Should Cybercafes Be Regulated?

N E W   Y O R K, April 15, 2002 -- At dusk, the EasyInternetCafe at Times Square is just beginning to swing into its busy period.

Teenagers, traveling professionals and tourists vie for one of the store's 800 computer terminals. Nearly every spot is taken during the evening peak hours, when $1 buys about 30 minutes of high-speed Internet access.

Such Internet cafes — stores that provide food and drink along with Net access — are a convenient boon to many. But besides serving tourists or others without home computers, some "cybercafes" — especially those overseas — could be attractive to terrorists.

Already, some criminals have found how easy it is to use Net cafes.

During the war in Afghanistan, U.S. intelligence officials confirmed that al Qaeda members used Internet cafes in Pakistan to e-mail each other in attempts to regroup after American air attacks.

And in February, those responsible for kidnapping and killing journalist Daniel Pearl e-mailed ransom notes and threats from similar computer-equipped cafes in Pakistan.

Hiding in Plain Sight?

Why use Net cafes? Simple. Unlike accessing the Net from a personal computer, public access terminals offer terrorists multiple layers of protection against discovery.

"The main thing a cybercafe provides is the Internet equivalent of a public pay phone," says Lee Tien, senior staff attorney for the Electronic Frontier Foundation. In other words, cybercafes provide unmonitored and often anonymous access to the Internet.

Much like public pay phones, Internet cafe terminals are available for use by anyone — all without registering a name or other information with any service provider. And with hundreds, perhaps thousands of other patrons visiting a particular cafe on any particular day, criminal users can easily "blend in" with the crowd.

What's more, practically anyone can set up a store with computers and offer Internet access from their so-called cybercafe — and often with their own "rules." For example, some Internet cafes may require photo identification before patrons log on, but others won't have such requirements.

Regulating the Net Cafes

But unlike public telephones, Internet terminals at cafes aren't necessarily completely anonymous. The very nature of Internet technology means suspicious users and activities can be monitored and tracked.

So-called key-logging software, for example, keeps track of what is typed into a public terminal. Another piece of software monitors where each visitor goes on the World Wide Web or even blocks them from accessing certain sites. Less technical, but possibly easier to implement, means of tracking Internet cafe users would be to install closed-circuit TV cameras and record who ever comes in to a use a terminal.

Some countries — most notably China and India — have or are trying to mandate such requirements in local cybercafes. But the global community of Internet cafes itself remains largely a cottage industry that is neither tracked or regulated. And it's unlikely to change anytime soon — especially in Western countries.

"The governments that we have seen regulate easy and anonymous Internet access are the governments like the Chinese who have a tradition of controlling communication facilities," says David Sobel, general counsel for the Electronic Privacy Information Center.

But it would be completely unheard of in countries where personal freedom and privacy are cherished.

"If we were to see our [United States] or European governments take steps against the anonymity of cybercafés, that would be a serious departure from the principles that those societies have generally upheld," Sobel said.

Impossible and Impractical to Track

Besides potentially violating privacy rights, it would be extremely difficult to regulate a global Internet industry, Internet cafe owners and privacy proponents note.

Joie Kelly, president of CSNetwork Multimedia Cybercafe Industry, an organization that has been trying to establish itself as an international association of cybercafes, says there are tens of thousands of Internet cafes around the world. "Its impossible to manage and track all of them," she says.

What's more, Kelly and others argue that requiring cybercafes to implement even the simplest of security and monitoring setups would be of dubious value.

"You could try to require photo IDs when you go online at these places," says EFF's Tien. "But minors regularly purchase alcohol with false IDs, too. You can waste a lot of energy trying to prevent the unpreventable."

And indeed, the experience of some cybercafe owners show that such efforts make little sense at all.

James Rothnie, a corporate spokesman for London-based EasyInternetCafe, says the high traffic through many of its 24-hour cafes such as the one in New York's Times Square would make it nearly impossible to check everyone's ID.

"To get everyone that uses [our] Internet cafes and require them to show their passports would be as efficient as [identifying everyone] at a bus station," says Rothnie. And with nearly 2 million people visiting their busiest cafes per month, "it would be impractical." he says.

Owners Take Charge — For Now

But Rothnie says the company doesn't completely ignore the potential threats against cybersecurity. "We've lived with terrorism for the past 20 years," he says. He says each cafe's manager is responsible for complying with any local laws that may require anti-terrorist monitoring schemes.

In the London cafes, for instance, that means using close-circuit cameras and monitors. And since the first London cafe opened in 1999, Rothnie says the monitoring systems has been used to spot pickpockets more often than help police catch terrorists.

Allowing individual Net cafe owners to decide how to best implement tracking technologies — if at all — is probably the best solution, says CSNetworks' Kelly. She says she encourages Net cafe operators to work with local governments and law agencies to develop the correct and necessary safeguards.

"There is no 'one size fits all' solution for this," she says.