Terrorism plays into Net debate
Recent terrorist acts will likely spur national security debates on encryption exports and chemical plant information online.
But the recent terrorism, which led to last week's U.S. missile attacks on a suspected training camp in Afghanistan and a drug factory in Sudan, will likely be highlighted in two national security debates surrounding digital communication: the export of strong encryption technology and plans to post online government information about chemical plants that might be vulnerable.
Already, at least one lawmaker has cited the bombings as reason for controlling encryption, which scrambles digital communication to make it unreadable by an unauthorized party. Speaking on a panel at a national conference in Aspen, Colorado, Tuesday on the future of the Internet, Rep. Michael Oxley (R-Ohio) said he doubts that legislation to ease the export restrictions would be passed by Congress this year.
"I don't think we'll see the SAFE Act on the floor this fall," he said, referring to the Security and Freedom Through Encryption Act. "The bombings in Africa point at the potential for abuse."
The FBI has long argued that unrestricted exports of encryption would give criminals a new way to cover their tracks. But U.S. software makers and privacy advocates counter that the technology is already available around the world and that the Clinton administration's regulations only inhibit American firms' ability to ship the products that are most in demand.
The export rules go one step further, requiring that products shipped overseas eventually support so-called key-recovery systems, which give law enforcement officials who have obtained a court order a "spare key" to unlock the codes that secure any person's email or computer files.
Two other members of Congress on the same Aspen panel, Anna Eshoo (D-California) and Rick Boucher (D-Virginia), are pushing for SAFE's passage. But proponents of free encryption could have seen this coming the minute that they got word of the embassy explosions, as well as Tuesday's bombing of Planet Hollywood in Cape Town, South Africa.
"If they do push for its passage this year, House Rules Committee chairman Gerry Solomon will stand up and scream at the top of the lungs about the bombings," said Greg Stanko of the Economic Strategy Institute, which analyzed the crypto export policy in an April report. Solomon has been a key player in holding up SAFE.
"I think it will be used as a scare tactic--and it is a false scare tactic," he added. "The industry is going to be really smart, and they will wait until Solomon retires at the end of this year."
As previously reported, the FBI also points to terrorist activity as reason for keeping the Environmental Protection Agency from carrying out its plan to post online reports detailing chemical manufacturers' worst-case accident scenarios, with estimates of how many people would die if toxic gases were released, if an explosion took place, or if dangerous liquids were spilled.
The FBI fears that terrorists will target specific plants based on that information. Community activists say people have a right to know if an explosion could devastate their towns.
The reports were to begin appearing on the Net in January. The two agencies are meeting next month to discuss the issue once more.
"No decision has been made. We have continued meeting with the FBI and others," said Karen Shanahan, who is developing the technological infrastructure to collect the risk management plans for the EPA.
"This issue has heated up because of the recent bombings," she added. "But the FBI was cautious before anything happened."
Still, because national security officials offer little proof that encryption or information on the Net is actually helping or encouraging terrorists, it's hard to know if limiting the export of encryption or the availability of EPA data will help catch or deter terrorists.
"I'm not sure we really know how they pick their targets," said Martha Crenshaw, professor of government at Connecticut's Wesleyan University, who has consulted for the State Department and Defense Intelligence Agency and authored two books about terrorism.
"I don't know of any attacks on a chemical plant or nuclear power plant. There have been attacks on electrical power grids in the United States," she added. "They use the Net as a form of communication, oh yes, and there is no reason to believe they won't use encryption."
Crenshaw said groups such as the Aum Shiryinko, a Japanese cult that released sarin gas in a subway in 1995, were already scientifically and technologically savvy, and that limiting access to the technology or information on the Net won't stop them. "When you try to restrict terrorists, you are restricting people who have a right to use it," she said.
"Technology is really difficult to control," she said. "During the Cold War, our enemies found ways of getting technology we tried to restrict."
Some security consultants, paid to help companies protect themselves from economic espionage as well as terrorism, say the FBI has good reason for concern but that terrorists will do their deeds with or without U.S. encryption and online government information.
"Chemical plants are high-risk facilities, and it could be expected for a terrorist to target a chemical facility--an eye for an eye," said Thomas Preston, head of Preston Global, which helps companies set up counterterrorism plans.
"Terrorists that are sophisticated can come off with other scenarios and be quite creative against those that plan defensives," he added.
Will encryption restrictions and a limited EPA Web site derail terrorism? "It could delay terrorists," Preston said, "but nothing ever stops them except eradicating them."