acm-header
Sign In

Communications of the ACM

Home/Magazine Archive/November 2001 (Vol. 44, No. 11)/Inside Risks: Risks of Panic/Full Text
Communications of the ACM

Inside Risks: Risks of Panic

By Lauren Weinstein, Peter G. Neumann
Communications of the ACM, November 2001, Vol. 44 No. 11, Page 152
10.1145/384150.384158
Comments
View as: Print Mobile App ACM Digital Library Full Text (PDF) Share:

The horrific events of September 11, 2001 have brought grief, anger, fear, and many other emotions. As we write these words a few weeks later, risks issues are now squarely on the world's center stage, particularly technological risks relating to security and privacy.

With the nightmare of recent events still in a haze of emotions, now is not the time to delve into the technical details of the many risks involved and their impacts on the overall issues of terrorism. We can only hope that future risks warnings will be given greater credence than has typically been the case in the past.

We all want to prevent future attacks, and see terrorists brought to justice for their heinous actions. But this does not suggest we should act precipitously without carefully contemplating the potential implications, especially when there has been little (if any) meaningful analysis of such decisions' real utility or effects.

Calls for quick action abound, suggesting technical and nontechnical approaches intended to impede future terrorism or to calm an otherwise panicky public. What follows is a sampling of some current proposals (all in a state of flux and subject to change by the time you read this) that may have various degrees of appeal at the moment. However, not only is it highly questionable whether these ideas can achieve their ostensible goals, it's certainly true that all of them carry a high risk of significant and long-lasting deleterious effects on important aspects of our lives. While improvements in our intelligence and security systems are clearly needed, we should not even be considering the implementation of any of these items without extremely careful consideration and soul searching:

  • Increased use of wiretapping, without many existing legal restraints.
  • Widespread monitoring of email, URLs, and other Internet usage.
  • Banning strong encryption without "backdoors" for government access. (In general, the existence of such backdoors creates a single point of attack likely to be exploitable by unauthorized as well as authorized entities, possibly increasing crime and terrorism risks instead of reducing them. For more information see Hal Abelson et al., "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption"; www.cdt.org/crypto/risks98).
  • Face and fingerprint identification systems.
  • Arming of pilots; remote-controlled airliners; biometrically-locked airliner controls.
  • Indefinite detention without trial.
  • Life in prison without parole for various actions that proposals are broadly interpreting as "terrorist" (potentially including some security research, petty computer hacking, and other activities that clearly do not fall under currently established definitions of "terrorism").
  • National ID cards (such as smart cards or photographic IDs), which have only limited potential to enhance security but also entail an array of serious risks and other negative characteristics.
  • Massive interagency data sharing and loosened "need to know" restrictions on personal information related to areas such as social security numbers, driver's license information, educational records, domestic and foreign intelligence data, and so on. All such data can lead directly to not only identity theft but also to a wide range of other abuses.

These and many other proposals are being made with little or no evidence they would have prevented the events of September 11th, or would deter future highly adaptable terrorists. Some of these concepts, though their motives may often be laudable, could actually reduce the level of security and increase the risks of terrorist attacks. The details of these effects will be topics for much future discussion, but now is not the time for law-enforcement "wish lists" or knee-jerk reactions, including many ideas that have been soundly rejected in the past and which have no greater value, and no fewer risks, than they did prior to September 11th.

We must not obliterate hard-won freedoms through hasty decisions. To do so would be to give the terrorists their ultimate victory.

Our best wishes to you and yours.

Back to Top

Authors

Lauren Weinstein ([email protected]) and Peter Neumann ([email protected]) moderate the PRIVACY Forum (www.privacy-forum.org) and the ACM RISKS Forum (www.risks.org), respectively.

©2001 ACM  0002-0782/01/1100  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2001 ACM, Inc.

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: