back to article Hey, non-US websites – FBI don't have to show you any stinkin' warrant

US government attorneys have argued that the FBI didn't need a warrant to snoop evidence from the Silk Road darknet drugs souk, for a simple reason: its servers were located outside the United States. Attorneys representing accused Silk Road headman Ross Ulbricht have suggested that the FBI used hacking techniques to pull data …

Anonymous Coward

A USA Inc marketing ploy?

So, they're saying you need to use US based servers to avoid warrantless search by the FBI (and by extension CIA, NSA etc)?

This sounds like an attempt to get legitimate businesses to use US based servers, to me, on the basis that otherwise the spooks will be all over your data, for the simple crime of using someone elses server farm!

30
1
Silver badge

Re: A USA Inc marketing ploy?

The spooks are all over everyone anyway... so what difference does being in the States make? In real the real world, not the so-called legal world?

6
0
Anonymous Coward

Re: A USA Inc marketing ploy?

The FBI's claim that they can do it "without a warrant" is quite interesting. If that sticks it means that US foreign policy, a matter for the political leadership of the US, can be completely undermined by their law enforcement agencies without the political leadership having any visibility or control over what's going on. It means that the political leadership would not be able to make a promise to another country that the US won't violate that country's sovereignty. Rather the opposite in fact.

That could make negotiations with countries from whom the US does actually need cooperation very difficult indeed.

Also that's only one tiny step away from the law enforcement agencies claiming the legal privilege to do the same within the US.

That sounds really ****ing scary. That is a police state.

46
2
h3

Re: A USA Inc marketing ploy?

The funnier side is the Chinese doing exactly the same as the USA did to Britain a few centuries ago.

9
1
Silver badge

Merkel has the right idea, make the non-UK EU internet like a corporate intranet

Merkel has the right idea, make the non-UK part of the EU internet like a corporate internet -- keep internal traffic internal, and put up boundary defenses at the interfaces with the outside internet.

Failure to do that is a failure of governments in job #1, the job of safeguarding their own citizens from hostile foreign powers.

12
0
Silver badge

Re: A USA Inc marketing ploy?

Shame the servers weren't in the UK, they could get the FBI arrested and extradidted to the UK under RIPA... Finally something RIPA is good for!

16
1
Silver badge
WTF?

Re: A USA Inc marketing ploy?

So by that assumption,that outside of the country of residence all systems are fair game to hack, everyone else can hack US severs. After all they *may* contain illegal material.

18
1
Silver badge

Re: A USA Inc marketing ploy?

The FBI's claim that they can do it "without a warrant" is quite interesting. If that sticks it means that US foreign policy, a matter for the political leadership of the US, can be completely undermined by their law enforcement agencies without the political leadership having any visibility or control over what's going on.

Most countries have laws against this sort of hacking attack. The FBI are opening themselves and their employees up to prosecution in those other countries. The FBI and the judge are correct, they don't need a US warrant in order to look at / hack overseas servers. They are wrong to think that makes it legal; what they need is a warrant issued in the country where the servers are!

36
1
A A

Re: A USA Inc marketing ploy?

big_D: They are wrong to think that makes it legal; what they need is a warrant issued in the country where the servers are!

This should be the correct answer.

4
0

Re: A USA Inc marketing ploy?

Since the FBI is part of the Department of Justice, and the head of the DOJ is the Attorney General of the US, a cabinet position, then saying that the political leadership does not have any visibility or control is inaccurate.

It's more accurate to say the current leadershit doesn't care about the Consitution. Ours, Yours, or any other country's.

6
0

Re: A USA Inc marketing ploy?

Surely then this means it is perfectly OK for some foreigner to hack into US servers if they are looking for evidence about something?

2
0

Re: Merkel has the right idea, make the non-UK EU internet like a corporate intranet

Great idea until you realise that the US already has the back doors to all of the solutions that the EU could deploy. And if it doesn't it will just install fibre taps like its already done before. That is unless the EU wants to fund a ground up re engineering of computers and networks starting at the hardware and firmware level and working up?

