As military and diplomatic efforts in "America's New War" play out overseas, another insidious drama unfolds at home: namely, the manner in which we protect ourselves from further terrorist attacks within our borders and the equilibrium we establish between security and civil liberties. For mainstream society, it will be a perilous balancing act, as difficult as navigating geopolitical or Afghani minefields. For the adult Internet industry, the minefields being laid at home could, in future worst-case scenarios, prove lethal.
Some questions. If "nothing will be the same again" and "this will be a new kind of war, lasting months if not years," precisely how and when will derailed debate get back on track? What, for instance, will become of the ongoing American cultural war pitting sexual libertarians against our own homegrown fundamentalists, chief among them Attorney General John Ashcroft? And will the current administration, which understandably takes for granted a second term, use the terrorist threat to smoke out and destroy domestic purveyors of Internet sex by way of anti-terror legislation?
These are not irrational concerns. The adult industry, online and off, has a long and bitter history with members of the current administration and their ilk. What's more, language that the far right has habitually used when referring to legal adult content is now being seamlessly transferred to terrorists who murdered thousands, in the process creating a subliminal correlation between the two. It's a metaphoric hijacking, if you will, that may seem facile on its face, but it sends a chill of dismay through an industry that considers itself as red, white, and blue as the next.
Steganography
Months before "911," U.S. and foreign officials had warned that X-rated pictures on adult sites were being used by Osama bin Laden and his associates to hide encrypted blueprints of future terrorist attacks [see "Dead Drop," April '01 - Ed.]. The technique is known as steganography, and while there have been no specific examples provided to support the claims, the claims have nevertheless been repeated in newspapers and in comments by public officials throughout the world to this day. In response, many Western nations have already instituted or are considering instituting new laws that will regulate the public use of technologies such as steganography and cryptography.
"Uncrackable encryption is allowing terrorists - Hamas, Hezbollah, al Qaeda and others - to communicate about their criminal intentions without fear of outside intrusion," then-FBI director Louis Freeh told a closed-door Senate panel on terrorism last March. "They're thwarting the efforts of law enforcement to detect, prevent, and investigate illegal activities."
In a June 19, 2001 USA Today article, Jack Kelley wrote, "Hidden in the X-rated pictures on several pornographic Websites... may lie the encrypted blueprints of the next terrorist attack against the United States or its allies... [encryption has] become so fundamental to the operations of these groups that bin Laden and other Muslim extremists are teaching it at their camps in Afghanistan and Sudan, [officials] add."
In the same article, Kelley's sources refer to "easy-to-use encryption programs from the Web" that bin Laden followers download and use, helping them to plan or carry out several of their then-recent plots. Those included the 1998 bombing of two U.S. embassies in East Africa, thwarted 1999 terrorist bombings in Jordan, and encrypted files used by Ramzi Yousef, the convicted mastermind of the World Trade Center bombing in 1993, to hide details of another foiled plot to destroy 11 U.S. airliners.
Those ominous warnings from June now ring horribly prescient to all ears; but worse, the possibility remains that such tools are still being put to nefarious use even as the hunt for more America-based terrorists continues. AVN Online spoke with several adult Webmasters regarding this matter, and while none would confirm anything specific - and no one wanted to be quoted for this story - one source said they knew of people in the industry who were working very closely with federal law enforcement agencies to track suspicious behavior on adult sites.
Doubt remains, however, as to whether any technological genie released can ever be put back in its bottle. The common solution to the egregious abuse of cryptography is for law enforcement to be provided with "back door" keys that would allow them to decipher even the strongest encryption. How such keys would be controlled safely, and by whom, are but two of the reasons that legislators have thus far not passed laws requiring their dissemination. Another is the fact that terrorists would probably not comply. On Oct. 9, however, the Dutch government announced that it plans to regulate the public use of "strong cryptography." Precisely how it plans to do that is, at this time, unclear.
Follow the Money
No one has suggested that the trail of money that financed the hijackers led anywhere near the adult Internet, but the industry could still easily get caught up in a net of prevention intended to catch foreign terrorists. Indeed, so could many other Americans. In their zeal to track down the money used to fund the attacks in America, lawmakers, led by senators Carl Levin (D-MI, S.1371) and John Kerry (D-MA, S.398), want to expand money laundering laws and "know-your-customer" regulations and apply them on an extraterritorial basis.
