I'm a Terrorist Now

Now that the anti-terrorist USA Patriot Act has passed, I am officially a terrorist. Yes, it's true. Going by the various and sundry definitions of terrorist in this bill, you might be a terrorist too. If you have broken into and "damaged" any Internet-connected computer within the last eight years, you are now deemed a terrorist. That means if you have ever been the sort of hacktivist who protests political Web sites by defacing them or replacing their home page with one full of dissenting information, your crime will be deemed terrorism and punished accordingly.

Suddenly, stories about what I call Robin Hood hacks -- cyber-crimes whose aim is not to destroy but to encourage techs to make their software more secure -- are being perverted by government rhetoric into something evil and strange. A few weeks ago a Robin Hood hacker changed some words in a Yahoo! News story to demonstrate the security flaws in Yahoo!'s content-management system. This hacker's point was not to "damage" anything, since obviously she or he could have done much worse than alter a quote from Attorney General John Ashcroft. All he or she wanted was for Yahoo! to use better software, software that would protect the company and users alike. But now this Robin Hood's crime -- a crime that normally would lead to more protection for the defenseless -- is defined as terrorism according to the USA Act.

And what about the person who hacked a hot link in a CNET news story, redirecting unwary readers who clicked on it to a picture of an extremely distended anus? Obviously a terrorist too.

You are a terrorist even if you have (knowingly or unknowingly) harbored terrorists, which makes me an uber-terrorist, no doubt. Cyberterrorism, a term the government has invented to stigmatize people who were once just hackers, is defined as computer crimes that result in damage "aggregating at least $5,000 in value." I wonder if breaking copyright protection on a $20 game, then distributing it to several thousand of your good friends on a file-sharing system constitutes cyberterrorism? After all, you've probably "damaged" some game company's sales to the tune of $5,000.

To aid in the detection of dreaded cyberterrorists and other unsavory persons -- especially ones involved in anti-globalization activism -- the USA Act will allow the feds (without judicial oversight) to use the Carnivore electronic surveillance system to read your e-mail and figure out which sites you've visited on the Web.

Here's the truly creepy part: if law enforcement suspects that just one person using your ISP is a terrorist, it can install Carnivore, which allows it to intercept mail from every single person using your ISP's servers. Feds are regulated only by the honor system. They promise not to read your mail if you're not a suspect, even though they can. And they also promise not to read the content of your e-mail if you are a suspect, only the "to" and "from" fields. That's reassuring. Frankly, I'd rather have the person who hacked Yahoo! monitoring my mail.

Given the USA Act's resounding success, the House of Representatives has already started drafting another exciting anti-terrorism bill, this time to combat bioterrorism. It's called the Bioterrorism Protection Act, and if passed, it would allocate $13.5 million to "biometric techniques to identify suicide biological bombs." These "bombs" are actually people who would (hypothetically) infect themselves with contagious diseases and try to cross the U.S. border to infect the population with whatever oogie virus they've managed to concoct. What hasn't been mentioned in discussion of this legislation is that border officials could use it as an excuse to accuse immigrants with infectious diseases of attempted bioterrorism.