The recent arrest of alleged super-hacker Kevin Mitnick has focused the attention of the public on the dangers of putting sensitive information online: communication networks, by their nature, will always be technically insecure. Unless you use special tools to encode your sensitive information, nothing you put on a public computer system is invulnerable to snooping.
This knowledge should not cause us to act out of ignorance and fear. We must make sure that the latest cycle of hacker-notoriety, in the absence of widespread knowledge of what goes on in computer networks, does not lead to bad laws, increased censorship, and intrusively overzealous law enforcement.
We need to remember, before rushing to legislate, investigate, and prosecute, that most people online are engaged in building, not destroying, and that the very freedom that makes the system vulnerable is also what makes it valuable. Millions of people online are not hackers. We are scientists, educators, students, artists, engineers, parents, citizens who build communities and grow democracy and educate and support one another. We need to be able to communicate with each other without fear of intrusion from either hackers or cybercops.
The Well, a virtual community geographically centered in Sausalito, California, played a key role in apprehending the suspect in the latest episode. The Well is where the Electronic Frontier Foundation was born and the Computers, Freedom, and Privacy conferences are organized, which leads some to ask why a system famous for its defense of individual liberties should cooperate with law enforcement officials. As someone who helped build the Well, and played a small role in making the decision to cooperate with the hacker-hunters, I want to explain that requiring law enforcement officials to observe Constitutional safeguards is not the same thing as harboring criminals.
A malicious hacker, one who is known to steal and destroy data, passwords, valuable proprietary information, credit card numbers, poses the same danger to a virtual community as an arsonist represents in a community made of paper. Every community requires a basic level of trust. In a virtual community, where people can neither see nor hear one another, a basic level of trust is even more important. A hacker steals from the common pool of trust that makes it possible for groups of strangers to give each other useful information. Computer communities are useful precisely because the whole is greater than the sum of the parts when it comes to sharing knowledge. You can't share when others steal, and neither can you share when the police poke around indiscriminately in your private files.
The safety of the wider community, the need for law enforceement to use the power we legitimately grant them to apprehend outlaws who threaten that community, must always be balanced by a vigilance to Constitutional guarantees. The Bill of Rights exists because Americans have always feared fishing expeditions by the State. If there is a good reason to believe a serious crime is committed, law enforcement officers are required to present their evidence and obtain permission or a warrant for a specific search. There are outlaws in cyberspace, like everywhere else humans congregate. If we don't believe vigilante justice is the way to deal with online crime we need a limited amount of law enforcement in cyberspace.
We might need police, but we don't need thought police or secret police. We owe it to our freedom to hold cybercops accountable to the Constitution and we must not let legislatures extend unreasonably the power of State authorities to snoop in cyberspace.