Net Taps Without Warrants?

disappear writes "In the wake of yesterday's threats to cryptography, more ominous news: Wired News reports that a bill permitting warrantless Internet surveilance has been passed by the Senate." This is just part of the expected and unfortunate backlash from tuesday. The terrorists are winning simply because the govt. can use their threat as a blank check to take away our rights. The worst part is that this will do no good whatsoever. Does the govt really think that crypto export restrictions have prevented terrorists from having strong crypto?

Not as bad as it sounds

[Tattva]

This bill is quite limited in its scope, allowing only 48 hours to tap without approval and only for immediate threats to "National Security."

Many civil liberties are restricted during threats to "National Security." Ever heard of martial law and curfews?

Re:Not as bad as it sounds

[j_w_d]

You need to research the less talked about sides of government more. Martial law is comparatively limited and applies mostly to the use of military personnel to enforce public order. The president can instead issue a declaration of National Emergency per the National Emergencies Act and ALL constitutional rights as related to the emergency go away including the First Amendment and Habeas Corpus. To keep up with what is and is not a National Emergency, check the Federal Register.

PGP Links...

MIT PGP Link: http://web.mit.edu/network/pgp.html

International PGP Link: http://www.pgpi.org/

This is a bunch of CRAP.

[Heem]

Write your senators. NOW.

List of Senators and Contact info

Text of the debate and amendment

[jeffw]

Follow these links to read the Text of the Hatch-Feinstein "Combating Terrorism Act of 2001" and the floor debate over the amendment.

Sen. Leahy (D-VT) and Sen. Levin (D-MI) are the only ones asking for restraint and thought before bulling forward with this amendment to the Commerce, State and Justice appropriations bill (which is sure to pass).

FUD from Wired. Notice the "?" in the Headline.

[jazmataz23]

According to NPR, a much more reliable source of political information, this bill merely changes the regulatory jurisdiction of obtaining an electronic "wiretap". Previously, to "tap" an email, the prosecutors had to present the case for the warrant to every judge whose jurisdiction in which the the email passes. Meaning if I send an email from NC to NY judges in both my federal district and the federal district of the recient have to sign off on the warrant, as well as all those servers that pass the message on.

It is still very difficult to get a wiretap warrant, both for email and telephones; the burden of proof is extremely high. Now, I'm not saying illegal wiretaps are not done, but it's still just as difficult to get one legally. I'm not in law enforcement, but I'm also not a paranoiac. Mod me down for both acts of reason.:P

jaz

Re:Conventional and Unconventional Wars

[SmallTooth]

Great point. An article at CBC News quotes experts saying that the U.S. has invested in technology for spying while the French and Israelies have invested in human spies, the latter being much more effective.

Passing a bill to allow for unwarranted searches strikes me as being another reaction made by leaders who weren't born to lead.

Carnivore, facial recognition, et al

[Elxmon]

This week, Sen. Judd Gregg (R-New Hampshire) called for restrictions on privacy-protecting encryption products, and Carnivore's use appears on the rise.

This is precisely what I was worried about when talking with my friends the other day. Already an anti-encryption rider has passed through Congress with the $40 billion worth of aid. Once we start to let the government take one small thing away from us in the realm of privacy, we are more likely to allow more.

There is much talk of installing facial recognition software (which many people have pointed out has many flaws resulting in false matches) at airport concourses, customs and gates. Even furthur, there are those who are planning to install such things at sporting events like the Olympics much like they did at the Super Bowl last year.

What really concerns me is that most people seem to be accepthing this without question. Again I ask, who will be using this data? For what ends? With what warrants? How will they know what to check?

Write your congressional representatives and ask these questions. If they can't answer them well enough then this should not be allowed.

Any loss of freedom is a loss for all freedom.

Chris

Digging deeper I found..

[El_Smack]

...this in the amendment. Look under TitleVIII, terrorism.
Relevant clipped text:
"(a) IN GENERAL.--(1) Upon an application made under section 3122(a)(1) of this title, the court shall enter an ex parte order authorizing the installation and use of a pen register or trap and trace device if the court finds that the attorney for the Government has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation. The order shall, upon service of the order, apply to any entity providing wire or electronic communication service in the United States whose assistance is required by effectuate the order." My emphasis added.
This can be applied to much more than the 'net. I am glad to live in Utah, so I can NOT vote for the Honorable Sen. Hatch next election.