According to the ACLU, legislation moving through Congress, the Uniting and Strengthening America Act ("USA Act"), would put everyone's financial privacy at risk. "If the USA Act becomes law," they assert, "financial institutions would closely monitor daily financial transactions and be required to share information with other federal agencies, including foreign intelligence agencies such as the CIA." They further claim, "Law enforcement and intelligent agencies would get easy access to individual credit reports without notice or third party review" as well as "expanded subpoena authority to obtain documents without judicial review."
According to Michael Lynch, a national correspondent for Reason magazine, the Sept. 11 attacks revived long-simmering desires to attack offshore banking. "At first glance, anti-money-laundering efforts appear directly related to a war on terrorist networks," he wrote in an Oct. 4 article on the "extra-curricular" nature of some proposed legislation. But beyond the fact that our government already has the power to freeze the assets of suspected terrorists, he continued, "The debate moving forward in Congress and internationally will have precious little to do with terrorism and plenty to do with the boring but important issues of financial privacy and international tax competition.
"The Organization for Economic Cooperation and Development (OECD)," continued Lynch, "has been campaigning against countries it labels tax havens.... The OECD wants information exchange and tax harmonization, but was unable to secure the backing of the Bush administration earlier this year.... Then the Twin Towers fell." The issue, he asserts, is that "tax havens" should and must be defended. "The issues of money laundering, financial privacy, and tax harmonization are very distinct from one another.... What some countries reject is treating all their citizens as criminals, and turning over all their financial information to governments. Not a single country on OECD's tax haven list stands accused of harboring al Qaeda money."
In A Policy Analysis from the Center for Freedom and Prosperity Foundation, a right-wing lobby group, published in October 2001, a further argument is made in opposition to the proposed Levin and Kerry legislation. "Levin's legislation, S. 1371, the so-called Money Laundering Abatement Act, prohibits U.S. financial institutions from dealing with certain foreign banks and imposes heavy regulation on other international transactions. Kerry's bill, S.398, entitled the International Counter Money Laundering Act, is perhaps more extreme. It grants the Secretary of the Treasury broad and unchecked powers to impose regulations and even sever ties - or at least threaten to sever ties - with many countries' financial service industries.
"The Levin and Kerry legislation are being portrayed as weapons in the fight against terrorism. But the bills are more likely to undermine international cooperation against crime by reducing political and economic ties with other nations." The Center argues instead for expanding and strengthening the network of mutual legal assistant treaties (MLATs) and other international agreements to fight crime.
Another piece of legislation that is headed for almost certain passage is HR 3004, the so-called Financial Anti-Terrorism Act of 2001, a bill "to combat the financing of terrorism and other financial crimes, and for other purposes." According to Congressman Ron Paul (R-Texas), in comments made on the House floor, the bill "has more to do with the ongoing war against financial privacy than with the war against international terrorism.... HR 3004 is a laundry list of dangerous, unconstitutional power grabs. Many of these proposals have already been rejected by the American people when presented as necessary to 'fight the war on drugs' or 'crackdown on white-collar crime.' Even a ban on Internet gambling has made it into this 'anti-terrorism' bill [italics added]!"
Paul continued, "HR 3004 also attacks the Fourth Amendment by authorizing warrantless searches of all mail coming into or leaving the country... [a practice] characteristic of totalitarian regimes, not free societies... I urge my colleagues to reject this package of unconstitutional expansions of the financial police state, most of which will prove ultimately ineffective in the war against terrorism." Paul, like the Center for Freedom and Prosperity, argues that more effective tracking of terrorist financial networks would be achieved by expanding mutual legal assistance treaties.
Other problematic provisions contained in the bill, according to Paul, include: creating a new federal crime of taking more than $10,000 in or out of the country; codifying the unconstitutional authority of the Financial Crimes Enforcement Network (FinCen) to snoop into the private financial dealings of American citizens; and expanding the "suspicious activity reports" mandate to broker-dealers, "even though history has shown that these reports fail to significantly aid in apprehending criminals."
Ron Paul is a Texas Republican, but similar cautionary rhetoric can be found emanating from both sides of the aisle.
In fact, it appears to be increasing daily, if not hourly, often because of the fact that some legislation, the USA Act in particular, is being written in small closed-door sessions and then voted on with inadequate debate.
