IT security lags five years after Sept. 11

Since terrorists attacked the U.S. on Sept. 11, 2001, the government has begun a robust, and oft-criticized, electronic-surveillance program, but other IT-related security projects designed to thwart terrorism have made little progress.

Better cybersecurity leadership, more cargo scanning on airplanes and ships and interoperable communications networks for emergency response agencies have all developed slowly. In some cases, fights in Congress have slowed progress, or the U.S. government has focused on other priorities. In other cases, the cost of IT projects has been an issue.

The fifth anniversary of the attacks will focus attention as much on what has not been accomplished to protect the U.S. from future attacks as on what has been, chiefly the surveillance system. In recent months, civil liberties groups have protested the shadowy electronic-surveillance program run by the U.S. National Security Agency (NSA), with alleged cooperation from large telecommunications carriers. U.S. President George Bush has defended the program as necessary and legal, even as critics point out the NSA is spying on U.S. residents without court orders.

Critics say the emphasis on surveillance instead of other technology has led to an invasion of innocent people's privacy and has not improved the nation’s security.

The Electronic Frontier Foundation (EFF), leading a lawsuit against AT&T Inc. for its alleged participation in the NSA surveillance program, says some U.S. Federal Bureau of Investigation agents have complained about the quality of the leads generated by the program. “It’s like, ‘Oh great, more calls to Pizza Hut,’” said Kevin Bankston, an EFF staff attorney. “This many may not help us connect the dots -- it may just be creating more dots.”

But there hasn’t been a major outcry about the NSA program from U.S. residents, with a common attitude being that innocent people should have nothing to hide.

“I worry that a lot of people are speaking out of fear,” Bankston said. “You wouldn’t want government cameras installed in your bedroom or your bathroom, not because you’re doing anything wrong there, but because there are areas of our lives that should be private.”

The biggest change since Sept. 11 is this culture of surveillance, added Jim Dempsey, policy director at the Center for Democracy and Technology, an advocacy group focused on civil liberties online. Congress’ quick passage of the Patriot Act following Sept. 11 generated huge debates about its expansion of law enforcement powers, but the NSA program happened without congressional approval, he said.

“All the ink that was spilled over the Patriot Act is irrelevant … if the president says he’ll do what he wants,” Dempsey added. Combined with technology advances in areas such as storage, location awareness and facial recognition, these expanded government powers create “a pretty wholesale assault on privacy.”

The Bush administration has defended its tactics, with the president saying this month that the government’s counterterrorism efforts have subverted a number of plots since 9/11, including an anthrax attack and an airplane hijacking plan.