0
2
Anonymous Coward

Re: A USA Inc marketing ploy?

I'll continue to use my offshore runbox.com (e-mail by Vikings!) accounts because I trust their privacy and security best practices more than any U.S. based provider. With them I'm a customer, not product -- or "the enemy" that U.S. intel and law enforcement agencies seem to consider everyone outside their own small, insular, circle to be.

0
1
Anonymous Coward

Re: Merkel has the right idea, make the non-UK EU internet like a corporate intranet

Can I get a VPN connection from North Carolina into that?

0
0
Silver badge

Re: A USA Inc marketing ploy?

@big_D

>Shame the servers weren't in the UK, they could get the FBI arrested and extradidted to the UK under RIPA... Finally something RIPA is good for!

Do you have a precedent ? Has the US ever extradited a US citizen ? Thought so ... RIPA is one-way only, mate.

2
0

Re: A USA Inc marketing ploy?

What makes it more interesting is based on their punt at it the US law is what matters on the iceland servers.

I'm sure China could hack in to most places in the US and find stuff which breaks Chinese laws.

Purely on the anti-time travel law you could hack in to most film studios, book publishers or other forms of entertainment since time travel is a fairly common storyline in books and movies.

1
0

Seriously, the phpMyAdmin connection is paper-thin nonsense. Sadly, it's all too easy to bamboozle those who live in the intersection of law and software with blatant bullshit.

Coming next... Suspect breathes. Terrorists breath. Suspect must be a terrorist.

42
1
Silver badge
FAIL

Oh noes

I have a compiler. Virus writers use compilers. Therefore I am a virus writer...

I am an animal. Hamsters are animals. Therefore I am a hamster.

13
1
Anonymous Coward

Re: Oh noes

I've got Ham but I'm not a Hamster

8
1
Black Helicopters

the phpMyAdmin connection is paper-thin nonsense

Yep, it's nonsensical kiech of the smelliest kind. For example, lots of university and college courses still have students using phpMyAdmin as part of an introduction to web development.

All those student band / baking / biking / etc. sites (and doubtless many others developed later by the same students) are clearly illicit and must be hacked forthwith.

3
0
Coat

Re: I've got Ham but I'm not a Hamster

I've got toast but I'm not a toaster?

1
2
Silver badge

I've got a web-browser just think of things I could be looking at..

(Now go and clean your keyboards you naughty little peeps....)

1
0
Silver badge
Angel

Re: Oh noes

I am an animal. Hamsters are animals. Therefore I am a hamster.

God is Love. Love is Blind. Therefore Ray Charles is God.

5
0

Re: Oh noes

That reminds me of one I pulled years ago for a movie's Touring Machine:

"What is God?"

``I Prefer to thing of God as a Who than a What``

"Then Who is God?"

``God is Master of the Universe``

"Then what is He-Man?"

5 seconds later:

``He-Man is God``

1
0
Happy

Re: Ham but not Hamster

If a roadster is a thing that runs on a road then a hamster must run on ham...

I am *definitely* a hamster!

1
0
Silver badge

I was following their logic right up until phpMyAdmin. If the presence of phpMyAdmin is enough to rifle through its drives looking for evidence of crimes then very few servers running MySQL (or MariaDB for that matter) are safe.

21
0
Anonymous Coward

I don't take that is what they were implying. I think they were implying that the use of the software proved activity...I think. Or, they could be implying phpMyAdmin is a lovely target and they enjoy when criminals use it.

2
1
Silver badge

@MyBackDoor

No, I think that's pretty much what they are implying.

I believe the idea is similar to a police report saying that a wanted criminal was last seen driving a red, late model Ford Falcon sedan (insert local equivalent) and then matching that with a suspect driving the same car.

Except, in this case, the report is more akin to saying that the suspect was seen driving 'a van'.

In other words, flimsier than anything any normal person would dare claim.

16
0
Gold badge
Unhappy

@Sisk.

