Ever closer monitoring by police and security forces is demolishing the myth of anonymity on the internet
He called himself HotSeattle and was obviously excited as he made his way to the pier on the Californian beach resort of Santa Monica earlier this month. He was on his way to an assignation with a 13-year- old girl who had promised to go to his hotel room where they would see pictures of him with another underage girl.

As things turned out, the "teenage" girl was actually a somewhat older undercover agent of the Federal Bureau of Investigations (FBI), and HotSeattle was soon on his way not to a hotel room, but to a jail cell, charged with "interstate travel with the intent of having sex with a minor".

However, HotSeattle is no ordinary criminal. Behind the electronic pen name is Patrick Naughton, a 34-year-old computer genius who helped inspire the programming language Java and worked with Paul Allen, a key figure behind Microsoft. He was also executive vice-president at the web search site Infoseek - owned by the now considerably embarrassed Disney Corporation.

His first contact with what turned out to be the FBI was in an internet chat-room. While Mr Naughton's case has yet to reach court, it symbolises the new frontier for law and order. The police and security services may find it increasingly hard to police and oversee every street corner and flight of dank stairs, but they have discovered that they can keep a much closer watch on the electronic world.

"It has not been a secret that we're out there policing the internet," said Special Agent Randy Aden, head of the FBI's Sexual Assault Special Enforcement (Safe) team that arrested Mr Naughton.

When you visit each web-site, its software can tell which site you visited previously. That capability is written into the computer protocol for the net (the "http" part of its address). The site can tell what sort of computer you're using and what version of web browser you're using. It can also (using information sent automatically from your internet connection) find out what company and country you're connecting from.

That's before you get to "cookies", the normally invisible little pieces of text which many web-sites plant on your computer without your knowledge. These record when you last visited, what you looked for and which adverts were showing. If you showed an interest in golf and gambling on your first visit, you will see adverts for golf and especially gambling the next time. None of that is illegal.

The real problem for law enforcers in cyberspace is working out which of their older practices still work on the electronic frontier to spot criminal use. Law enforcement agencies have three resources: the law, surveillance and disguise.

The law is a blunt but wide-ranging instrument. Modern technology means any desktop PC can encode emails which would take even the fastest computers thousands of years to decode. Governments have for years stopped the sale of encryption systems. The United States' National Security Agency (NSA) vets each one to ensure it has the capability to read it. If it can't, the software does not get its mandatory export licence. The British government takes a similar view.

Surveillance is still the most popular route to electronic law enforcement. The FBI is making increasing use of such powers. In 1997-98, the total number of intercepts authorised by federal and state courts increased 12 per cent to 1,329 - and electronic wiretaps (of email and pager messages) accounted for 46 per cent.

The US government is planning a massive new security system called the Federal Intrusion Detection Network (Fidnet), which many privacy groups fear is an electronic version of the FBI itself. The NSA and parts of the British security services regularly snoop on the electronic traffic crossing the internet's main "routers": it's the equivalent of photographing every numberplate entering and leaving motorway junctions across the country.

What are the spooks after? All sorts of things. The NSA has been keen to catch business secrets belonging to rival powers - sometimes even friendly ones. The NSA has spied electronically on French aerospace companies; the intention was to acquire "economically useful information". Around the world the picture is the same. In China the government forced internet service providers to register with it before they could connect beyond its shores; but even then, every web page comes through an intermediate computer (known in the lingo as a "proxy server") provided and monitored by the government. Singapore, in many ways one of the most advanced countries technologically, only recently dropped a similar system - but anyone who is publicly critical of the government on the net can also expect to be sought out and given an unfriendly reception at the local police station. Saudi Arabia and many Muslim states impose similar restrictions, ostensibly to prevent their citizens from viewing pornography.

Only occasionally does anyone stand up to the security services. In Russia, one internet provider, Nail Murzakhanov, is taking the unusual step of threatening to go to court to stop the FSB - the federal security service which is the KGB's successor - from having free access to the company's system, which would let them monitor any email and online activity. Other providers, he said, have already signed a document which commits them to silence: the very existence of the monitoring is a state secret.

But surely nothing like that could happen in Britain? No, we just prefer the softly-softly approach. Last year the Metropolitan Police approached the association that represents Britain's internet service providers (ISPs) - the people who connect you to the wider net - and said that it wanted the companies to keep logs of what e-mail and web-surfing every user did. Those logs were to be kept for at least six weeks.

"It was an informal approach," says Steve Gold, editor of the Newsbytes wire service and a journalist with more than 20 years' experience of computer security. "But it was also pointed out to the ISPs that if they didn't comply, they might find police at their door one morning who would show a warrant of 'probable cause' that the computers were being used to commit crimes, and then take their systems away for examination as 'evidence'. And then they wouldn't have a service and they'd lose all their customers."

British ISPs are understood to be following this informal arrangement. The clues that the police would look for are large e-mails (indicating pictures), especially if some sort of encryption is used. Surfing patterns are also indicative. Police forces around the world co-operate frequently in monitoring the users of paedophilic web sites and passing details to the respective countries. Those tactics were used in breaking an international ring of paedophiles in September 1998.

Mr Gold says that overall he is sympathetic to police efforts: "God knows they've got a hard enough task. The focus is to stamp on the paedophile side of things. The fact that in Britain this is an informal arrangement is probably good: when you get legislation, it's usually draconian because politicians don't really understand how these things work."

The police currently prefer to try techniques such as those employed by the FBI - mounting a sting by masquerading in chat-rooms as someone they are not. That can be a drawn-out process requiring months of slow work but it often results in arrests and convictions.

As the Naughton arrest shows, the police have found plenty of work to do. Like their targets, they now use pseudonyms and anonymous mail servers, but perhaps better than anyone, they understand the reality. Usually people will tell you that "on the internet, nobody knows you're a dog" - that is, your identity is your secret. But as Aden told a press conference after the arrest: "The internet gives a false sense of anonymity." Remember that as you click that mouse.

Comments