Balancing security and privacy on the Internet
By Eric Quiñones
Princeton NJ -- While researching his senior thesis on government surveillance on the Internet, Andrew DeFilippis made a startling discovery: His own online profile nearly wound up in the hands of law enforcement.
The incident raised the same unsettling questions DeFilippis sought to answer in his thesis, "Privacy Devoured?" His paper focuses on the FBI's use of a technology dubbed "Carnivore," which tracks e-mail and other Internet communications, and its potentially troubling impact on privacy.
Reading about the subpoena on Cryptome.org "led me to wonder about the dangers of relying on sketchy data profiles as evidence of guilt. What would my own data profile look like?" DeFilippis wrote. "Not only had I visited a site likely to be viewed as 'subversive' by the United States government, but I am a politics (and) news junkie and had visited scores of news sites, in addition to those of the White House, FBI and CIA several times."
The Watchung, N.J., native, who plans to attend Yale Law School next year and pursue a career in government service, said in an interview that he believes increased surveillance power is necessary. "But there is a need in times like this -- times of increased threats or emergencies -- to increase vigilance and awareness about privacy and civil liberties," he added. "There is also a need to make sure our ethical and legal principles keep up with technology."
On a recommendation from his Woodrow Wilson School thesis adviser, Stanley Katz, DeFilippis sought the help of Ruby Lee, an electrical engineering professor and former Hewlett-Packard computer architect, to better understand the FBI's Carnivore technology. Lee said she and DeFilippis discussed a range of ideas related to privacy, surveillance, intellectual property protection and security.
"We had a lot of fun discussing the technology, its flaws and how they may be improved in the future," Lee said. "Even though he does not have a technical background, Andrew is very good at understanding information technology conceptually."
Katz added, "He has a remarkable aptitude for technology, and his thesis shows a wonderful marriage of his two skills and interests."
The FBI equates Carnivore surveillance with telephone wire-tapping, but a key difference raises legitimate privacy concerns, DeFilippis learned in his research.
Carnivore works either in "full content mode," meaning the FBI can obtain full records of certain Internet communications, or in "pen mode," which is designed to capture only IP addresses, the unique numbers assigned to every computer or Internet user. Pen mode requires a lesser standard of evidence for court authorization, DeFilippis said.
The FBI compares pen mode to simply collecting phone numbers rather than recording entire conversations, but that analogy doesn't necessarily apply because IP addresses could reveal much more about the substance of a communication than a phone number might, DeFilippis said.
"If I visit a Web site, by just knowing the IP address of that site the law enforcement official could pretty much know what I've read. It's hard to distinguish between addressing information and content on the Internet," he said.
Opposition to the FBI's use of Carnivore also stems from the fact that core details about the technology are classified, DeFilippis added. "The level of secrecy surrounding it tends to hurt more than it helps because the public tends to imagine the worst," he said. "There is no assurance that it's being used properly if there is no congressional and public oversight."
While other Wilson School students celebrated turning in their theses April 3, DeFilippis missed the traditional romp in the Scudder Plaza fountain. He was headed to Washington, D.C., to accept an award from the Center for the Study of the Presidency -- he represents Princeton as a fellow at the center -- for a paper he wrote last fall comparing intelligence failures prior to Pearl Harbor and Sept. 11, 2001.
Expecting a small, quiet awards dinner, DeFilippis instead found himself sitting next to Homeland Security Secretary Tom Ridge and, after accepting his prize, being asked to tell the 500 attendees what advice he would give President Bush on national security.
That paper helped shape DeFilippis' thesis, serving as a reminder of the need for stronger efforts to thwart terrorism even as he analyzed mounting criticisms of FBI surveillance techniques.
"As I would go toward the civil liberties side in my thesis at times and advocate for privacy," he said, "I was always brought back by the fact that there's a real need to do this."
The Bulletin is published weekly during the academic year, except during University breaks and exam weeks, by the Office of Communications. Second class postage paid at Princeton. Postmaster: Send address changes to Princeton Weekly Bulletin, Office of Communications, Princeton University, 22 Chambers St., Suite 201, Princeton, NJ 08542. Permission is given to adapt, reprint or excerpt material from the Bulletin for use in other media.
Subscriptions. The Bulletin is distributed free to faculty, staff and students. Others may subscribe to the Bulletin for $28 for the academic year (half price for current Princeton parents and people over 65). Send a check to Office of Communications, Princeton University, 22 Chambers St., Suite 201, Princeton, NJ 08542.
Deadline. In general, the copy deadline for each issue is the Friday 10 days in advance of the Monday cover date. The deadline for the Bulletin that covers May 5-18 is Friday, April 25. A complete publication schedule is available at deadlines or by calling (609) 258-3601.
Editor: Ruth Stevens
Calendar editor: Carolyn Geller
Staff writers: Jennifer Greenstein Altmann, Steven Schultz
Contributing writers: Karin Dienst, Eric Quinones, Cynthia Yoder
Photographer: Denise Applewhite
Design: Mahlon Lovett, Laurel Masten Cantor, Margaret Westergaard
Web edition: Mahlon Lovett