Judge rules FBI can hack any time, any, place, anywhere A federal district court in Virginia has ruled that the FBI has the right to hack into computers around the world without getting a local warrant, and without any review by courts. The ruling, by US District Judge Henry Morgan, comes during the prosecution of Edward Matish. Matish is one of the 100-plus suspects arrested …
"So the FBI has the right to hack the world....." Er, no. Despite the click-bait headline, the judge is clear that the FBI's rights only extended in this very narrow case due to the larger threat of child pornography to US Citizens. You may continue as you were (unless you're into child porn....?).
Well that's the rub isn't it?
"Terror" or "Child Porn" or "<insert horror here>" suddenly trumps all rights and freedoms. So basically if you are accused of a certain threat all rights and protections are removed.
Patriot Act much??
So while Matt Bryant seems to be somewhat correct and the ruling does seem to be a little more restricted than the click-bait headline El Reg foisted on us, I have to wonder if all it takes is for the FBI to say "hey, it might be child porn" for them to get a free pass on surveillance.
The actual bits of the ruling that I found relevant where:
(pg 52) "FBI agents who exploit a vulnerability in an online network do not violate the Fourth Amendment".
(pg 54) "while the Court FINDS that the Government did not need a warrant before deploying NIT, the Court recognizes the need to balance an individual's privacy in any case involving electronic surveillance with the Government's duty of protecting its citizens. Here, the balance weighs heavily in favor of surveillance."
So there is lip service paid to privacy, and the "here" seems to refer to "this case". Mind you, precedent being what it is, it probably opens up a very large hole in the whole "privacy rights" thing.
ps: US Fourth Amendment, for those of us who don't know: "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause,". I don't know why it wasn't included in the original.
The key word in the Amendment being "unreasonable", but in matters of protection of the most innocent of its citizens (children) or against threats of a potentially existential nature (terrorists who could be willing to pull off a suicide nuke), you're basically crossing the Godzilla Threshold, in which case anything is considered reasonable. At least by their way of thinking.
This post has been deleted by its author
"A federal district court in Virginia has ruled that the FBI has the right to hack into computers around the world without getting a local warrant, and without any review by courts."
I wonder what courts around the world are going to do when they are told that Merkan law overrides their territorial laws.
If these Merkins (sic) can go round "hacking" anyone they please without a warrant, then what's to stop them from remotely planting evidence on whomsoever they choose, before having them burned as paedos/terrorists/witches?
A: Nothing. Happens all the time. Say, you're not from around here, are you?
That's just the tip of the iceberg. All of this is designed to "discover" "terrorist" plots/material/whatnot so that they can put them on a no fly list that will revoke the 2nd Amendment rights of US citizens if they catch the eye of the US gov., i.e. the are using their 1st Amendment rights to speak unfavorably of said gov...
That is exactly the grounds on which some lawyer will demand the right to review the NIT code.
There is a very simple test that judges should be applying to these cases. If law enforcement is
doing something that would get someone else arrested then they need a warrant.
I don't have the right to sabotage any web client that visits my site with malware. Neither does
the FBI. Requiring a warrant limits the scope and volume of such infections, and therefore cuts
the risk of collateral damage to lhe computers of law abiding citizens.
If the logical human reaction to something like Oculus linking DRM to their headsets caused a backlash that weakens their position in terms of protection against piracy, I can just imagine what the net reaction to this will be if the FBI are given carte-blanche to break all their own laws (and everyone else's) on the misuse of computers etc.
Open season doesn't even come close. People will only put up with the powerful having sway over them if it is *reasonable*. This goes to far beyond reasonable and they can expect an *unreasonable* (and probably exaggerated) response.
"Open season doesn't even come close. People will only put up with the powerful having sway over them if it is *reasonable*. This goes to far beyond reasonable and they can expect an *unreasonable* (and probably exaggerated) response."
You overlook the appeal to emotion. The average joe reacts more to emotion than to reason, and "Think of the children!" is an emotion play. Showing someone is a child molester basically blackmarks you in the eyes of society: usually forever since even clearing your name is usually seen as a lie.
FBI should hack Tor, Tor should secure against that. If FBI wasn't allowed to try to hack it, how would we know it was backdoored?
The act of hacking it, shows its backdoored.
What use would it be if a Chinese dissident couldn't speak freely because he's not sure if his government is hacking his communications? What use would it be if a British dissident couldn't speak freely because Theresa May is listening in?
The problem here is Tor foundation is tainted and Tor needs to be forked and fixed by someone with credibility. Jacob?
