Cybercrime: Protecting Public Safety
and Personal Privacy
Testimony of Alan Davidson
Center for Democracy and Technology
Subcommittee on Crime of the House Judiciary
June 12, 2001
Mr. Chairman and Subcommittee Members, thank you for calling
this hearing and giving CDT the opportunity to testify about cybercrime.
Our nation is at a point where revolutionary changes in communications
and computer technology have created new concerns about public
safety, security, and privacy online. Cybercrime is a serious
problem that demands a real, though limited, response from government.
That response must be crafted recognizing that the digital age
also offers tremendous new capabilities for law enforcement, while
the rise of personal information online has eroded essential privacy
guarantees under law.
As Congress considers cybercrime it should also strengthen outdated
privacy laws to restore the shifting balance between government
surveillance and personal privacy, to build user trust and confidence
in this economically vital new medium, and to afford law enforcement
agencies, online service providers, and Internet users the clear
guidance they deserve.
This testimony explores three broad themes:
Cybercrime is a serious problem, but must be considered
in the context of today's technology, law enforcement capabilities,
and eroding personal privacy protections.
· The Internet's unique open and decentralized architecture offers
new challenges to traditional approaches to crime. But care must
be taken that efforts to address cybercrime do not stifle the
innovation or freedom that have been hallmarks of the Internet's
· The digital age offers tremendous new tools for law enforcement.
The soaring collection of electronic records about online and
offline activity have created a wealth of information to investigate
and prosecute crimes. On balance, the digital age is likely to
be a major net plus for law enforcement capabilities.
· Privacy rules have not kept pace with these changes. Astonishingly,
the last significant update to our privacy and surveillance rules
came in 1986 - before the invention of the World Wide Web, before
the Internet became a fixture in schools, homes, and businesses,
before more than one in two Americans used mobile phones.
Concerns about cybercrime need not, and should not, become
an excuse for sweeping new authorities or greater government surveillance
· The government has a real, but limited, role in promoting security
online. The nature of the Internet makes its users the first and
most important line of defense against cybercrime, and government
alone can do little to guarantee Internet security. Government
does have an important role focused on getting its own house in
order, training personnel to deal with new technologies, and supporting
· It is not clear that new government authorities or investigatory
powers are needed. Substantial authorities already exist for investigating
and prosecuting most cybercrime.
· There is a real risk that cybercrime concerns will become an
excuse to implement sweeping new authorities that jeopardize personal
privacy. Past efforts to mandate key recovery encryption backdoors,
deployment of the "Carnivore" surveillance tool, and expansion
of CALEA requirements demonstrate a track record of invasive responses.
The point is best underscored in Europe, where implementation
of a new Council of Europe Convention on Cybercrime and new data
retention proposals are creating huge concerns about personal
privacy, cost burdens, and Internet architecture.
Congress should strengthen weak and outdated privacy
protections. While improvements to security technology
can come from the private sector, only legislation can update
the 1980s surveillance and privacy laws in order to provide confidence
in the network and resolve gaps and ambiguities in the law. Top
priorities should include --
· Providing heightened protections for access to wireless location
information, now available for tens of millions of Americans carrying
(or driving) mobile phones.
· Increasing the standard for use of pen registers and trap and
trace devices, and limiting their use on the Internet since address
data for email and Web browsing can be much more revealing than
telephone numbers dialed.
· Providing enhanced protection for personal information on networks.
This testimony provides a more detailed list of needed reforms.
As a starting point, we would encourage Congress to take up the
helpful protections developed and passed by the House Judiciary
Committee last September in H.R. 5018 of the last Congress.
It should be noted that nothing in these proposals would deny
law enforcement the tools needed to fight crime and defend national
security. No law enforcement agency would be prohibited from locating
a criminal suspect or monitoring a terrorist's email. All these
proposals do is to set clear and strong privacy guidelines for
use of electronic surveillance techniques and require public reporting
as the foundation of oversight and accountability.
These are complex issues vital to the future health and growth
of the Internet. CDT looks forward to working with the Subcommittee,
the Justice Department, and others in the law enforcement community
to evaluate cybercrime proposals and to flesh out needed privacy
enhancements, in order to restore the trust, security, and privacy
consistent with the Internet's promise of promoting economic opportunity
and individual freedom.