Re:FUD from Wired. Notice the "?" in the Headline.

[jafuser]

I watched this get passed on CSPAN last night.

It is still very difficult to get a wiretap warrant, both for email and telephones; the burden of proof is extremely high.

In the debate I witnessed on CSPAN, one of the opponents stated that the wording of the bill is loose enough that it allows a "wiretap" privledge to be given to anyone from an FBI agent down to a private investigator, for any reason, so long as they certify their request to a federal judge as being "relevant" to an investigation. Even then, the wording of the bill amendement says nothing to the effect that the judge makes a decision on the matter.

Here's the text, decide for yourself:

``(2) Upon an application made under section 3122(a)(2) of this title, the court shall enter an ex parte order authorizing the installation and use of a pen register or trap and trace device within the jurisdiction of the court if the court finds that the State investigative or law enforcement officer has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.''.

I don't see anything here about a burden of proof, however that may be part of the larger context.

LOOK AT THE AMENDMENT (Warning: LOTSA legal cites)

[camusflage]

In reality, it's bad. It's not TOTALLY bad. There are SOME protections in place. From the amendment:

(2) EXPANSION OF EMERGENCY CIRCUMSTANCES.--Section 3125(a)(1) of that title is amended--

(A) in subparagraph (A), by striking ``or'' at the end;

(B) in subparagraph (B), by striking the comma at the end and inserting a semicolon; and

(C) by inserting after subparagraph (B) the following new subparagraphs:

``(C) immediate threat to the national security interests of the United States;

``(D) immediate threat to public health or safety; or

``(E) an attack on the integrity or availability of a protected computer which attack would be an offense punishable under section 1030(c)(2)(C) of this title,''.

Yes, this is scary stuff. Pay attention to section (E) and you'll see that it only refers to those crimes which 18USC1030(c)(2)(C) applies. From that section:

(3)(A) a fine under this title or imprisonment for not more
than five years, or both, in the case of an offense under
subsection (a)(4), (a)(5)(A), (a)(5)(B), or (a)(7) of this
section which does not occur after a conviction for another
offense under this section, or an attempt to commit an offense
punishable under this subparagraph; and

Now, let's go looking at (a)(4), (a)(5)(A), (a)(5)(B), or (a)(7), for those of you with clean sheets (if you don't have one, you're hosed, as pretty much anything under 18USC1030 gets punished under (c)(2)(C) if you're a repeat offender, as the other portions of (c)(2)(C) point out):

(4) knowingly and with intent to defraud, accesses a protected
computer without authorization, or exceeds authorized access, and
by means of such conduct furthers the intended fraud and obtains
anything of value, unless the object of the fraud and the thing
obtained consists only of the use of the computer and the value
of such use is not more than $5,000 in any 1-year period;
(5)
(A) knowingly causes the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally causes damage without authorization, to a protected
computer;
(B) intentionally accesses a protected computer without
authorization, and as a result of such conduct, recklessly causes
damage; or
...
(7) with intent to extort from any person, firm, association,
educational institution, financial institution, government
entity, or other legal entity, any money or other thing of value,
transmits in interstate or foreign commerce any communication
containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.

Note that (a)(5)(C) was specificially excluded:

(C) intentionally accesses a protected computer without
authorization, and as a result of such conduct, causes damage;

Subtle shading between (a)(5)(B) and (a)(5)(C), but the key is recklessly causing damage versus simply causing damage.

Essentially, going item by item, if you

(4) Steal from (ie, intent to defraud),
(5)(A) 0wN,
(5)(B) Cr4cK, or
(7) trade data for money

then you're open to this, according to the law . Now, all the white hats, and an overwelming majority of the grey hats, can likely agree to these conditions. That being said.. There are enough loopholes here to drive a truck through, and I doubt that prosecutors will take the full time to research those specific sections of 18USC1030 which this newfound power would allow them to use. Three cheers to the first person who beats the "slam dunk" case because a prosecutor got a little too zealous in their wiretap and blows the chain of evidence right at the start.

