The Ottawa Citizen
Wednesday, February 14, 2001

Napster-like Internet tools worry CSIS

Spread of technologies could wreak havoc: report

by Jim Bronskill

Canada's spy agency fears people are using the technology behind Napster and other file-swapping systems for more than just downloading music.

A Canadian Security Intelligence Service report says the new Internet-based tools have allowed criminals to clandestinely exchange stolen credit card numbers and illicit software.

The CSIS intelligence brief, obtained by the Citizen, also warns the spread of these technologies could provide hackers with opportunities to steal data from other computers or plant viruses on hard drives.

The secret report, Information Sharing Technology and the Fight Against Cybercrime: Canadian Implications, was prepared in September. A declassified version, with some deletions, was released under the Access to Information Act.

The advent of the Internet and related technologies has raised fears in intelligence circles that criminals, terrorists, and hostile nations can use encryption to shield their communications from authorities.

Napster, which employs a central index, has enabled millions of computer owners to download digitized music files by directing them to the hard drives of other users.

The service inspired what is known as "peer-to-peer" or P2P computing that permits direct links between Internet users.

A U.S. court ruled this week that Napster must refrain from trading in the copyrighted songs that make the service so attractive.

A number of other P2P-related products and services, including Gnutella, Freenet, Yo!NK, Scour and iMesh, permit computer users to swap many types of digital files.

CSIS notes the technologies used by Napster and its successors allow people to "operate with a degree of anonymity" when transferring files, gathering information or communicating via the Internet.

The distribution of Gnutella "has delighted members of underground communities", says the CSIS report.

Future releases of the Freenet software will allow all communications among users to be encrypted, preventing others from easily intercepting messages.

The RCMP and CSIS can apply to the courts for warrants that require telecommunications companies or Internet providers to allow them access to exchanges between suspected terrorists and others of interest.

The new file-swapping systems could prevent such access, but CSIS seems to be overreacting, said David Jones, president of the group Electronic Frontier Canada, which argues for the preservation of constitutional rights in cyberspace.

Dr. Jones says the "hypothetical scenario" of terrorists using a secure file-swapping system must be weighed against the rights of millions of Canadians to communicate without fear of intrusion.

"I think we shouldn't have to sacrifice, in a democratic country, this right to privacy just because being a law enforcement official is a challenging job."

CSIS notes the private sector is beginning to embrace P2P networks and provide suppliers, business partners and customers access to information.

"However, file-sharing capabilities could open these systems to manipulation by hackers and other computer-based intruders", says the report.

It warns the technologies could mask attempts by criminals to steal files or sneak viruses or trap doors into computers.

Dr. Jones agrees that computer users must guard against such problems when using a new communication system. "If you don't know in detail how it works, and how to protect yourself, you're potentially putting your system at risk."

Copyright © 2001 by The Ottawa Citizen. All Rights Reserved. Reprinted with permission.