THE ELECTRONIC PRIVACY PAPERS. By Bruce Schneier and David Banistar. Wiley Computer Publishing. 747pp Pounds 50.00. IBSN 0 471 12297 1
Subtitled Documents on the Battle for Privacy in the Age of Surveillance this book is both worthy and relatively pointless. The worthiness comes from the subject-matter: Bruce Schneier is the author of the excellent Applied Cryptography, and David Banisar is counsel for the Electronic Privacy Information Center, which combines campaigning with solid research. But nearly all of the documents and many others are already available on the internet and locatable via such hot links pages as www. epic.org, www. cpsr.org, www. privacy.org and www. cs.purdue.edu/coast/hotlist/privacy. It is difficult to believe that anyone interested in the subject does not know how to navigate the net.
True, the editing of the papers and the linking narrative is excellent: we are taken through the tortuous efforts of the United States law enforcement and intelligence community to retain their capabilities to carry out surveillance via wire-tapping and cryptography. The instant detail is useful because it demonstrates a consistent unwillingness on the part of the spooks to participate in an open debate about the need for the powers they seek and a fondness for smuggling legislation and regulation into other measures. But taken as whole the book is expensive for all but the most prosperous academic libraries; almost the same message comes out from many published articles.
For those of us outside the US the book is even less useful: a United Kingdom equivalent would need to include the Malone case and the steps toward the Interception of Communications Act, the privacy provisions of the Telecommunications Acts and the licences issued thereunder, the complex story of the Department of Trade and Industry's proposals on crypto, trusted third parties and digital signatures (and the extent to which it has allowed itself to become the "lead" ministry in the area but with GCHQ's Communications-Electronics Security Group trying to smuggle in its agenda) and the effects of property warrants under the Police Act, 1997, which purport to offer some regulation of law enforcement use of bugs. In the UK, we have no constitutional protection of privacy though we do have the European Convention on Human Rights, the Data Protection Act and, since October, the European Union's ISDN Directive.
But even allowing for the US-centric nature of the book, there is an important omission: the extent to which law enforcement is able to monitor email and other traffic on the internet. In the 1995 Ardita case, US attorney general Janet Reno stated she had had to construct a special warrant to permit the net-eavesdropping of an Argentine hacker so that it met Fourth Amendment requirements. In the UK similar activity is a grey area yet to be legally challenged, and the Association of Chief Police Officers is hoping to reach "informal understandings" with ISPs without the need for legislation.
Peter Sommer (http://csrc.lse.ac.uk/experts.htm) is research fellow at the Computer Security Research Centre, London School of Economics.