The Center for Democracy and Technology is a non-profit, public
interest organization dedicated to promoting civil liberties and
democratic values on the Internet. Our core goals include ensuring
that the Constitutionís protections extend to the Internet
and other digital media. CDT also coordinates the Digital Privacy
and Security Working Group (DPSWG), a forum for more than 50 computer
and communications companies, public interest groups, and associations
working on information privacy and security.
Context: Law Enforcement Capabilities and Privacy Protections
in a Digital Age
As the Internet becomes increasingly important to consumers and
businesses, concerns about criminal activity online and cybercrime
are becoming more prevalent. The rapid pace of change has made
it harder for Internet users to protect themselves, and creates
real challenges for law enforcement.
Concerns about cybercrime are serious. But there are also many
reasons to believe the important balance between investigatory
powers and individual liberty - enshrined in our legal system
and guaranteed by the constitution - has shifted in this digital
age, and that greater protections are actually needed for personal
privacy. Part of this context is that the digital age offers remarkable
and effective investigative tools for law enforcement. At the
same time, the amount of personal information available electronically
is rising and there is great need for updates in outdated surveillance
and privacy law.
The Internet: Rising use, growing concerns, and an eroding
The Internet is at once a new communications medium and a new
locus for social organization on a global basis. Because of its
decentralized, open, and global nature, the Internet holds out
unprecedented promise to promote expression, spur economic opportunity,
and reinvigorate civic discourse. Individuals and groups can create
new communities for discussion and debate, grassroots activism
and social organization, artistic expression and consumer protection.
The Internet has become a necessity in most workplaces and a fixture
in most schools and libraries.
Every day, Americans use the Internet to access and transfer
vast amounts of private data. Financial statements, medical records,
and information about children ñ once kept securely in
a home or office ñ now travel through the network. Electronic
mail, online publishing and shopping habits, business transactions
and Web surfing profiles can reveal detailed blueprints of peopleís
lives. And as more and more of our lives are conducted online
and more and more personal information is transmitted and stored
electronically, the result has been a massive increase in the
amount of sensitive data available to both potential criminals
as well as government investigators.
As social, economic, and personal activities move online, criminal
activity taking place or being investigated through the use of
the Internet is increasing as well and will likely to continue
to increase. One element of concern about cybercrime is the rise
of both familiar forms of criminal behavior extended to the instrumentality
of the Internet, as well as new harmful acts - such as hacking
or identity theft - unique to the digital age. Another concern
is the tremendous changes in law enforcement methods that will
be needed to adopt to a world where criminal activity is moving
off of street corners and into cyberspace. These concerns are
exacerbated by new public education problems, as people and business
rapidly adopt new online activities without a clear understanding
of how to protect themselves and using technologies that may not
have adequately accounted for security needs.
A natural reaction in the face of cybercrime concerns is to seek
new governmental authorities and powers. A starting point for
considering these government actions is the old doctors' adage:
First do no harm. There is a real risk that sweeping new mandates
or regulations providing incremental improvements in security
could undermine many of the open and decentralized features that
have been essential to innovation, growth, and freedom online.
More broadly, cybercrime must be addressed in the context of
the important protections for individual liberty that stem from
the U.S. constitution and are enshrined in our legal system. The
Congress and our courts have often denied powerful surveillance
tools or police powers to the government in order to guarantee
basic liberties. In considering cybercrime, it is appropriate
to look at both the new capabilities now available to government
as well as the eroding state of legal privacy protections.
The Digital Age Presents Tremendous New Tools For Law
While the Justice Department frequently complains that digital
technologies pose new challenges to law enforcement, it is clear
that the digital revolution has also been a boon to government
surveillance and collection of information. For example, in testimony
last year before a Senate appropriations subcommittee, FBI Director
Freeh outlined the Bureau's success in many computer crime cases.
Online surveillance and tracking led to the arrest of the Phonemasters
who stole calling card numbers; an intruder on NASA computers,
who was arrested and convicted in Canada; the thieves who manipulated
Citibank's computers and who were arrested with cooperation of
Russian authorities; and the creator of the Melissa virus, among
others. More recently, alleged hackers who distributed the "I
Love You" virus and initiated last year's debilitating distributed
denial of service attacks on prominent U.S. web sites have been
In many of these cases, it is the Internet itself that has provided
the key instrumentality in investigating and gathering information.
Examples include the Justice Department's successful "Innocent
Images" campaign to prosecute child pornography, and the recent
highly-publicized crackdown on Internet fraud.
