Tina K. Russell

September 2, 2007

Spy? Where?

Filed under: germany, security, spyware, technology — Tina Russell @ 6:54 am

You know, German chancellor Angela Merkel is kind of one of my favorite people in the world despite the fact that I know next to nothing about her, because, uh, she’s a woman and holds one of the world’s most powerful offices. And, uh, she’s pretty. Yeah, I know, I could stand to have a better decision matrix for this kind of thing.

I’m sure the Internet is ablaze over the German government’s plan to plant spyware on the computers of German terror suspects, and while I think Angela Merkel is a damn fine world leader (…sorry…) I think this sounds like a really bad idea. Now, I’m not opposed on principle to the government using spyware, any more than I am opposed to the government using double agents or wiretaps. The government has to get into the 21st century for its crime-fighting, and anything that ensures that technology isn’t exclusively the domain of tinkerers and criminals is good. (Tinkerers are good, but we cannot fight criminals on our own forever.) If two details would be changed about this, I would be happy.

1. It’s too obvious. I mean, really. From the linked San Jose Mercury News article:

Schaeuble’s office has
not yet released a copy of the bill, but elements of it that were
leaked to German media include allowing investigators to
send e-mail messages that appear to be from the Finance Ministry or the
Youth Services Office, but which actually carry the Trojan horse

You might as well be sending E-mails that claim to contain enticing pictures of Anna Kournikova. If I were even remotely convinced that the German government would try something a little more nuanced, I would be happy. For instance, if the government were able to intercept the transmission of an important executable file between criminals and replace it with a bugged one, that would be great. That would be a classic tactic. However, there’s absolutely no reason that the government would send you an executable file except to install spyware on your machine. Also, I’ll be really mad if they try the whole “.doc.exe” trick, where an executable file is dressed up vaguely like a text document or something. I mean, at that point they might as well spam their Counter-Strike games with taunts or fill their inboxes with lawyer jokes or something.

There’s another problem here… I don’t want the government, any government, legitimizing the practice of sending spyware. I’d be worried about people reading this article and thinking that, if they get such an E-mail claiming to be from the government, the government only has their best interests at heart. If the government gets into the spyware business, it’s going to become a new favorite front for spyware pushers everywhere. I mean, I’m sure they do this already, but there’s going to be this idea among average Germans (at least some of them) that you shouldn’t be afraid to open an attachment to a government E-mail, because even if it has spyware it is only used to catch terrorists. The truth is that if the government begins using spyware to catch terrorists, attached to E-mails identified as sent by the government, spyware pushers everywhere will begin using “the government E-mail” as a front and, if you get such a suspicious E-mail claiming to be from the Finance Ministry it is much more likely to be spyware that signs you up for a spam botnet rather than one that fights terrorists… and don’t forget that distributed computing, achieved through spyware, is one of a terrorist’s greatest tools. I wouldn’t want any government legitimizing such spyware, whether they mean to or not.

The biggest computer security concern of our day is making sure people know they should not open E-mail attachments that are either a) executable or b) from people they don’t trust (and, in general, avoid it if you don’t know what you’re doing). (Yes, I know that “a” prevents “b” from being necessary but it never hurts to make n00bs a little extra cautious in this area.) If the government, any government, gets into the spyware game it gives spyware legitimacy it doesn’t deserve. But also, every terrorist in the world is going to know not to open chump E-mails from “the Finance Ministry” or “the Youth Services Office.” Unless they can dress it up a little–attempt to infiltrate the terrorist network, imitate specific people, intercept important communications, etc.–such amateur-hour spyware cons are going to do much more harm then good, especialy because terrorists are going to begin sending out identical E-mails, with their own, choice spyware, as soon as the government does.

2. The terror obsession concerns me. Terrorism is a really, really bad deal, and terrorists are very evil people. The whole concept of terrorism is abhorrent, because it says you should use violence to achieve a political end. Terrorism says you should kill people in order to scare the rest into submission. Terror networks need to be infiltrated and forcibly disbanded, and I support any attempt to bring our anti-terror operations to the level of our new technology, especially since terrorists long ago learned to make use of the readily-available technology that world governments are only beginning to discover.

However, the idea that there is nothing in the world worse than terrorism concerns me because, in order to convince me that this government spyware program isn’t going to be used for a political agenda (getting the nationalist or the law-and-order vote, etc.) I would need to be assured that this is going to be used to target specific criminal networks and not “terorrists” in general. It would need to be used against drug pushers, kidnappers, slavery rings, and organized crime of all kinds. Terrorists are so insulated that it becomes very necessary to use extreme measures–such as spyware, I imagine–to infiltrate their networks. However, as I said above, the tactics will need to be nuanced to keep a government spyware program from doing more harm then good, but also, I’ll only accept that this will really be used against terrorists–and not merely political opponents of the government–if they will use it against all kinds of organized crime and drop the fanatical anti-terror stance. To say that we live in some kind of new, scarier world is to say that bad things, on the level of 9.11, only just started happening, and that offends me deeply. Crime has always been around and we constantly need to adapt our tactics to stay one step ahead of these callous, power-hungry maniacs. It does concern me that, without government action, tactics such as spyware are going to be used only by criminals and not by those fighting crime. However, if the word “terror,” and only the word “terror,” continues to be used to justify any and all dubious actions by the government of Germany, I’m going to continue to wonder if this really is for the safety of the people, or if its purpose is to sate an unhealthy obsession with terrorists. Terrorism is an enormous concern, no doubt, but we must be sure we don’t become like the enemy we intend to fight. Here in America, we can’t even come up with a working definition of terrorism (I would volunteer “the use of violence to intimidate a population for political ends” as a starting point), a situation ripe for abuse. I hope that, in fighting terror and adapting our tactics for a high-tech world, that we do not lose our focus on the reasons why we are fighting terrorists–to keep the population safe and free–and become short-sighted, vengeful fanatics, ineffective either at fighting terrorism or keeping the population safe.

That’s my opinion. In essence. I see nothing wrong in principle with the government using spyware, I just have extreme reservations about how it sounds like the German government is pursuing this, and I hope we maintain our balance and our perspective as we step up our fight against terrorists.

Create a free website or blog at WordPress.com.