From the Editors

has this authority will be resolved bya vigorous debate among the gov-ernment’s legislative, executive, andjudicial branches, accompanied, ifhistory is any guide, by copiousquantities of impassioned rhetoricand perhaps even the rending of gar-ments and tearing of hair. This is as itshould be.

The president’s assertion is notvery far, in some ways, fromGoogle’s claims that although itsGmail product examines users’email for the purpose of presentingto them targeted advertisements,user privacy isn’t violated because nonatural person will examine youremail. The ability of systems to minevast troves of data for informationhas now arrived, but policy has nec-essarily lagged behind. The clobber-ing of Darpa’s Total InformationAwareness initiative (now renamedTerrorism Information Awareness;http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci874056,00.html) in 2004 was a lost op-portunity to explore these topics in apolicy debate, an opportunity wemay now regain. Eavesdroppingpolicy conceived in an era whenleaf-node monitoring was the onlything possible isn’t necessarily theright one in this era of global terror-ism. What the correct policy shouldbe, however, requires deep thought

and vigorous debate lest the law ofunintended consequences take over.

Although our concerns in IEEESecurity & Privacy are perhaps slightlyless momentous, we are, by dint ofour involvement with and expertisein the secure transmission and stor-age of information, particularlyqualified to advise the participants inthe political debate about the reali-ties and the risks associated with spe-cific assumptions such as what risksare presented by data mining. As in-dividuals, we’ll be called on to in-form and advise both the seniorpolicymakers who will engage inthis battle and our friends and neigh-bors who will watch it and worryabout the outcome. It behooves usto do two things to prepare for thisrole. One, we should take the timenow to inform ourselves of the tech-nical facts, and two, we should ana-lyze the architectural options andtheir implications.

Unlike classical law enforcementwiretapping technology (covered indepth in S&P’s November/Decem-ber 2005 issue), which operates at theleaves of the communication inter-connection tree, this surveillance in-volves operations at or close to theroot. When monitoring informationat the leaves, only information di-rected to the specific leaf node is sub-ject to scrutiny. It’s difficult when

monitoring at the root to see onlycommunications involving specificplayers—monitoring at the root nec-essarily involves filtering out the com-munications not being monitored,something that involves looking atthem. When examining a vastamount of irrelevant information, wehaven’t yet demonstrated a clear abil-ity to separate signal (terrorist com-munication, in this case) from noise(innocuous communication). Bytracking down false leads, we wasteexpensive skilled labor, and mighteven taint innocent people with suspi-cion that could feed hysteria in someunfortunate future circumstance.

Who’s involved in the process ofexamining communications andwhat are the possible and likely out-comes of engaging in this activity?The security and privacy communityhas historically developed scenarioanalysis techniques in which we hy-pothesize several actors, both well-and ill-intentioned, and contemplatetheir actions toward one another as ifthey were playing a game. Assumeyour adversary makes his best possiblemove. Now assume you make yourbest possible response. And so on. Inthe case of examining communica-tions at the root, we have at least fouractors to consider.

One is the innocent communi-cator whom we’re trying to protect,another is the terrorist whom we’retrying to thwart. The third is the le-gitimate authority working to pro-tect the innocent from the terrorist,and the fourth, whom we ignore atour peril, is the corrupted authoritywho, for some unknown reason, istempted to abuse the informationavailable to him to the detriment ofthe innocent. We could choose, in

MARC DONNER

AssociateEditor in Chief

There’s some scary stuff going on in the US right now.

President Bush says that he has the authority to

order, without a warrant, eavesdropping on tele-

phone calls and emails from and to people who have

been identified as terrorists. The question of whether the president

The Impending Debate

4 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/06/$20.00 © 2006 IEEE ■ IEEE SECURITY & PRIVACY

From the Editors

recognition of the exigencies of atime of conflict, to reduce our vigi-lance toward the corrupted author-ity, but history has taught us that toignore the concept puts us and ourposterity in mortal peril.

O ur community’s challenge inthe coming debate is to partici-

pate effectively, for we occupy tworoles at once. We are technical ex-perts to whom participants turn forunbiased fact-based guidance andinsight, and we are simultaneouslyconcerned global citizens for whomthis debate is meaningful and impor-tant. We must avoid the temptationto use our expertise to bias the de-bate, but we must also avoid being

passive bystanders. We must engagethoughtfully and creatively. We owethis to our many countries, our col-leagues, our neighbors, our friends,our families, and ourselves.

The views expressed herein are solely theviews of the author and do not express theviews of his employer. —Eds.

www.computer.org/security/ ■ IEEE SECURITY & PRIVACY 5

How toContact S&P

Writers

Visit www.computer.org/security/author.htm or log onto ManuscriptCentral at http://cs-ieee.manuscriptcentral.com/. Authorsmust use Manuscript Central toupload their submissions. First-timeusers must create a new account.

Letters to the Editors

Send letters to Kathy Clark-Fisher,Lead Editor, kclark-fisher@computer.org. Please provide anemail address or daytime phonenumber with your letter.

S&P Community Forum

To visit our community forum,access www.ieeecommunities.org/securityandprivacy.

Subscription Change of Address

Send change-of-address requestsfor magazine subscriptions toaddress.change@ieee.org. Besure to specify IEEE Security &Privacy magazine.

Subscribe

Visit www.computer.org/subscribe/.