Electronic surveillance is going up, not down, in the face of
new technologies. Computer files are a rich source of stored evidence:
in a single investigation last year, the FBI seized enough computer
data to nearly fill the Library of Congress twice. The FBI estimates
that over the next decade, given planned improvements in the digital
collection and analysis of communications, the number of wiretaps
will increase 300 per cent. Online service providers, Internet
portals and Web sites are facing a deluge of government subpoenas
for records about online activities of their customers. Everywhere
we go on the Internet we leave digital fingerprints, which can
be tracked by marketers and government agencies alike. The FBI
has even requested additional funds to "data mine" these public
and private sources of digital information for their intelligence
The FBI is also becoming adept at using data collected and stored
by the private sector. For example, a recent story in the Wall
Street Journal detailed how federal law enforcement agencies have
begun purchasing detailed collections of personal data from commercial
"look-up" companies. While this raises concerns about agencies
skirting the Privacy Act's restrictions on the government's own
data collection efforts, it is clear that the FBI is adopting
to and using these new and rich data sources.
Privacy Rules Have Not Kept Pace With These Rapid Changes
Another important context for considering cybercrime is that
outdated surveillance and privacy laws have not kept up with changing
technology and offer only reduced protections. Electronic privacy
and surveillance are today governed by a complex statutory and
constitutional framework that has slowly eroded in the face of
Remarkably, the 1986 Electronic Communications Privacy Act of
1986 (ECPA), 18 USC 2701 et seq. (setting standards for access
to stored electronic communications and transactional records)
was the last significant update to the privacy standards of the
electronic surveillance laws. Astonishing and unanticipated changes
have occurred since then, including --
· the development of the Internet and the World Wide Web, and
their widespread use;
· the convergence of voice, data, video, and fax over wire, cable
and wireless systems, and the rising deployment of high-bandwidth
· the increasing use of mobile telephones and devices, including
those that access the Internet;
· the proliferation of service providers in a decentralized,
competitive communications market; and
· the movement of information out of people's homes or offices
and onto networks controlled by third parties.
These changes have left gaps and ambiguities in the surveillance
law framework. In some cases, such as the rise of mobile location
information or the development of the Web, whole new types of
information never available before to law enforcement can now
be accessed under a legal framework that never contemplated their
existence. In other cases, such as the use of pen registers for
Internet traffic or the standard for accessing location information,
the standards and procedures for lawful access are unclear at
These gaps create privacy problems, and they also create confusion
on the part of law enforcement officers. Greater clarity and enhanced
protection is needed both to promote public confidence in law
enforcement and to provide deserved guidance about what is and
is not acceptable behavior for electronic surveillance and data-gathering.
Most fundamentally, as a result of these changes personal data
is moving out of the desk drawer and off of the desktop computer,
out onto the Internet and out of personal control. More and more,
this means that information is being held and communicated in
configurations where it is in the hands of third parties and therefore
not afforded the full protections of the Fourth Amendment under
current doctrine. In a world where the Internet is increasingly
essential for access to commerce, community, and government services,
personal privacy should not be the price of living online. Rather,
it is necessary to adopt legislative protections that map Fourth
Amendment principles onto the new technology.
Concerns about cybercrime need not, and should not, become
an excuse for sweeping new government authorities or greater surveillance
The government has a real, but limited, role in promoting
At the root of many concerns about cybercrime are problems relating
to computer security. Hacking, unauthorized access to computers,
denial of service attacks, and the theft, alteration or destruction
of data are all already federal crimes, and appropriately so.
But Internet security is not a problem primarily within the control
of the federal government. Particularly, it is not a problem to
be solved through the criminal justice system. Internet security
is primarily a matter most effectively addressed by the private
sector, which has built this amazing, complex and rapidly-changing
medium in a short time without government interference.
The government's limited role in cybersecurity stems from the
unique technical features of the decentralized, global, user-controlled
· Unlike traditional broadcast or telecommunications media, where
security concerns could be focused on a relatively small number
of large companies, today's cybersecurity solutions must apply
to literally millions of individuals around the world who create,
publish, transmit, route, process, and sell online.
· The Internet's architecture is open, with few (if any) gatekeepers
over online activities - a feature essential to the innovation
in online services, content, and technologies, and essential to
the Internet's promise in promoting free expression worldwide.
· The Internet is global, so the actions of any one national
government will only have an incremental effect on behavior and
are unlikely to prevent undesirable activity online.