"If the presence of phpMyAdmin is enough to rifle through its drives looking for evidence of crimes then very few servers running MySQL (or MariaDB for that matter) are safe."

Exactly

5
0
Silver badge
Joke

RE: In other words...

flimsier than anything any normal person would dare claim a sheet of single ply toilet tissue.

FTFY!!

0
0
Silver badge
FAIL

Bollocks about "we can examine servers anywhere", bollocks about the standard admin console (like, gee, we haven't seen that before have we? are we all satellites of Silk Road?), bollocks, bollocks, and more bollocks.

Frankly, the icon just doesn't do it justice.

26
0
404
Silver badge
Mushroom

Better?

Scorched earth seems more appropriate - Feds have lost their fucking minds...

3
0
Silver badge

So it's OK, if the server is outside of the US?

Would that mean that any US company that hosts a mirror/backup/load-balancer (AWS and all the rest of it) that isn't in the states, forfeits legal protection from their own government?

36
0
Anonymous Coward

Re: So it's OK, if the server is outside of the US?

Not just that - it is also a confirmation of the maxima that as far as USA law enforcement any law or moral principle is null and void when applied to a foreign subject. While we always knew that, it is nice to have that in writing anyway.

28
0
g e

Re: So it's OK, if the server is outside of the US?

I'd have thought something like 'If they're willing to gain illegal access (as in if a member of public tried that shit on) to a machine then what proof do they have that they didn't plant the evidence there to entrap the defendant?' would be an approach.

Which, I suspect, is none.

4
0
Silver badge
Flame

So why bother to send a letter of request to a foreign country...

... when you can just hack the foreign servers?

I'm hoping the Icelandic judiciary will take issue with this act by the FBI and consider the organization as a whole guilty of a serious crime.

And to the USA as a whole: It makes sense to treat your allies the same way you would treat North Korea in a similar case. NOT.

Disclaimer: I reckon this Ulbricht guy to be a piece of scum, but if the feds and other TLAs are allowed to use these tactics against 'true criminals', what exactly stops them to use said tactics against the rest of the population, criminals and innocents alike?

33
0
Meh

Re: So why bother to send a letter of request to a foreign country...

I wonder how the US would react if a foreign national criminal investigation bureau hacked a hosting business in the US, because they either couldn't go through regular international routes - or because they couldn't be bothered to do so.

Just imagine an Icelandic police force hacking GoDaddy (only US host provider I know o.0) to get to an Icelandic citizen they believed had an illegal server/service running through them.

18
0
Silver badge

Re: So why bother to send a letter of request to a foreign country...

"I wonder how the US would react if a foreign national criminal investigation bureau hacked a hosting business in the US" would not seem to be the comparable question.

The relevant question would be how a non-US court in, say, the UK, Germany, France, or Iceland, would react if their national police agency hacked a server at a hosting business in the US or another country. For the example given in the second paragraph, would the court in Iceland reject evidence the Iceland police force had gathered from a GoDaddy server?

8
0
Silver badge

Re: So why bother to send a letter of request to a foreign country...

I imagine GoDaddy would be upset in that scenario, but I don't see how the FBI would be involved.

Actually, I sympathise with the FBI this time round. If you want to conduct a search in foreign territory, where do you apply for a warrant? Whom do you serve it to? What if the territory concerned has no concept of a "search warrant"?

Clearly, what they should have done is to apply to the Icelandic police to do their dirty work for them, because they'd have the framework in place for jumping through their own administrative hoops. But I can well imagine scenarios in which that would be contra-indicated (e.g. if you don't trust the Icelandic plod not to say something to someone), and then they'd end up right back here.

I really don't see how you can blame the FBI for not following US law outside the US. If you want to criticise them for breaking Icelandic law then go right ahead, but that's a different rant entirely.

0
20
Silver badge

Re: So why bother to send a letter of request to a foreign country...

US law includes provisions of treaties made by the President with the advice and consent of the Senate (2/3 of the Senators must concur). If there is a treaty with Iceland that covers this, the FBI would be required to follow it, and failure to do so could damage or destroy the admissibility of any evidence they gathered.