Missing or Damaged Copies

If you are missing an issue orreceived a damaged copy, contactmembership@computer.org.

Reprints of Articles

For price information or to orderreprints, send email to security@computer.org or fax +1 714 8214010.

Reprint Permission

To obtain permission to reprint anarticle, contact William Hagen,IEEE Copyrights and TrademarksManager, at copyrights@ieee.org.

www.computer.org/security/

EDITORIAL BOARDMartin Abadi, University of California, Santa CruzMassoud Amin, University of MinnesotaElisa Bertino, Purdue UniversityMichael A. Caloyannides, MitretekRobert Cunningham, MIT, Lincoln LabsDorothy E. Denning, Naval Postgraduate SchoolJohn S. Erickson, Hewlett-Packard LabsTiffany E. Frazier, BAE SystemsAnup K. Ghosh, George Mason UniversityDieter Gollmann, Technical University Hamburg-HarburgJames Hearn, independent consultantCharles J. Holland, DARPAGuofei Jiang, NEC Research Labs, PrincetonDavid Ladd, Microsoft ResearchTom Longstaff, Carnegie Mellon Univ., CERT/CCNancy Mead, SEIPeter Neumann, SRI Int’lE. Michael Power, Gowling Lafleur HendersonAvi Rubin, Johns Hopkins UniversityIra Rubinstein, MicrosoftWilliam H. Sanders, University of Illinois, Urbana-ChampaignSal Stolfo, Columbia UniversityFrancis Sullivan, IDA Center for Computing SciencesGiovanni Vigna, University of California, Santa Barbara

DEPARTMENT EDITORSAttack Trends/Malware Recon: Iván Arce, Core Security

Technologies, and Elias Levy, SymantecBasic Training: James A. Whittaker, Florida Institute of Technology,

and Michael Howard, MicrosoftBiblio Tech: Marc Donner, Morgan StanleyBook Reviews: Charles Pfleeger, independent consultant,

Shari Lawrence Pfleeger, RAND, and Martin R. Stytz, Institute for Defense Analysis

Building Security In: Gary McGraw, CigitalConference Reports: Carl E. Landwehr, University of MarylandCrypto Corner: Peter Gutmann, University of Auckland,

David Naccache, Gemplus, and Charles C. Palmer, IBMDigital Protection: Michael Lesk, Rutgers University, Martin R. Stytz,

and Roland L. Trope, Trope and SchrammEducation: Matt Bishop, University of California, Davis,

and Deb Frincke, Pacific Northwest National LaboratoryEmerging Standards: Ramaswamy Chandramouli, NIST,

Tim Grance, NIST, Rick Kuhn, NIST, and Susan Landau, Sun Microsystems Labs

On the Horizon: O. Sami Saydjari, Cyber Defense AgencySecure Systems: Sean W. Smith, Dartmouth College

COLUMNISTSClear Text: Bruce Schneier, Counterpane Internet Security

Steve Bellovin, Columbia UniversityDaniel Geer Jr., Verdasys

CS MAGAZINE OPERATIONS COMMITTEE Bill N. Schilit (chair), Jean Bacon, Pradip Bose, Arnold (Jay) Bragg,

Doris L. Carver, Kwang-Ting (Tim) Cheng, Norman Chonacky,George Cybenko, John C. Dill, Robert E. Filman, David A. Grier,Warren Harrison, James Hendler, Sethuraman (Panch)Panchanathan, Roy Want

CS PUBLICATIONS BOARDJon Rokne (chair), Michael R. Blaha, Mark Christensen, Frank

Ferrante, Roger U. Fujii, Phillip Laplante, Bill N. Schilit, Linda Shafer,Steven L. Tanimoto, Wenping Wang

SUBMISSIONS: We welcome submissions about security andprivacy topics. For detailed instructions, see the author guidelinesat www.computer.org/security/author.htm or log onto S&P ’s authorcenter at Manuscript Central (www.computer.org/mc/security/author.htm).

STAFFLead Editor: Kathy Clark-Fisher

kclark-fisher@computer.org Group Managing Editor: Steve WoodsStaff Editors: Rebecca L. Deuel, Jenny Ferrero, and Brandi OrtegaProduction Editor: Monette VelascoMagazine Assistant: Hazel Kosky

security@computer.orgContributing Editors: Keri Schreiner and Joan TaylorOriginal Illustrations: Robert StackGraphic Design: Alex Torres

Publisher: Angela Burgessaburgess@computer.org

Associate Publisher: Dick PriceMembership & Circulation Marketing Manager: Georgann CarterBusiness Development Manager: Sandra BrownAssistant Advertising Coordinator: Marian Anderson

IEEE Computer Society Publications Office10662 Los Vaqueros Circle

Los Alamitos, CA 90720

EDITOR IN CHIEFGeorge Cybenko • Dartmouth College • gvc@dartmouth.edu

ASSOCIATE EDITORS IN CHIEF

Marc Donner • Morgan Stanley • donner@tinho.net

Carl E. Landwehr • University of Maryland • landwehr@isr.umd.edu

Fred B. Schneider • Cornell University • fbs@cs.cornell.edu

EDITORIAL: Unless otherwise stated, bylined articles as well as products and services reflect the author’s or firm’s opinion; inclusion does notnecessarily constitute endorsement by the IEEE Computer Society or the IEEE.