In such an environment, it is the Internet's users who are the
first and most important line of defense in the fight against
cybercrime. Providing technology to protect users online - such
as strong encryption tools and secure software and networks -
is likely to be far more effective and scale far better than direct
It must be stressed that the source of the security problem is
not the architectural openness of the Internet, nor is it inherently
a function of the anonymity that openness affords. Indeed, this
robust and decentralized architecture is what makes the Internet
as resilient as it is. Rather, the problem is that security measures
compatible with the open and anonymous nature of the Internet
have been given a low priority as the Internet has grown. The
explosion of services and business online and the rapid rollout
of new software with new features have often come at the expense
of good technical security. In that sense, heightened concerns
about cybercrime are a helpful wake-up call, not only because
they highlight the lack of security but because they also emphasize
the bottom line risks.
It is clear that the private sector is stepping up its security
efforts, with an effectiveness that the government is not likely
to match given the rapid pace of technical change and the decentralized
nature of the medium. The tools for warning, diagnosing, preventing
and even investigating infrastructure attacks through computer
networks are uniquely in the hands of the private sector. In these
ways, Internet crime is quite different from other forms of crime.
In this environment, government has an important but limited
role focused on getting its own house in order, hiring trained
staff, and supporting R&D. First, it must get its own computer
security house in order. The Administrationís ìNational
Planî for cyber-security, which focuses on protecting the
governmentís own systems, has some laudable and long-overdue
elements. We are concerned, though, that it relies too heavily
on a monitoring system that threatens privacy and other civil
liberties (ìFIDNetî) and gives too little priority
to closing the known vulnerabilities and fundamental security
flaws in government computer systems. (Target date for fixing
"the most significant known vulnerabilities" in critical government
computers: May 2003.) To improve government computer security
and enforce the computer crime laws, the government needs the
resources and Title 5 authority to hire and retain skilled investigators
and computer security experts. Law enforcement must undertake
the daunting task of training a new generation of public safety
officers whose most important weapon is not a gun but a laptop.
The government should do more to support basic research and development
in computer security. It is a positive step that the U.S. government
has stopped fighting deployment of encryption. We are concerned,
though, that a range of new surveillance initiatives ranging from
"Carnivore" to CALEA and "wiretapping for the Internet" are being
used to build surveillance features without adequate attention
to security ñ and may themselves constitute a security
vulnerability. While the potential for the government to help
is limited, the risk of government doing harm through design mandates
or further intrusions on privacy is very high.
It is not clear that new government authorities or investigatory
powers are needed.
Substantial authorities already exist for investigating and prosecuting
cybercrime. It appears that most of the "cybercrime" activities
conducted online could be prosecuted through existing criminal
law. The Computer Fraud and Abuse Act and other statutes broadly
make hacking, unauthorized access to computers, and the theft,
alteration or destruction of data already federal crimes. Powerful
statutes exist to punish distribution of obscenity or child pornography
online. Existing criminal statutes covering a range of topics
from fraud to abuse of a minor are being applied to or have been
adopted to include online behavior.
It is always appropriate to consider whether our laws have been
outdated by changes in technology, and several proposals have
been under consideration to amend the computer crime statute and
the electronic surveillance laws to enhance law enforcement authorities.
The Subcommittee, after careful analysis, may find that some modest
changes are appropriate. But we urge caution, especially in terms
of any changes that would enhance surveillance powers or government
access to information. For example, the Justice Department had
proposed changes to the computer fraud statutes that would lower
the $5000 loss threshold before criminal penalties apply. However,
there is reason to believe that prosecutors are unwilling to bring
even cases that meet the threshold because of stiff mandatory
minimums that apply. Removing the damage threshold would only
exacerbate the situation and also could make de minimus activity
or online pranks serious federal crimes.
Some in government have argued that the Internet requires greater
investigatory powers. In particular, they complain about anonymity
or lack of traceability on the Internet. This is a red herring.
The digital age of web logs, ISP records, credit card transactions,
electronic banking, cookies, and clickstreams is creating a wealth
of investigatory capability where none existed before. While there
is not perfect traceability online, there is probably more traceability
online than in the real world. An anonymous vandal can throw a
brick through a bank window and run away down any number of streets.
An anonymous pickpocket can steal your wallet with credit cards
and melt into the crowd. Yet we do not require people to carry
identification cards, nor do we install checkpoints on our streets.
