One agency wants Internet wiretaps, another wants privacy protected

An FBI initiative that would make it easier for law enforcement to wiretap the Internet works at cross purposes with a recently launched cybersecurity public awareness campaign, privacy advocates said.

Bureau officials are pushing Congress to pass a bill that would require manufacturers of Web-based technologies to equip their products with programs that allow the government to intercept messages from suspected criminals, according to media reports published last week.

Simultaneously, Obama administration officials are beginning an initiative aimed at teaching Americans how to defend themselves against hackers. The seemingly conflicting policies raise questions about the ability of the government to protect the security of the Internet while at the same time protecting the nation's security.

The Homeland Security Department on Monday kicked off its 7th annual National Cybersecurity Awareness Month with its Stop. Think. Connect campaign. The department is supplying communities, organizations and individuals with materials that instruct Internet users how to safeguard personal information and online communications.

Civil liberties groups largely support the campaign. The initiative is "a great start," said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. "If consumers took the campaign's top-level advice to make sure they have antivirus software and firewalls that are properly installed, properly configured and kept up-to-date, a significant part of the cybersecurity problems that we face would be solved."

He added, however, "The administration needs to send a clear, consistent message on cybersecurity. The recently disclosed FBI initiative to require innovators to design their communications applications with backdoors to make them more wiretap-ready is an anti-cybersecurity approach sure to be exploited by hackers and perpetrators of ID theft."

Likewise, Seth Schoen, senior staff technologist at the Electronic Frontier Foundation, noted, "I think there's an interesting irony" given the news the FBI is planning "to force technology developers to build backdoors in their security systems. . . . Law enforcement's desires for backdoors in communications infrastructure could easily come in direct conflict with the government's desire to strengthen computer security."

The Electronic Privacy Information Center generally supports the effort to encourage greater public awareness of cybersecurity, said EPIC Executive Director Marc Rotenberg. "Federal agencies, in particular, need to do a better job safeguarding the information they collect," he added.

FBI officials said the effort to conduct legal online wiretaps is not in conflict with the effort to promote computer security. "There is no inconsistency between the FBI's desire to improve cybersecurity through cyber awareness and its desire to be able to execute court-authorized wiretaps," said spokesman Paul Bresson. "The FBI is not proposing that backdoors be built into communications applications, but only that communications providers be able to deliver a particular person's communications when served with a court order authorizing such an interception."

Schoen sees other weaknesses in the administration's cyber awareness campaign. "I've heard computer security compared to other public goods that government tries to promote with education, especially public health," he said. The difference between public health and computer security campaigns is that intelligent adversaries who have access to cyber educational materials may undermine the online safety initiatives, especially ones that are brief and widely accessible, he noted.

Another problem: Even though the government has immense influence on public opinion, any overt educational effort risks appearing silly and out of touch, Schoen said. He cited as an example the use of the term cybersecurity. "In my experience, the cyber prefix is ubiquitous in government but no longer used at all outside the government except in the context of cybersex," he said.

A senior administration official said safeguarding personal freedom online and nabbing suspicious e-communications are not mutually exclusive.

"Hardening our cybersecurity defenses around critical infrastructure and protecting classified and sensitive information go hand in hand and are easy examples to point to," he said.

The White House realizes it is hard to change people's habits overnight and that other public service campaigns took awhile to catch on, the official said. "It took decades for the seat belt campaign and the forest fire campaign to sink in and have effect, but they did and were key to improving car safety and preserving our natural resources," he noted.