Stock traders selling short. Bored kids. Anti-capitalist terrorists. Any of these could be responsible for the recent hack attacks that hobbled Yahoo!, Buy.com, E*Trade, and other commercial websites. But last week the hard-core techies who post messages on the website of Slashdot magazine were fingering a different suspect: the federal government. "Is it paranoid to note," asked one, "that we're being hit with unprecedented attacks, with no known motive, at the same time as the government is pushing for yet another expansion of their surveillance powers?"

Well, yes, it is paranoid. While it's true that the attacks began just a day after the White House requested $37 million to help the Justice Department fight cybercrime, the government hardly needed a string of hacks to make its case. It's no secret that the FBI's cybercrime team lacks the staff to deal with the nearly 900 computer-crime cases now pending. And even a beefed-up FBI won't be enough. In fact--cyberanarchists, close your ears-- the government could do much more to protect cyberspace. But, so far, it won't.

The computer break-ins were relatively simple to execute. Hackers merely zeroed in on large, powerful computers that stay connected to the Internet constantly--servers that operate networks at large research universities, for example. Then, exploiting flaws in the software that keeps these computers operating, the hackers essentially hijacked them. They used the computers to hurl huge packets of data at their targets, deluging them and effectively shutting them down. By staging the attacks through unwitting third-party computers, the hackers managed to keep their own identities concealed.

The most obvious way to protect computer systems from being commandeered in this way is "encryption": in effect, you make your computer code so difficult to decipher that it's impossible to hack into it. But the government guards encryption technology jealously, because anything sophisticated enough to keep out hackers would also keep out spies from the FBI or the CIA. Late last year, the Clinton administration relaxed some regulations on the export of encryption technology. But, because they waited so long, many sites still haven't yet begun using the technology. What's more, some regulations still stand--which is why many engineers blame the White House for the recent troubles. "The breaking into zombie computers may very well have been stopped if encryption had been more widely deployed," says Perry Metzger, an Internet security consultant and member of the Internet Engineering Task Force (ietf), a loosely organized, private international body with some 200 members. Regarding the larger security picture: "The effects of export liberalization are going to take two or three years. It's a little late now."

In any event, simply loosening the shackles on encryption technology would not guarantee that administrators of large computer networks would adopt it. And, since even a few large, unprotected systems expose the entire Internet to hacks, somebody must see to it that encryption gets used. This is where government comes in. It should set safety standards for the Internet much like its safety standards for the auto and airline industries. "The companies will never do it," says Jeff Schiller, network manager at the Massachusetts Institute of Technology and area codirector for security at ietf. "We have seatbelts in cars because the government mandated them, not because companies thought they were a great idea."

It's true that the Internet is harder to regulate than Ford. But it's not completely intractable. Consider the success of the Internet Corporation for Assigned Names and Numbers (icann). A nonprofit group with international representation, icann was created by the Commerce Department to introduce competition into the market for Internet addresses. Previously, one company-- Network Solutions, Inc.--had a monopoly on assigning domain names. Thanks to icann, 27 competitors now vie for that business. "If the U.S. government can come up with something that makes sense, great," says Don Heath, president of the Internet Society, a nonprofit international group that studies the Internet and government policy. "It's wrong to think that the informal arrangements that made the Internet a success until now are going to be the same things that will drive the Internet in the future."

Indeed, the administration's best move right now might be to transform the ietf into a more formal body--one that sets technical and security standards and makes certain all the Internet's interconnected networks abide by its rules of conduct. Ietf, which does most of its work via e-mail and holds meetings three times a year, grew out of the Internet's academic beginnings and has no real enforcement power. Yet, since 1986, its members--the majority of whom are Americans--have shaped major international decisions on how computers communicate across networks. Think what it could do with a more formalized role.

Some deregulation is also important, starting with the antitrust laws that forbid companies from sharing information about business practices. But, like any other system of cooperative security, the Internet will work best with an effective police force--and only government can create it. That isn't what the cyberanarchists and their libertarian backers in Washington want to hear. But, given the very real threat hackers pose, paranoia is an indulgence we can ill afford.