TCS Daily

Criminals Are Watching

By Joe Katzman - September 12, 2002 12:00 AM

...the Underground Empire today has more power, wealth, and status than many nations. It flies no flag on the terrace of the United Nations, but it has larger armies, more capable intelligence agencies, more influential diplomatic services than many countries that do.
- James Mills, "The Underground Empire,"1986

When crime is a transnational, organized force, we need to think differently about its reach. Most people think of computers and crime in terms that only scratch the surface. Hacking into a bank? As cyber-criminals would say: been there, done that.

Criminal syndicates have long used technology for controlling their far-flung empires, and they've been swift to adapt to recent advances. Indeed, the same technology and organizational trends that make an international organization like Al-Qaeda feasible are available to criminal syndicates. They're far more efficient, better financed, and better connected. Their reach is global, and the growing ties between narco-trafficking and terrorism are cause for concern. In the long run, these syndicates may well prove the greater threat - or even the template for Osama bin Laden's successors.

Criminal Surveillance

One of the most important changes in recent years lies in the growth of criminal surveillance capabilities. Moore's Law and the availability of IT expertise are conspiring to give many syndicates abilities in this area that rival those of prominent intelligence services.

Colombia's experiences drive that point home. In 1994, the capture of a multi-million dollar computer center belonging to the Cali cartel showed the extent of its reach. The cartel had assembled a database that contained both the office and residential telephone numbers of US diplomats and known agents based in Colombia, cross-referenced with the entire call log for the phone company in Cali. By cross-referencing the two, crime boss Jose Santacruz Londono could see if any of his lieutenants were talking. At least a dozen informants were assassinated as a result.

As Paul Kaihla writes in "Cocaine, Inc." (Business 2.0, July 2002):

...the cartels are putting their own dark twist on the same productivity-enhancing strategies that other multinational businesses have seized on in the Internet age.

One U.S. Drug Enforcement Administration agent put it this way to ERRI Crime Analyst Stephen Macko at a 1997 conference:

Drug traffickers have the best technology that money can buy. And they hire people from the intelligence community in some countries to operate it for them or teach them how to use it.

"This is all interesting," you may think, "but what does it have to do with me?" Several American universities already have an answer. They were forced to modify or cease certain online operations when agents of the Russian mafia planted keystroke recorder software designed to collect social insurance and credit card numbers.

In Canada, webmasters have become a prime target in the wars among biker gangs. As part of those wars, the Hell's Angels also compiled databases of personal information on 614 people connected to rival gangs in Quebec and Ontario: names, addresses, license plate numbers, social insurance numbers, driver's license identifications, and more. Granted, much of this information can be gained by standard surveillance and investigation techniques. Even so, a society that makes such information routinely available to advertisers and casual investigators can hardly be shocked if the Hell's Angels also help themselves.

Troubling Questions

These examples raise some troubling questions. In a recent TCS article, Glenn Reynolds argued that if citizens value their privacy, they'll enact laws to enforce limits on information use. The traditional assumption is that governments or corporations are the principal threats. But what if that basic assumption is wrong?

Perhaps we'd be better off asking how information could be used by organizations who recognize no laws, and who exist to prey on our citizens. To give just one example, what if the Japanese Yakuza - an organized crime outfit - set up a phone database like the Cali cartel's, with cross-references to credit card spending data and other data compilations that let them focus on corporate executives? The possibilities for sokaiya, or corporate blackmail, could be nearly endless.

How would you enjoy being on the receiving end of something like that? How would you feel knowing that scrutiny of this kind by organized criminals is becoming easier, not just as a targeted activity but as a fishing expedition? How much personal information about you is already commercially available? Why are credit bureaus allowed to make recovery from identity theft almost impossible? Are there real penalties for organizations that allow "sensitive" data to leak out, or just a slap on the wrist that creates no incentive for serious security measures? What are the implications as criminal technology and surveillance capabilities continue to grow?

These are becoming important questions. We know why the Direct Marketing Association wants your life to be an open book. If the Sicilian Mafia had a similar opinion, would it matter to you? It's a serious question, because the answers aren't clear-cut.

Do the above examples strengthen the case for encryption, limitations on information collection, and systems designed to make exploitation difficult? Students at many American colleges think so. Stung by revelations of the Russian mafia's scam, they're demanding - and getting - better privacy protection and restrictions on data collected. Maybe you should, too.

Or would our best weapon be making even more information available about everyone, thus creating greater transparency that helps us roll up criminal networks? Books like Claire Sterling's "Thieves' World" consistently note the difficulties authorities have in following the trails and ties that let lower-level authorities build a broader view of criminal activities - and ultimately build workable cases from the street on up.

It isn't a simple choice. Not when the same conditions that make it hard for criminals to hide, make it equally difficult for ordinary citizens to hide from criminals.

It's time for our privacy and encryption debates to widen, and time for citizens to throw off their naiveté about who could be watching them. Encryption, hidden data and secure communications will always be available to organized criminals. The question isn't whether broadly implemented legal and technological privacy safeguards will protect criminals, therefore - but whether they might protect citizens. Especially in our modern world, where many of those who may be watching are unfriendly in the extreme.

Joe Katzman is a Partner with Sensei Associates. He also writes "Winds of Change," a daily weblog on world affairs, technology and cultural/spiritual trends.

TCS Daily Archives