwise, would be able to monitor amazing amounts of traffic.” Privacy to some seems to be more important rather than safety. For some Internet Service Providers it is just not financially feasible and others it comes down to principle. Of course there is cause for concern that the NSA will overstep its boundaries and monitor all public network activity. Under the Child Protection and Sexual Predator Act, ISP’s are not required to monitor electronic communications but does require then to contact authorities as soon as they are made aware that it is on one of their networks. If they fail to do so they can be fined $50,000 for their first violation and $100,000 for additional violations. In an article called “The Already Big Thing on the Internet: Spying on Users,” Adam Cohen says that since ISP’s control your connection, they can keep track of everything you do online, there have been reports that ISP’s may have started to sell that information. AOL spokesman, Nicholas Graham stated “We have a much honored privacy policy, we absolutely do not monitor private communications between members and that includes IM’s, email, and chat rooms. Members are asked to notify AOL if they come across any kind of material like that. That’s part of the self-policing nature of our service.” According to Maureen Richter, Chief Financial officer for Cove Software Systems says she couldn’t monitor her network even if she wanted to due to the cost of bandwidth. She stated she would have to raise her prices to pay for it and would lose customers. In a survey taken in a previous class 35% of students disagreed with ISP’s monitoring web searches, email, and chat logs for safety. Most stated they don’t feel endangered by the internet. In a recent online survey about NSA’s Perfect Citizen plan to monitor cyber security 45% of voters thought it was a terrible idea. Only 19.7% thought it was a great idea. Department of Homeland Security did prepare a general set of guidelines for privacy and civil liberties in June 2009. In my opinion, I believe giving up a portion of our privacy to keep our country safe from future possible terrorist attacks, to keep our children safe from online predators, and anyone else safe from identity theft, etc then I think it is well worth it. There are companies that do have monitoring type software on their network that only records the information when key words or phrases are used. Almost like if you say the word bomb in an airport, regardless of how you use it, you are going to be stopped and questioned before you are able to go on your way. Just because ISP’s may not be monitoring your internet activity doesn’t mean someone else isn’t. Identity theft, and children being victimized happen over the internet everyday, unfortunately and it is because internet safety is not taken seriously. In Privacy Requires Security, Not Abstinence, a US Military contractor was accused of victimizing more than 4,000 teens by breaking into their computers and threatening to make their pictures and videos public unless they sent him sexually explicit photos and videos of themselves. I can understand not wanting to be spied on, but if you are not doing anything wrong to begin with then why worry about it. I mean if the programs are ran properly, as long as you’re not looking at exploiting children, how to make bombs, or planning a terrorist attack on the US or anything remotely along any of those types of lines then you’re not going to be harassed about anything and you won’t even know it’s being monitored. When the programs are run properly your information won’t be flagged to get monitored if you are not doing that kind of activity on your computer to begin with. I know there is always going to be that possibility of someone abusing the program and maybe using it for personal use or what not but that is really the case with any kind of program that is in use today especially by law enforcement. If it’s going to give me more security being online and keeping my kids safe while they are online then I really don’t care if someone is monitoring what I am doing, since I don’t plan on doing anything illegal. If there was a program that monitored what needed to be intercepted and analyzed who knows, maybe Sept 11th wouldn’t have happened. Imagine all the families that would still have their loved ones. What if those pedophiles that are out there preying on our children were monitored by their ISP’s and reported when attempting to engage in that type of behavior. Imagine all of those defenseless children who would have never been humiliated, tortured, raped almost on a daily basis. Benjamin Franklin said “They who would give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” It’s a good thing that giving up a portion of our online privacy isn’t going to provide anything little and anything temporary.

Resources: www.dhs.gov/xlibrary/assests/privacy/privacy_pia_eisntein.pdf, accessed 18 Sept 10 www.pcworld.com/businesscenter/article/200706/nsa_perfect_citizen_raises_big_brother_concerns_in_private_sector.html, accessed 18 Sept 10 http://news.cnet.com/8301-10784_3-9926899-7.html, accessed 20 Sept 10 http://www.technologyreview.com/web/22831/, accessed 20 Sept 10 http://news.cnet.com/8301-13578_3-10463665-38.html, accessed 20 Sept 10 www.fbi.gov/cyberinvest, accessed 22 Sept 10 www.eweek.com/c/a/security/nsa-cyber-security-program-details-revealed-275248, accessed 23 Sept 10 www.nytimes.com/2008/04/05/opinion/05sat4.html, accessed 23 Sept 10 www.brighthub.com/internet/security-privacy/articles/83739.aspx, accessed 25 Sept 10 www.onlin.wsj.com/community/groups/security/topics/do-you-think-nsas-perfect, accessed 25 Sept 10 http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html, accessed 25 Sept 10 www.privacyrights.org/fs/fs18-cyb.htm, accessed 25 Sept 10