"FBI should hack Tor, Tor should secure against that. If FBI wasn't allowed to try to hack it, how would we know it was backdoored?...." Well, yes. But I suspect the FBI's NIT did not "break" TOR but simply made TOR's hiding of IP addresses in transit irrellevant. Note the article states the "malware" was put on the server, which is effectively outside TOR, then the identifying "signal" was collected after the package had exited TOR and was on the target's PC. All TOR does is encrypt the package and obfuscate your IP address in transit, it does not detect and prevent malware from broadcasting your IP address after it has reached your PC. This is how honeypots are used to track e-crims, it's nothing new, the only legal question was whether the use of TOR by the paedos gave some right or expectation of privacy, which the judge decided it did not.
Don't they realise they have now opened up all the US government and its departments to the world? After all 'you do it to me, therefore I can do it to you' comes into play.
I assume the next thing we will hear is that the FBI has been hacked and all their information is available on some server in China or Russia.
"Don't they realise they have now opened up all the US government and its departments to the world? After all 'you do it to me, therefore I can do it to you' comes into play."
And that's where you're wrong. The West always has the moral highground - when we do it it's good, but when others do it, its bad. /sarcasm off.
Outside the West, it's known as so-called justice.
"Well, my question is: is it illegal to block an attempted hack?....." No. If you are simply defending yourself against an unidentified threat then that is perfectly legal. Being unaware it is the FBI makes your actions innocent as defensive measures would be the reasonable response to an intrusion. You could probably even get away with deleting evidence by claiming you thought deletion of the data was the only way to protect your secrets from the unknown hacker, it would then be up to the FBI to prove you deliberately deleted evidence to avoid the FBI discovering it. But you might be called to explain in court why you thought your actions were justified defensive measures, and if the prosecutor can sow the idea in the jury's minds that you did it in bad faith.....
".....And the followup question: if you know it's the FBI trying to hack you, is it illegal to block the attempted hack?" If you become aware it is an attempt from the FBI, and you are in an area under their jurisdiction (probably including areas with co-operation and extradition treaties), and the FBI could prove that you knew (not sure how they would), then they could charge any further attempts to thwart their hack as interference with an investigation (or spoliation of evidence if you delete or encrypt anything after you become aware the FBI are hacking you). I suppose a defence would be, when an attack is detected, if you believed it was the FBI then call them and ask them - if they deny it is them then you have the legal protection of saying your further defensive measures were innocently made because "they said it wasn't them". Of course, if it's not the FBI and you call them, they may say "no, but we'll hack you now you're on our radar as thinking we might have an interest in hacking you, thanks!"
Outside the FBI's jurisdiction it becomes a matter of co-operation between local and US authorities. Ukrainian hackers have recently found out to their cost that hacking US servers can lead to extradition, but hackers in places like Ecuador, Cuba, China or Venezuela are laughing.
Per the judge:
Notably, the Government already has found that protecting its citizens outweighs the First Amendment's right of freedom of speech, for it applies prior restraint to child pornography.
Per the US Bill of Rights:
Congress shall make no law...abridging the freedom of speech, or of the press;...
Can't see any legal loophole to protecting free speech in that phrase, beyond just "Hey, we fucking made it up, so deal with it".
This shyster apparently believes because computers are hacked that users are consenting to hacking. Thus, according der Shyster, the ferals can hack with impunity. The logic flaw is that hacking is by definition done without user consent. And it is done in such away to avoid detection by users.
"Congress shall make no law...abridging the freedom of speech, or of the press;..."
Sorry, but that's been abridged for nearly a century now. Look up US v. Schenck (1917) and the "Fire in a Crowded Theater" justification. No right is absolute as one person's rights inevitably butt up against another's.
So now, he FBI has a mandate from a judge to go and tread on CIA toes.
Formerly it was considered FBI jurisdiction for investigations within America's shores and offshore was the jurisdiction of the CIA.n
I suppose the next thing is going to be open house on the world for any merkin law enforcement, including Sherrif Cletus from Bumwipe Indiana.
The (very) long arm of Merkin law!
I haven't seen the toe crusher since 6th grade
Was just watching that movie again a few days ago.. One of my favourites that I watch every couple of years or so.
It always make me snicker a bit when someone hints that the FBI and CIA either don't work together well or really are separated...
Anyone would think that one groupthose two got the concept of "divide and conquer" a bit mixed up.. :)
(Who the hell gave you a down vote? Here's an up to balance things a little...)
Can you claim self defense if you are "reverse" hacking a hacking attempt on your system/network being that you don't know where it is coming from?
Say you have some counter measures setup that might kill the offending system(s)/network(s). What then?
But I guess this is all moot if you are using any Cisco gear. It's full of holes like Government (Swiss) Cheese...
Can you claim self defense if you are "reverse" hacking a hacking attempt on your system/network being that you don't know where it is coming from?
In the US, that would probably be a DMCA violation at a minimum. Hell, they'll probably try to claim RICO too, just because the Feds never build a small case.
