US govt quietly tweaks rules to let cops, Feds hack computers anywhere, anytime On Thursday, the US Supreme Court approved a change to Rule 41 of the Federal Rules of Criminal Procedure. It sounds innocuous, but the effects will be felt around the world. Under today's rules, US cops and FBI agents need to know where a computer is before they can get a warrant to directly hack the machine – because they …
The way this is formulated, it also sets in stone extraterritoriality of the warrant and gives a lowly magistrate court the authority to grant an order for the cops to hack computers located outside the USA territory with no consideration for any bilateral treaties on the subject. So much for Privacy Shield I guess.
So much for Privacy Shield I guess
That was exactly my thought too, but I'm actually glad that process is now pretty much spiked (at least, I hope so, depends on how much bribing lobbying happens in Brussels, although especially the French in the Art 29 Working group seem to be keen to spite the Americans :).
Is it open season? US law allows lots of things that aren't allowed in foreign parts, but that's not open season because even US courts understand that US law on (say) sex doesn't apply in Iran. All this law appears to say is that if a foreign computer is hacked by a US detective who has a warrant issued in a US court then that detective has not broken US law and can't be prosecuted in a US court.
It is true that a US court is unlikely to grant an extraditing order on someone who didn't break US law and never left the US. But that's probably true in most countries and we don't accuse them of trying to impose their laws on us. We simply put more effort into our own cyber-security.
"It carries with it the specter of government hacking without any Congressional debate or democratic policymaking process," said Richard Salgado, Google's legal director of law enforcement and information security. "We should be the only ones allowed to track people without their knowledge or consent."
The merkans inflicting their ideas on the world.
What happens when the FBI (or another of the merkan TLAs) break into a computer in another country and get caught? Can they be prosecuted under the "victims" country's laws on computer misuse? I am sure that their merkan warrant won't have much standing outside of the USA.
Actually, just a short time ago we (the US) indicted several Chinese citizens working for/with the PRC government for violating US laws against computer misuse, 'hacking.' So given that example any TLA agent or someone working with/for such an agency must be fair game as well.
Perhaps this Administration, especially the FBI and DoJ really, really need to give this all a hard (re)think.
Perhaps this Administration, especially the FBI and DoJ really, really need to give this all a hard (re)think.
Clearly you're not from around here, are you? If you were, you'd know that thinking has been outlawed. Don't think so? Just ask any Republican, from the lowliest Bubba to the top Presidential contenders, and the patrons that are funding them.
"What did happen to Gary McKinnon anyway?"
From the WickedPea: "On 16 October 2012, Home Secretary Theresa May announced to the House of Commons that the extradition had been blocked, saying that "Mr McKinnon's extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr McKinnon's human rights." She stated that the Director of Public Prosecutions would determine whether McKinnon should face trial before a British court.[21] On 14 December, the DPP, Keir Starmer, announced that McKinnon would not be prosecuted in the United Kingdom, because of the difficulties involved in bringing a case against him when the evidence was in the United States."
Can a magistrate in the victim's country issue a warrant authorising hacking into the computers that the FBI criminals are using for the attack?
Not unless counterattacks are written into law, otherwise he/she would be ordering someone to commit a crime which is a crime in itself and you'd end up with a case of legal recursion :).
However, some countries consider active retaliation a legally acceptable form of defence, but leave the responsibility with you to first check if you're retaliating against the correct target and accept the consequences. If I recall correctly, Switzerland is one of those countries.
@Oengus
Can they be prosecuted under the "victims" country's laws on computer misuse?
Given the American tendency to not submit to the jurisdiction of courts outside the US, I suspect that the correct answer to your question may be "Don;t hold your breath!"
A case may well be brought - but it would be tried in absentia.
While I can see, from the example, that this can be a somewhat difficult situation, boiling it down to the essentials, we see the same as always: law enforcement agencies that complain that following due process is too cumbersome and so want a free-for-all instead.
Taking the example, I can see how current process is problematic for that specific situation. It's a bit of a catch-22: you need a warrant from the relevant jurisdiction for the PC you wish to hack, but you don't know which jurisdiction that is until you hack it.
So, if I have understood that correctly (corrections appreciated), then I realise that this is indeed a problem worth discussing and at least attempting to address.
Let's get this out of the way: child sexual abuse is bad. Just plain bad.
