
   SPY VS. SPY
   January 6, 1997
   By Declan McCullagh (declan@well.com)

       Move over, James Bond. Take your last bow, Maxwell Smart. Modern
   spies are jacked into the Net, a recent report from the multiagency
   National Counterintelligence Center says. It claims the Internet is
   now the "fastest growing" means for foreign governments and firms to
   gather information about U.S. businesses.

       The eight-page quarterly report says that malevolent "foreign
   entities" are sorting through web sites, pounding on search engines
   and firing off e-mail queries to U.S. defense contractors in hopes of
   winnowing out sensitive data.

       "Use of the Internet offers a variety of advantages to a foreign
   collector. It is simple, low cost, non-threatening and relatively
   'risk free' for the foreign entity attempting to collect classified,
   proprietary, or sensitive information... We also know foreign
   intelligence and security services monitor the Internet," says the
   report, which is distributed to government agencies and contractors.

       Search engines apparently serve spies well. Want a copy of
   something you shouldn't be able to get? Perhaps it was left in an
   unprotected directory; try Altavista. "Foreign intelligence services
   are known to use computers to conduct rudimentary on-line searches for
   information, including visits to governments and defense contractors'
   on-line bulletin boards or web sites on the Internet. Access to
   Internet advanced search software programs could possibly assist them
   in meeting their collection requirements," the NACIC briefing paper
   says.

       Beware of spam from spies, it warns: "These foreign entities can
   remain safe within their borders while sending hundreds of pleas and
   requests for assistance to targeted US companies and their employees."
   Of course! This is any e-mail spammer's modus operandi: Flood an
   astronomical number of addresses at an infinitesimal cost. Then hope
   that at least some recipients will respond with the information you
   want.

       This isn't the first time that the Clinton administration has
   painted economic espionage as a dire threat. Last February, FBI
   director Louis Freeh warned the Senate Select Committee on
   Intelligence of the possible harm. He said foreign governments are
   especially interested in "economic information, especially
   pre-publication data" including "U.S. tax and monetary policies;
   foreign aid programs and export credits; technology transfer and
   munitions control regulations... and proposed legislation affecting
   the profitability of foreign firms acting in the United States."

       Note to Freeh: That information already is online. For proposed
   legislation, try Thomas -- or for munition regulations, the White
   House web site is a good bet.

       But forget Freeh's rhetoric. The White House isn't serious about
   halting the overseas flow of American secrets over the Net. If it
   were, President Clinton would lift the crypto export embargo. Strong
   encryption is the most effective way for companies to fend off
   foreign data-pirates, but current regulations allow U.S.
   multinational firms to use only the cipher-equivalent of a toy cap
   gun. Worse yet, last week the Commerce Department moved further in
   the wrong direction by releasing its new encryption export
   regulations that continue to keep American businesses at a
   competitive disadvantage compared to their foreign competitors, which
   generally are less hampered by crypto export rules. "The new
   regulations are worse" than the old, says Dave Banisar, a policy
   analyst at the Electronic Privacy Information Center.

        Sure, France and Britain spy on us for economic purposes. But
   we're just as guilty. We snooped on the French -- and got several
   U.S. "diplomats" kicked out of France two years ago. We peeked at
   Japanese secrets during automobile trade negotiations -- and got
   caught then, too. Especially under President Clinton, economic
   intelligence has become part of the mission of our spy agencies. Yet
   if we complain about other countries while doing it ourselves, we
   become hypocrites.

       Stanley Kober, a research fellow at the Cato Institute, argues in
   a recent paper that it's "folly" for the U.S. to continue such spying
   and risk alienating political allies: "The world is still a dangerous
   place, and it would be folly for the democracies to engage in nasty
   intramural squabbles. Yet that is the danger that economic espionage
   against other free societies poses."

       "Washington ought to consider that it may need the cooperation of
   Paris (or other Western capitals) to help deal with a mutual security
   threat" from terrorism, Kober writes.

       I asked Kober what he thought of the NACIC report. "It strikes me
   as a normal security reminder," he says. "The specifics are fairly
   slim. It's not the sort of thing that's sent to everyone. It's sent
   to their clients, the people who have government contracts. Since the
   Internet is new, they're telling people to be careful."

       Indeed, netizens must be careful. It's common sense, really, and
   defensive driving for the Net. Encrypt that e-mail. Use the
   anonymizer at least once a day. Let paranoia be your watchword. That
   e-mail from your mother may come from the KGB. When you're not
   watching it, your monitor may be watching you.

   Be afraid, Maxwell Smart. Your shoe phone may be listening back.