Remember how the awesome strength of the Slammer Worm ripped apart our global information infrastructure? Hospitals went off-line, cell phones didn't work, classified CIA documents were e-mailed to elementary schools, and our precious data streams were contaminated by enemy bits. Worst of all, a Canadian election was canceled. In the ensuing chaos, hackers stole 12,000 credit card numbers and sold the information to the Taliban so terrorists could order chemical weapons on eBay.
Of course, none of this happened. But you'd never know it from statements by departing cybersecurity czar Richard Clarke and the usual technology-challenged members of the media. Slammer was certainly inconvenient, taking some businesses and part of the Korean phone system off-line for several hours, but it was not the killer worm one might have expected from reading the headlines. In our current antiterrorist frenzy, the attack on Microsoft SQL servers came to embody everything we fear about so-called information warfare. Its global penetration of computer networks caught everyone off-guard and hinted at possible future devastation.
Brian McWilliams, a smarty-pants journalist from New Hampshire, satirized the national mood by sending out e-mails in which he pretended to be an Islamic terrorist who had launched the worm. He even fooled Dan Verton, a former U.S. marine intelligence analyst, into writing a big, splashy story about it for Computerworld magazine. Verton was so eager to swallow McWilliams's fake tale that he didn't even bother to check the headers on the e-mail he got from McWilliams -- had he done so, he would have discovered it originated in North Carolina rather than Pakistan.
Most people, including policy makers, know so little about computers that they're tempted to associate the "black box" of a computer with the "black box" of terrorism. It's interesting to note that Sami al-Arian -- one of the first U.S. residents arrested under suspicion of terrorist activities as a result of our newly relaxed domestic intelligence-gathering laws -- happens to be a professor of computer science. Knowing something about computers makes you an extra-suspicious character. Just ask John Ashcroft, whose recently drafted Domestic Security Enhancement Act of 2003 contains a section about "the unlawful use of encryption." As Kevin Poulsen reports in SecurityFocus, Ashcroft wants to set up prison terms for anyone who "knowingly" encrypts any "incriminating communication" related to a federal crime they're committing.
OK, a federal crime is a federal crime -- already illegal, already carrying the promise of a prison term with it. Why the additional punishment? It's part of the intelligence community's infatuation with identity profiling. If you've got a law implying that encrypted communication is what the bad guys use, then anyone who has the modicum of technical knowledge required to use PGP crypto on his or her e-mails could conceivably be placed under surveillance. Crypto users fit the "terrorist profile." You know, the same way people attending mosques fit the terrorist profile -- which might be why Federal Bureau of Investigation director Robert Mueller has directed field agents to start counting local mosques and worshipers. Allah help you if you try to send encrypted data from your mosque's computers!
It's funny how we mistrust technology and computer know-how and at the same time worship it. Who at the Department of Defense doesn't love the sleek, curvy Predator, an unmanned (i.e., largely computer-run) surveillance plane that can deploy Hellfire antitank missiles? And who at the DOD doesn't secretly hope databases will deliver us from terror? While Congress is happily stomping all over John Poindexter's Total Information Awareness data-dredging plan, President George W. Bush is nevertheless pushing for a Terrorist Threat Integration Center, whose mission would be like TIA's: to data-mine global information systems for early warnings of terrorist activity. While some techies will be detained for using crypto, other techies will secure the nation.
This would be a good time to remember that one of the first geek hero movies was also an antiwar movie. WarGames (1983) is a weirdly anti-Reaganite film about how a plucky little hacker named David teaches the military-industrial complex that War Is Bad. We begin with David hacking into an automated nuclear weapons deployment system, which he mistakes for a cool video game. When he starts playing, David discovers that (gasp!) the game is real! The plot is your typical hacker-meets-secure system scenario, with one twist. David doesn't save the world. The computer stops the impending nuclear disaster: After playing thousands of simulations, it determines that nobody can win a nuclear war and shuts down. In WarGames a computer learns what the nation's human cold warriors could not: that we shouldn't engage in war, because everyone will die. And that would be bad.
This is a pretty cheerful viewpoint when you consider all of the ways in which our current government is simultaneously demonizing and deploying technology in the service of war. It makes me wonder if humans secretly hope their machines will take over and create perpetual peace. Or perhaps, more pessimistically, we'd rather have machines take responsibility for what we're doing to ourselves.
Annalee Newitz ( firstname.lastname@example.org) is a surly media nerd whose domestic surveillance agency is watching you buy coffee at Starbucks. Her column also appears in Metro, Silicon Valley's weekly newspaper.