Domestic Terrorism
One of the more worrisome aspects of legislation being voted on as this article goes to press is the new crime of "domestic terrorism." Under current federal law there are already three definitions of terrorism: international terrorism, terrorism that transcends national borders, and federal terrorism. According to the ACLU, the September attacks triggered all three definitions.
Under Section 803 of the USA Act, however, a person would commit the crime of domestic terrorism if within the U.S. they engage in activity that involves acts dangerous to human life that violate the laws of the United States or any State, and appear to be intended to: (i) intimidate or coerce a civilian population; (ii) influence the policy of a government by intimidation or coercion, or (iii) affect the conduct of a government by mass destruction, assassination or kidnapping.
According to the ACLU, "This over-broad terrorism definition would sweep in people who engage in acts of political protest if those acts were dangerous to human life. People associated with organizations such as Operation Rescue and the Environmental Liberation Front, and the World Trade Organization (WTO) protestors, have engaged in activities that could subject them to prosecution as terrorists."
Further, they claim, "under the USA Act, once the government decides that conduct is 'domestic terrorism,' law enforcement agents have the authority to charge anyone who provides assistance to that person, even if that act is as minor as providing lodging." They would also have the authority to wiretap the home of anyone providing assistance, and to prosecute them under a new crime of "harboring" a terrorist or "providing material support" to terrorists.
Privacy
The desire to maintain individual online privacy is certainly not limited to patrons of sex sites, but it is a particularly sensitive issue with the industry. Much of the legislation that is being considered speaks directly to that issue, however, and almost everyone in the country is now aware that some privacy accommodations may have to be made. It's the extent of the government's authority to snoop that is in question. At this point in time, however, there are very few legislators who are taking a stand in support of maintaining prevalent standards of privacy. Senator Russ Feingold (D-Wis.) is one.
According to Wartimeliberty.com, "Russ Feingold is fighting a lonely battle for privacy in the U.S. Senate. The 48-year-old Wisconsin Democrat is single-handedly trying to add pro-privacy changes to an eavesdropping bill that would hand police unprecedented surveillance powers."
As well, on Oct. 11, a New York Times editorial endorsed all of Feingold's proposed amendments, stating, "Senator Feingold has valid concerns about how far the bill goes in giving new powers to law enforcement to wiretap or investigate law-abiding United States citizens and the adequacy of oversight provisions.... On the floor today, Mr. Feingold plans to offer four amendments that would limit the opportunities for abuse without impeding the fight against terrorism. These deserve to be included in the final version of the bill."
Perhaps most relevant to the adult Internet community, though certainly not exclusively, is one of his amendments that would have struck section 213 of the USA Act. That section allows law enforcement agencies to search homes and offices without notifying the owner prior to the search, and would apply in any criminal investigation, not just those related to terrorism.
Feingold's voice, unfortunately, spoke in monologue. On Oct. 12, the Senate overwhelmingly defeated his last-ditch efforts and voted 96-1 for the unadulterated USA Act. According to Senator Orrin Hatch (R-Utah), Feingold's amendments were "outdated and nonsensical.... We should not tie the hands of our law enforcement and help hackers and cyber-terrorists to get away."
As We Speak
The machinery of the United States government is hard at work closing down agency Websites or removing information that they think a terrorist might find helpful, including information that is not top secret and has been on the sites for years. Simultaneously, they are asking all news networks to refrain from broadcasting comments by bin Laden and his cohorts for fear they may be transmitting verbally coded messages, or may be wearing their watches on a significant wrist. There are also at least 650 people now being detained by the feds, we can only hope legitimately. And the FBI has just announced that new attacks at home or abroad are imminent, but they can't or won't say how, when, where, who, what, or why. Maybe they don't want to reveal a source. They aren't revealing much of anything.
None of these actions are by themselves a threat to anybody's civil liberties, but they do highlight the extent to which the government feels entitled to protect us even as they shield us from information. The worry is that small steps in the wrong direction bring you to just as bad a place. Each bit of legislation adds to a framework of rationalization that countenances draconian new ways of dealing with threats that are real or perceived. Because this is a new war, and because the threat will last for years, these measures will also last for years, for vigilance never sleeps. While all Americans, indeed all people, want to feel secure from terrorist attacks, it is precisely this new cocktail of expanded powers and unprecedented levels of secrecy that has civil libertarians and politicians from all parties worried about Big Brotherism on a scale never truly imagined.