We do not have perfect traceability in the real world, for good
reasons. We do not need perfect identity and traceability online
Nonetheless, the Justice Department has sought further expansions
in its surveillance authorities. But surely, before enacting any
enhancements to government power, we should ensure that current
laws adequately protect privacy. For example, the government has
proposed extending the pen register statute - designed for capturing
digits dialed on a phone - to the Internet. Yet, the current standard
for pen registers imposes little effective judicial control, reducing
judges to mere rubber-stamps. Pen registers as applied to Internet
communications are far more revealing than phone numbers, and
there is a great deal of ambiguity about how they might be applied
online. In this and other cases, we must tighten the standards
for government surveillance and access to information, thus restoring
a balance between government surveillance and personal privacy
and building user trust and confidence in these economically vital
These are complex issues. CDT is prepared to work with the Committee
and the Justice Department to evaluate cybercrime proposals, to
flesh out needed privacy enhancements, and to convene our DPSWG
working group as a forum for building consensus.
There is a real risk that cybercrime concerns will become
an excuse to implement sweeping new authorities that jeopardize
Americans are already deeply concerned about their privacy, especially
online. Changes in technology are making ever more information
available to government investigators, often with minimal process
falling far short of Fourth Amendment standards. There is a real
risk that concerns over the very real problems of cybercrime will
serve as justification for legislation or other government mandates
that will be harmful to civil liberties and the positive aspects
of the Internet. Such a course is especially unjustified when
there is so much to be done to improve security without changing
the architecture or protocols of the Internet or further eroding
Examples abound already here in the U.S. For much of the last
decade, the government has sought to force Internet users to adopt
"key recovery" backdoors for their encryption products in the
name of fighting crime online - despite the security risks and
privacy concerns raised by creating backdoors in security tools.
In the name of protecting critical infrastructure, some have promoted
"Caller ID for the Internet" - a system of mandatory identification
for Internet traffic of dubious practicality that would eliminate
much privacy online. While these proposals have been largely rejected
"Carnivore" - the FBI's aptly-named Internet surveillance tool
- has been deployed despite concerns that it is ripe for abuse
and accesses too much information without appropriate legal standards
in place. The CALEA statute, passed to preserve government phone
tapping capabilities from the specter of digital age communications,
has since been expanded to include a wide variety of new services
including turning mobile phones into location tracking devices
for law enforcement - with little judicial oversight.
It is understandable that many are concerned about new surveillance
proposals put forward to fight cybercrime. We have avoided some
of the worst of these proposals here in the U.S. Unfortunately,
there is evidence that many of the most damaging surveillance
proposals are taking root outside of the U.S.
Recent efforts in Europe on cybercrime, and particularly the
experience of the recent Council of Europe's proposed Convention
on CyberCrime, underscore this point. Early versions of that Convention
- developed in part in consultation with U.S. law enforcement
officials - contained data retention and other requirements that
would have forced ISPs and web services to keep and produce vast
quantities of private data at substantial expense and with few
privacy protections. Only in response to outcry from industry
and public interest advocates were the worst of these provisions
modified in recent drafts. But the Convention still contains few
privacy protections and lacks an appropriate balance between provisions
for law enforcement and preservation of individual rights. We
note that the Convention would not require any changes in U.S.
law, and we will carefully monitor any efforts to use it as an
excuse for changes in the U.S.
A major concern about the COE Convention is how it will be implemented
by individual nations. With few clear privacy guidelines built
in, it is feared that many will use the Convention as a justification
for imposing new design mandates on Internet providers that will
threaten many of the Internet's most important characteristics.
In recent weeks, a serious proposal has been floated in Europe
to require that all Internet traffic be retained for seven years.
Besides being impractical and prohibitively expensive, if not
virtually impossible, such an effort would be an unprecedented
invasion of personal privacy and a severe rollback of initiatives
in Europe and elsewhere to limit the retention of personal data.
In addition to affecting the human rights of Internet users worldwide,
proposals such as these have an impact on U.S. users as well.
They risk subjecting consumers and businesses engaging in global
Internet communications and commerce to potential surveillance,
industrial espionage, or invasions of privacy. And they risk squelching
the promise of the Internet as a medium that promotes the free
flow of information and the exchange of democratic ideas.
The U.S. has been a force for democratic values, individual liberty,
and human rights worldwide. There is a real risk now that cybercrime
efforts here and abroad will threaten these very values. It is
important that we continue to be an example and resist the temptation
to implement cybercrime proposals that would jeopardize the promise
of the Internet to promote liberty.
