CDR: Olympic email snooping -- FBI-style

Mon Sep 25 11:50:02 PDT 2000

[From: http://www.pbs.org/cringely/pulpit/pulpit20000803.html]

...

For the second disturbing fact we jump to the Olympics -- not this year's
games in Sydney -- but the 2002 Winter games in Utah. Given the 1996
bombing at the Atlanta games and the 1972 hostage crisis in Munich, I
really, really wouldn't want to be responsible for public safety at an
Olympic games anywhere. So it isn't surprising that the security plans for
Salt Lake in 2002 are very robust - perhaps too robust for some people,
including me.

At the Utah games there will be a network of kiosks set up for athletes,
journalists, and the public to use for e-mail and Net access.

This will be the easiest way for many people to communicate in an area
that will probably have its cellphone circuits maxed-out most of the time.
Try making a cellphone call in Las Vegas during Comdex or the Consumer
Electronics Show and you'll know what I mean. Well, the FBI has some
rather specific requirements for Olympic data security, including the
ability to not only COPY e-mail from these kiosks containing passwords
from users' secret list, but to actually INTERCEPT e-mail and deliver it
to a security office address rather than to the intended recipient. The
person manning that address is supposed to make summary decisions about
what to do with the reviewed email -- maybe it gets passed along as
intended by its author, maybe bounced as "undeliverable" for myriad
reasons, or...

Seriously, that's a technical requirement, for which a vendor has not yet
been chosen. The FBI gets to read mail, steal passwords, and divert mail.
By the nature of the system, they have to look at all the mail -- even
yours, if you are there. Remember, given the high-roller nature of Olympic
audiences, the passwords being recorded to a database will likely include
America's business elite. Of course those passwords would never be used
for any illegal purpose, right?

And the truly amazing part of this story is that there is nothing illegal
about the data gathering, itself. Since the kiosk doesn't belong to you or
me, we are bound by terms of usage that allow the kiosk provider to do
pretty much whatever they want with the bits we run through their system.
By simply using their machine, we give up our privacy without even knowing
it.

Okay, so maybe I have just blown the lid off a plan that could save lives,
but it is hard for me to imagine a scenario in which some terrorist will
stop on his way to plant a bomb to e-mail the boss about that bomb's
location. This looks to me like overkill, and I don't like it. Or am I the
only one who feels this way?