Neither is the legislation that is on the front burners today going to be the last. Indeed, it only hints at tighter controls of computer networks and greater scrutiny of anyone who passes through them. If Carnivore was a problem for privacy advocates before, their warnings will be drowned out in the voluminous Tower of Babel communication that every level of law enforcement will now be allowed to listen in on. Likewise, if even a shred of evidence is found that steganography has or is being used by terrorists on adult Websites, there will be precious little public or judicial support for keeping the government's hands off of what has thus far been constitutionally protected speech. And that's just during the current crisis. When asked if he thought that this new legislation could or would ever be used in the future against the adult Internet industry, a very well informed attorney told AVN Online, "Probably."
Batten Down the Net
But perhaps the biggest justification for tighter control of computer networks is the clarion call already being sounded throughout the Capital that the entire computer infrastructure of the country is vulnerable to cyber-attack. Despite the fact that the Internet was unaffected by the attacks, paranoia over a perceived vulnerability will drive legislation faster than any informed assessment, and even if a little paranoia is a good thing in this situation, a virtual lockdown of the Internet is hardly the answer.
Maybe now is a good time to look again at selected testimony presented to the Senate Governmental Affairs Committee on March 2, 2000 by Kevin Mitnick, the infamous hacker. If there is an expert on the illicit entry of computer systems, this guy is it, the surreptitious expression of his abilities having earned him 59 months and seven days of federal prison time, with 180 days of time off for good behavior.
"I have 20 years' experience circumventing information security measures," he told the Committee, "and can report that I have successfully compromised all systems that I targeted for unauthorized access save one....
"I have gained unauthorized access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed. I have used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings....
"The goal of information security is to protect the integrity, confidentiality, availability, and access control to the information. Secure information is protected against tampering, disclosure, and sabotage. The practice of information security reduces the risk associated with loss of trust in the integrity of the information.
"Information security is comprised of four primary topics: physical security, network security, computer systems security, and personnel security. Each of these four topics deserves a complete book, if not several books, to fully document them. My presentation today is intended to provide a brief overview of these topics, and to present my recommendations for the manner in which the Committee may create effective legislation....
"The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: My access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully. The corporate security measures that I breached were created by some of the best and brightest in the business, some of whom may even have been consulted by the Committee as you drafted your legislation, Senate Bill S1993....
"I have several recommendations that I hope will increase the effectiveness of your bill.
"1. Each agency perform a thorough risk assessment of the assets they want to protect.
"2. Perform a cost-benefit analysis to determine whether the price to protect those systems represents real value.
"3. Implement policies, procedures, standards, and guidelines consistent with the risk assessment and cost benefit analyses. Employee training to recognize sophisticated social engineering attacks is of paramount importance.
"4. After implementing the policies, procedures, standards, and guidelines, create an audit and oversight program that measures compliance throughout the affected government agencies. The frequency of those audits ought to be determined consistent with the mission of a particular agency: the more valuable the data, the more frequent the audit process.
"5. Create a numeric 'trust ranking' that quantifies and summarizes the results of the audit and oversight programs described above. The numeric 'trust ranking' would provide at-a-glance ranking - a report card, if you will - of the characteristics that comprise the four major categories defined above: physical, network, computer systems, and personnel.
"6. Effective audit procedures - implemented from the top down - must be part of an appropriate system of rewards and consequences in order to motivate system administrators, personnel managers, and government employees to maintain effective information security consistent with the goals of this committee."
Conclusion
With anthrax scares now rampant throughout the country (one real "attack" even taking place in the building where this writer's father works), and with America's military preparing to "hit the ground," flippant worries about what might happen in the future are almost luxuries of the mind. Nevertheless, it is precisely in times of crisis that "our most treasured freedoms" demand the most protection.
The awkward irony for adult Webmasters is that while they are among the most fervent capitalists this country has, they are also among the most vulnerable. They don't want anyone to feel sorry for them. They engage in a risky business, and they know it. But many have and still do serve in the military, and you don't have to spend much time around them to discover just how seriously they take the American ideal of freedom. So the irony is doubly disturbing that adult Websites may have played a role in the September massacres.
That said, it's pretty safe to assume that most adult Webmasters, the Internet's purveyors of porn, are ready to fight on two fronts, against those who would attack them from without, and those who would attack them from within.