So I understand the imperative to do something and I can more-or-less understand the view that all other considerations should be secondary to stopping it. Which is not to say that I support that view, as due-process is there, in part, to prevent emotion and personal judgement from impacting the course of justice, the presumption of innocence and the liberties of the people.
Due process is most important precisely when the situation is emotionally-charged or there is a particularly strong implication of guilt. If you say that due process shouldn't apply when the alleged crime is particularly heinous then who decides which situations qualify and how much evidence is needed to determine which people have their rights removed?
The FBI saying that this is just a 'procedural' thing is massively disingenuous because there is a HUGE change to. Under current rules, the requirement for a warrant to be issued in the appropriate jurisdiction includes the implicit requirement that the department requesting the warrant must be able to actually properly identify the device they are applying for access to.
This change is the removal of that requirement and that is anything but a 'procedural' issue.
> then who decides which situations qualify
Compensating controls, such as senior/circuit judges, rather than district ones? Preferably ones with a grasp of technology and a track record of butting heads with the FBI? They could give the set of qualified judges a catchy name, like "G[ood]-FISA"?
[*THUD* of landing back on Earth] Nurse, is it time to take my meds?
P.S. No disrespect to judges in general. I'm sure most of them are smart and have integrity.
P.P.S. I'm not saying I agree with this rule change, or assuming they haven't already thought about compensating controls, all I know is what was in the Reg article. The Proposed Amendment detail in the PDF isn't very clear to me!
This change seems to authorise US law enforcement to hack any PC anywhere in the world - potentially a hostile act of a foreign power, from our perspective.
So, if it goes through, shouldn't the governments of the free world advise the US that we won't be too happy about it?
Or do they already accept that US jurisdiction applies throughout the world?
I get your point - at least as far as spying is concerned, but this is not just about what the spooks get up to. This is about allowing the police to do the same.
At least the intelligence agencies generally know how far they ought to go. Can you say the same about the average copper?
No, I DON'T think the intelligence agencies know their limits. …. Charles 9
Actually, they certainly sure do, Charles 9 …… there are no limits. The shame on them is that their intelligence and systems fail them so badly ….. and that makes them vulnerable to being bypassed and extraordinarily rendered irrelevant and impotent, and easily led by useless fools who be useful tools and/or vice versa that.
All of that though may have been what you were saying in your post.
It's not a free for all, it's only for catching those horrible perverts. You don't support those horrible paedos, do you?
Don't think our mate Dave, or Mother Theresa is going to be doing anything other than salivating over the prospect of unfettered access. Perverts.
Carry on, citizen.
All Senator Ron Wyden has to point out is that with this simple change, law enforcement officials could easily be hacking into THEIR computers and perhaps dig up some dirty secrets. Congresspeople have gone to jail in the past, so they're not safe in this case. The point is that this would a potential Executive crimp on the Legislature. Even Republicans would be able to recognize this threat for what it is and this should be enough to set up a quick debate and bill to prevent this. If they get enough bipartisan support, they could even get that rarity of rarities: a veto-proof majority.
"All Senator Ron Wyden has to point out is that with this simple change, law enforcement officials could easily be hacking into THEIR computers and perhaps dig up some dirty secrets."
Is that really the case? AIUI it obviates the need to know where the target is located when applying for a warrant. If that's the only change then providing that they know where the target is located then they could apply for the warrant they could hack into it under the existing rules.
But if the target is an agent or other go-between for someone IN Congress, and this form of extraterritorial power becomes de jure, then as the saying goes, it's open season. It's can easily be seen as basically an attack on foreign sovereignty, and so soon after the scandal that is the Panama Papers, sovereignty as a shield is going to face a double whammy.
In God and GOD** we trust you realise there is a right battle royal raging amongst elitists for dominant power and oppressive command and impressive control with Brave New Orderly World Order Programs for revised SCADA Systems Administrations of Plans and Projects for a New American Century, which is just like the old PNAC but approaching from a different angle, exercising vectors in other sectors.
* Although Hellish Prisoner Environment is Default Failed Austere Live Operational Virtual Environment and current Mainstream Media Hosted World View.
** Global Operating Devices
Please note there are no questions posed there for the cover and protection of doubt and disbelief. Things are as they are and to imagine them different is delusional and delivers one catastrophically vulnerable to zeroday exploitation and APT ACTivIT.