"Can you claim self defense if you are "reverse" hacking a hacking attempt on your system/network being that you don't know where it is coming from?....." No, your actions would be just as illegal, but it is highly unlikely the hacker would go to the cops to file a complaint. Of course, what you need to be careful about is the intermediate systems and whom owns them - if the attacker has compromised a business's server and used it to attack you, and you hack that same server in return, then the law is likely to consider you just as much a hacker as the attacker. Far safer to contact the business that owns the intermediate server and warn them their server has been compromised.
Anyone remember that movie "Sneakers" ? "No More Secrets"
I feel this is an egregious violation of my rights since all we see on our TV's and hear on our radios is how to protect our identity and data... well now I can see why
I believe this law should be augmented to the following: the FBI cannot hack someone's PC/phone wiithout serving a warrant to the person who owns them.
In other words, no FISA warrants..
if a person has nothing to hide, then no biggie.. porn? legal porn should not concern the FBI (unless they need new material) browser history looking up various guns? harmless.
no different than buying a book on guns and doing the research that way
As for the IP ownership.. Um... I think IANA is who owns them.. companies and networks pay for a block but if the company goes tits up, the IP's can be recycled.. so TRUE ownership of the IP is IANA.. or at least the entity that assigned it to the end user.
-- a reasonable expectation of privacy with respect to my telephone number(s)? I mean, it's eminently discoverable. Might as well post it beside my door, along with my street address.
Most people who go online do so without masking their IP address. Like a phone number (sort of).
What about an unlisted phone number? Can that be considered protected information -- does the act of asking that a number be unlisted mean that the FBI is barred from searching it out?
Well, then, what if you intentionally buy a throw-away cell phone and use it as anonymously as possible? Does that mean that the FBI or CIA is legally barred from discovering your phone information?
In other words, does your intent to hide what is otherwise quite public create a legal bar to its discovery? Whether it is a phone number or an IP?
"'The court finds that Defendant possessed no reasonable expectation of privacy in his computer's IP address, so the Government's acquisition of the IP address did not represent a prohibited Fourth Amendment search,' the ruling reads."
OTOH, "...the FBI took over the Playpen child abuse website and used it to infect visitors with a 'network investigative technique' (NIT). This revealed their IP addresses and details of the computers they were using."
This is much more like burglarizing a house than like discovering a phone number, it would seem to me. The NIT is malware, and it was loaded onto the suspects' computers without their consent -- whap. That's illegal for citizens, and it otter be illegal for plods without a clear and carefully delineated warrant.
Otter. In a better whirled.
It is not the discovery of the telephone number that is the issue, it is the act of breaking into your house in order to get your telephone number that is the issue. Because once it has been declared legal for the authorities to break into your house whenever they please without a warrant, you can be very certain that they will not limit their activities to the recovery of telephone numbers.
We can all agree pedos should burn, but now this means the FBI can hack your computer for ANY reason they see fit.
Sure, yesterday it was child abuse, tomorrow it will probably be copyright infringement. I'm sure we're all willing to throw away our fourth amendment rights to placate the f-ing MPAA!
This should hopefully get thrown out real fast.
Leaving the application of Hammurabi's law aside, you are exactly right.
Enjoy your upvote.
"Think of the Children" is always right at the very pointy end of the wedge, followed by muh turrurists and then by the MPAA and RIAA and then, inevitably, by everyone else with no regard for public privacy and some spurious claim to legal action.
Yes it should be struck down immediately and forcefully but I get this funny suspicion that it won't.
So now the government has driven another nail into their own damned coffin and soon they'll pine for the days when communications were as easy to hack as TOR and iphone encryption. I'm fair certain the rest of the world won't sit around waiting to be hacked by the US and will instead write better encryption and obfuscation tools and generally work right round the FBI who will be left crying for laws to be put in place to stop people from protecting themselves with foreign software.
"So now the government has driven another nail into their own damned coffin "
No they won't. Why do you think they have that data center in Utah? It's a cover for their black-hat encryption-cracking outfit (that probably houses a working quantum computer to boot). The state always has more resources than you. Anything you can do to try to cover your tracks, they'll find a way to beat it. Even the One-Time Pad is not immune (simples: intercept and copy the pad).
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable rights, that among these are life, liberty and the pursuit of happiness. ~ The United States's founding document.
All other documents and laws are to accomplish/enforce the statements of this Declaration of Independence.
Our nation started with our declaration and a pledge:
"And for the support of this declaration, with a firm reliance on the protection of Divine Providence, we mutually pledge to each other our lives, our fortunes and our sacred honor."
We are created equal, no one has the power to invade your privacy without due process. That concept as expressed in the Declaration of Independence and further clarified in the Constitution is the result of a British hero, John Wilkes.
The argument the judge is making is very similar to the argment the judge made in the 1700s that was countered by John Wilkes and recognized by our founders as essential for the United States.
Times changes. Pretty soon it'll become possible for one person to ruin civilization, after which no holds are barred if the government is to be able to fulfill its obligation to protect its citizen's inabliable rights. Basically, life can break the rules of man, which in the end are just ink on a page.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
