@INFO.POLICY

Are spies and antivirus purveyors in cahoots?

Robert Gellman

If you are not careful when surfing the Internet, someone could install so-called spyware on your system that tells third parties about your Internet activities. I am not talking about viruses. The perpetrators are usually advertisers who want marketing data.

I run an antispyware program periodically to find and remove these intruders. As far I can tell, the program works. Still, I have this nagging thought: Suppose the company, whose software is free, decided to take a payment from a particular advertiser in exchange for not ratting on that advertiser's spyware?

I have no reason to believe that this has happened. However, it is common knowledge that some search engines take secret payments in exchange for highlighting certain Web sites when responding to search requests. Most troubling is the lack of transparency. Let's follow the transparency thread.

Suppose a producer of virus-scanning software decided its product would not detect a particular virus. That may sound bizarre, but it is now a topic of discussion. The story started because the FBI is developing a virus that would install keystroke-logging software on a computer through an e-mail message. If standard virus programs detect the software, of course, the idea is worthless.

I've heard some Net buzz that antivirus software companies have considered modifying their programs to avoid detecting the FBI's logging program. Whether that's realistic isn't clear. You can't believe everything you hear on the Net.

But why would a virus detection software company consider not detecting a virus, no matter what the source? The answer is because of the events of Sept. 11. People and companies could be afraid to stand in the way of anything promoted as fighting terrorism.

A middle ground might be to pass the decision to network administrators. Looking from the other end of the food chain, perhaps the government would ask Microsoft Corp. to change its operating system so that FBI spyware could not be detected.

I don't want to get carried away here. Things have not gotten out of hand. Yet. But one of the more depressing aspects of the response to terrorism is the extent to which some people are zealously willing to violate basic principles and even break laws in their zeal to help. This might be understandable at some level, but not everything done or proposed in the cause of fighting terrorism is useful, logical or right.

If as a country we change our fundamental principles, values and protections, the terrorists will have succeeded beyond their wildest dreams. If we sacrifice what remains of Internet transparency to fight terrorism, we may not accomplish anything positive in the battle against cyberterrorism and yet we could destroy much of the value of the Internet. It is far from clear that any FBI software will help find terrorists or that it won't be used to abridge the rights of Americans.

In the end, I can't do better than Ben Franklin: 'They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.'

Robert Gellman is a Washington privacy and information policy consultant. E-mail him at rgellman@cais.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above