The Need for Enhanced Privacy Protections
Considering the broad sweep of the digital revolution, it is
apparent that the major problem now is not that technology is
outpacing government's ability to investigate crime, but, to the
contrary, that changes in communications and computer technology
have outpaced the privacy protections in our laws. Technology
is making ever-increasing amounts of information available to
government under minimal standards falling far short of Fourth
Amendment protections. Gabs in our surveillance laws leave information
unprotected, or create ambiguities, ultimately harming public
faith in law enforcement and undermining public trust in the online
activities that have become such an important part of the digital
While improvements to security, technology, or corporate policies
to promote privacy can come from the private sector, only legislation
can update the legal framework governing electronic surveillance
and privacy. Companies can adopt great privacy practices about
the disclosure of information, but they have little choice but
to produce sensitive data they hold when presented with a lawful
order. Consumers and businesses increasingly recognize that only
legislation can provide adequate privacy protections for such
information and these protections themselves can be a key enabler
of trust and security online.
Congress should adopt a comprehensive legislative approach to
cybercrime that recognizes the urgent need for additional privacy
protections. The Congress could start by taking up the helpful
changes to surveillance law developed and passed by the House
Judiciary Committee in the last Congress, under H.R. 5018, including:
· Provide heightened protections for access to wireless location
information, requiring a judge to find probable cause to believe
that a crime has been or is being committed. Today tens of millions
of Americans are carrying (or driving) mobile devices that could
be used to create a detailed dossier of their movements over time
- with little clarity over how that information could be accessed
and without an appropriate legal standard for doing so.
· Increase the standard for use of pen registers and trap and
trace devices, requiring a judge to at least find that specific
and articulable facts reasonably indicate criminal activity and
that the information to be collected is relevant to the investigation
of such conduct.
· Add electronic communications to the Title III exclusionary
rule in 18 USC ß2515 and add a similar rule to the section
2703 authority. This would prohibit the use in any court or administrative
proceeding of email or other Internet communications intercepted
or seized in violation of the privacy standards in the law.
Require a judicial warrant for government seizure of read or
unread email stored with a service provider for up to one year.
(Currently, the warrant requirement applies for only 180 days,
and the government has maintained that it could obtain email with
a mere subpoena as soon as it is opened, no matter how recent
· Require statistical reports for ß2703 disclosures, similar
to those required by Title III.
Require high level Justice Department approval for applications
to intercept electronic communications, as is currently required
for interceptions of wire and oral communications.
In addition, other issues - some of broader scope - need to be
· Define and limit what personal information is disclosed to
the government under a pen register or trap and trace order served
on Internet service providers. Transactional or addressing data
for electronic communications like email and Web browsing can
be much more revealing than telephone numbers dialed.
· Define clearly what transactional information can be collected
on Internet communications and under what standard, making it
clear that Internet queries are content, which cannot be disclosed
without consent or a probable cause order.
· Improve the notice requirement under ECPA to ensure that consumers
receive notice whenever the government obtains information about
their Internet transactions.
· Provide enhanced protection for personal information on networks:
probable cause for seizure without prior notice, and a meaningful
opportunity to object for subpoena access.
· Require notice and an opportunity to object when civil subpoenas
seek personal information about Internet usage.
The bills put before this Committee last year were efforts towards
a modest improvement in privacy protections without in any way
denying the government any investigative tools. They should serve
as a starting point, and we hope that Members will consider reintroducing
them in the near future and begin to address the privacy concerns
of many Americans and the imbalance that exists in today's electronic
The issue of cybercrime appropriately demands public attention
and real, but limited, involvement by government. More broadly,
it speaks to the need for modernization of our surveillance laws
and greater privacy protections to counteract new threats to privacy
Protecting national security and public safety in this digital
age is a major challenge and priority for our country. On balance,
however, we believe that new sources of data and new tools available
will prove to be of great benefit to government surveillance and
law enforcement. These new technologies are likely to make law
enforcementís job harder in some ways. There is no doubt
that resources will be needed to deal with change as the Internet
alters traditional methods of crime fighting and information gathering.
The real cybercrime risk is that concerns about public safety
will become a justification for sweeping new surveillance proposals
or design mandates that destroy the best features of innovation
and freedom on the global, open Internet. It is essential that
we offer a measured response to these concerns, and urgently take
up the need to reform privacy protections in the electronic surveillance
House Rule XI, Clause 2(g)(4) Disclosure: Neither Alan Davidson
nor CDT has received any federal grant, contract, or subcontract
in the current or preceding two fiscal years.