This may result in a change to what happens in courts, but probably not what happens on the net. IP addresses aren't guaranteed to lead to a person. Many people use VPNs in different countries from where they are located. Without knowing the specific person, there simply is no knowing where they are. This leads me to think that these FBI law scoffers enforcers have been happily hacking into people's computers all over the world already.
Which is why step 1* is getting your vital computing off the 'net. ASAP. As the article pointed out, the FBI/etc. are going to go into already compromised machines. I'd actually pay money to watch that feed. Already they have a real problem getting even lesser talents, something the criminals seem to have an abundance of in addition to the first raters out there. Let the 'Net Ninja Games commence!
* - Some body is going to do something incredibly stupid, perhaps a whole lot of people, supposedly aware of the consequences of cyber-insertions and counter-cyber-insertions, and the shit will hit the nuclear-powered fans all over the internet. If I wasn't convinced before, I'm am absolutely convinced that the criminally insane are in charge of the planetary asylum.
Idiots!
They got the timing wrong, John Wayne day was planned for the 26th of May (but may be cancelled as he apparently made racist comments).
Honestly, WTF are these people thinking? Writing something like that into law is, well, "delusional" is probably the most polite word for it.
The article is correct that not much will get done during an election year, but the election is in early November, after which congress and the administration goes to work for a so-called lame duck session until the newly elected take office in January. That's one of the best times to actually get things done, because congressmen who are retiring or were voted out are no longer beholden to their corporate masters, and the ones who will be coming back are less concerned about public opinion because the next election is further off than the memory of most voters.
I don't know whether they will overturn this, but the election year will not be a barrier preventing it.
"Why, oh why, didn't I take the blue pill?"
I took both and am now so confused I don't know if I am coming or going, or going or coming.
Don't forget the people (if you can call them that) who propose and vote for these laws are the same ones who accused Julian Assange, and Australian citizen, of being an American traitor. If they fail to get that small distinction correct then how the hell are they going to get ones with bigger words right.
The words from the guy who drafted the Patriot Act was that he never envisaged it to be used in the way it has. The TLAs can NEVER be trusted as they will twist anything and everything to support their view. "So, you invoke your legal right to remain silent. You MUST have something to hide"
Good luck to the TLAs hacking my TAILS key while it sits in my pocket. All these wankers are doing is encouraging those much clevererer than me to write better and better encryption apps to stop the spying bastards.
POWER TO THE PEOPLE!
"Good luck to the TLAs hacking my TAILS key while it sits in my pocket."
Easy enough. If they REALLY want you, they'll enlist a pickpocket since they already copied the contents of any encrypted volume you had while you were away. Or they'll plant a bug on your machine to get the contents as they're decrypted (since we don't have encrypted cyberbrains a la Ghost in the Shell, the contents HAVE to be decrypted at some point, they'll just wait until then).
...... Sublime Venture Collaboration
Hi, DoctorNine,
Do you acknowledge that aforementioned gifted chain design has fundamental catastrophic flaws which are easily exploited and actively being exploited and a present chaotic cause of grave concern?
And is it delusional and conveniently stupid to imagine it not to be so and the current state of all critical strategic affairs in and out of elite programming circles of influence and affluence?
The thinking freely shared there, in all of the above, is that it is certainly the case and an absolutely fabulous, fabless opportunity to boot and root for too.
It seems like the feral courts are attempting to declare war on anybody and everybody maybe they need to read a musty old document called the Constitution. But the feral shysters are not a very bright lot and suffer from reading comprehension problems (more like outright illiteracy) so the bit about only Congress can declare war might not be understood.
Also, this stupidity allows, if adopted, everyone else to do the same thing because the ferals set a precedent.
This is the part that surprises me. The Supreme Court actually bought this scheme and approved it. Wyden is right about it violating the 4th Amendment. Others are right about extraterritoriality issues and treaties. WTF? Did someone get the down and dirty on the Justices?
I realize there's times when having this power might be a good thing... say the child molesters or the so-called cyber gangs with extortion, etc. But giving them carte-blanche with no restrictions is absurd.
OTOH, I suppose it's possible that the governments have already entered into agreements about tracking down bad guys and this is just a formality to allow the FBI to do it... but the implications are too terrible to think about.
And yes, I'm thinking of the children. I'd rather they didn't grow up in world where they are presumed guilty of everything with constant surveillance and some STASI like organization enforcing things.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