Now, let's look at what this law does NOT cover from 18USC1030. Let's kick it first with (a)(2) and (a)(3).

(2) intentionally accesses a computer without authorization or
exceeds authorized access, and thereby obtains -
(A) information contained in a financial record of a
financial institution, or of a card issuer as defined in
section 1602(n) of title 15, or contained in a file of a
consumer reporting agency on a consumer, as such terms are
defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et
seq.);
(B) information from any department or agency of the United
States; or
(C) information from any protected computer if the conduct
involved an interstate or foreign communication;
(3) intentionally, without authorization to access any
nonpublic computer of a department or agency of the United
States, accesses such a computer of that department or agency
that is exclusively for the use of the Government of the United
States or, in the case of a computer not exclusively for such
use, is used by or for the Government of the United States and
such conduct affects that use by or for the Government of the
United States;

Wait a second... You can hack (without the non-judicial wiretap, though you're still fux0red under existing law) BANKS, THE GOVERNMENT, AND ANYTHING ELSE, so long as you're not under (a)(4), (a)(5)(A), (a)(5)(B), or (a)(7) as well.

Even further, under (a)(6), also not covered under the Anti-Cyberterrorism amendment, you can keep trading passwords (without the non-judicial wiretap--again, you're fux0red under current law though).

(6) knowingly and with intent to defraud traffics (as defined
in section 1029) in any password or similar information through
which a computer may be accessed without authorization, if -
(A) such trafficking affects interstate or foreign commerce;
or
(B) such computer is used by or for the Government of the
United States;

In all, it's pretty bad, but they could've done worse. If you give ANYONE the legal authority to wiretap without judicial oversight, you're giving a monkey a loaded revolver. In this case, however, the monkey's more likely to shoot itself than it is to shoot you.

ObDisclaimer: I am not a lawyer, but I play one on Slashdot.

The Senate Can Pass Any Damn Thing It Wants

[the+eric+conspiracy]

However the Fourth Amendment to the Constitution places limits on what the government can do. If this measure indeed offers warrantless surveilance, the Supreme Court may well find that it contravenes the Fourth Amendment.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause,
supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

1st ammendment

[kevinqtipreedy]

governments all over are using this as a blank check. In a chicago suburb (Oak Lawn) there have been many peacful rallies. and now the village has delivered memos to all schools and public places that peaceful and unpeaceful assembly is illegal. i called them up and they said to write a letter and hung up.

Columnist calls for Draconian Net-crackdown

[Noxxus]

This surfaced on Declan McCullagh's Politechbot list this evening:

http://www.politechbot.com/p-02514.html

In an opinion column in the London Daily Telegraph, John Keegan calls
for a combined US/Russian/British invasion of Afghanistan:

http://www.dailytelegraph.co.uk:80/dt?ac=0060262 32 037638&rtmo=pUsM4USe&atmo=rrrrrrrq&pg=/01/9/14/do0 1.html

He then goes on to say, and I quote:

==========

"There are other current movements of which to take note, as yet
insubstantial but certain to gather concrete form. One is the retreat of
human rights lawyers from the forefront of public life. America in a war
mood will have no truck with tender concern for constitutional
safeguards of the liberty of its enemies. The other, which ordinary
Americans will have to learn to bear, is interference with their liberty
of instant electronic access to friends and services."

"The World Trade Centre outrage was co-ordinated on the internet,
without question. If Washington is serious in its determination to
eliminate terrorism, it will have to forbid internet providers to allow
the transmission of encrypted messages - now encoded by public key
ciphers that are unbreakable even by the National Security Agency's
computers - and close down any provider that refuses to comply."

"Uncompliant providers on foreign territory should expect their
buildings to be destroyed by cruise missiles. Once the internet is
implicated in the killing of Americans, its high-rolling days may be
reckoned to be over."

==========

The "Torygraph" is the most conservative of Britain's serious
newspapers, and is edited from (IIRC) the 30th floor of London's tallest
office tower, which overlooks London City Airport, from which STOL
planes take off pointing straight at the tower. I know, I've been there
myself, it scared me then. Their fear is excusable. Their
bloodthirstiness is understandable. Their stupidity is neither.

Ken Brown