13
0
Silver badge

existing procedures for dealing with foreign governments and foreign law enforcement

@veti, "... If you want to conduct a search in foreign territory, where do you apply for a warrant? Whom do you serve it to? What if the territory concerned has no concept of a "search warrant"? ..."

There are existing procedures for dealing with foreign governments and foreign law enforcement agencies that the FBI that the FBI is well aware of and uses regularly for non-cyber searches.

12
0
Silver badge

Re: existing procedures for dealing with foreign governments and foreign law enforcement

"There are existing procedures for dealing with foreign governments and foreign law enforcement agencies that the FBI that the FBI is well aware of and uses regularly for non-cyber searches."

Like the way they stuck to the rules when they raided Kim Dotcom?

(Who by the way, is another slimeball that the FBI have succeeded in generating a lot of sympathy for.)

4
0

Re: So why bother to send a letter of request to a foreign country...

I figure that what they should do is get a warrant for hacking the server, and once they locate the server either the server is in the USA at which point the warrant still stands, the server is in a country they have a treaty with at which point they did their good faith bit by getting the warrant in the first place and now they can in good faith get assistance from the Icelandic government. Finally if it's in a country with no treaty they can ask a diplomat for advice and, because they've already got a warrant whatever course of action is advised will have started in good faith.

2
0
Anonymous Coward

Re: So why bother to send a letter of request to a foreign country...

"I'm hoping the Icelandic judiciary will take issue with this act by the FBI and consider the organization as a whole guilty of a serious crime."

what really would be funny is if the Icelandic authorities issue warrants for any and all FBI officials and/or contractors who were are part of this, (and every single level of management up to Director), extradite them to Iceland pending charges and then say they have no right to defend themselves as they were not in Iceland at the time of the alleged crime so Icelandic law does not apply.

8
0

Re: So why bother to send a letter of request to a foreign country...

"I figure that what they should do is get a warrant for hacking the server, and once they locate the server either the server is in the USA at which point the warrant still stands"

well, yes and NO NO NO ;) Find out where the server is, then apply for a warrant if it's in the US. Otherwise apply to the relevant jurisdiction, via diplomatic channels if necessary, proving that criminal law has been broken in that jurisdiction. Not US law broken, relevant law broken: no-one gave the US legal system legislative control of the world.

6
0

Re: So why bother to send a letter of request to a foreign country...

Also there is the "legal attache" in the local US Embassy, usually an FBI Agent, with the job of handling cooperation, both ways, with the law enforcement systems of a foreign country. There are probably precedents over international financial crimes, and a warrant from a US court could be part of the process, evidence that a lawful investigation is taking place.

1
0
Silver badge
WTF?

Re: So why bother to send a letter of request to a foreign country...

People (and for this purpose that includes corporations) have been repeatedly found guilty of violating US law in other countries. The classic case is bribing foreign officials. So some sort of penumbra of US law does apply to US citizens operating in other countries. The interesting part is reconciling the CFAA with what law enforcement is saying as legal beyond the country's borders.

What I expect is that Italy will be first off the mark if this is done to any system within their borders. They've done it before to CIA operatives even if they had to try them in absentia.

0
0
Silver badge
Holmes

Re: So why bother to send a letter of request to a foreign country...

"[N]o-one gave the US legal system legislative control of the world." Well, yes everyone did by accepting the lone super-power paradigm. Personally I find that total bullshit even if I was part of the enforcement arm for over a decade.

0
0

illegal abroad surely

Isn't the FBI claiming they can do abroad things which would be illegal for thrmvto do in their own country, and which are rather likely to be illegal - criminal - in the country where the server is?

Odd interpretation.

21
0
Silver badge

Re: illegal abroad surely

Does this also mean that I can hack into US servers, because I'm a senior police officer in my own (self declared) small country? If there are any technical objections, I'll get the government (me) to enact laws to bypass them.

20
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017