Slashdot Mirror
Precedent for Warrantless Net Monitoring Set
highcon writes "According to this editorial from SecurityFocus, a recent case of a drug dog which pushed the limits of "reasonable search" may have implications for Internet communications in the U.S. This Supreme Court case establishes a precendent whereby "intelligent" packet filters may be deployed which, while scanning the contents of network traffic indiscriminently, only "bark" at communication indicative of illegal activity."
So law enforcement can just sit with a packet filter scanning for the word "drugs"? That's just absurd. If law enforcement has reason to believe that an individual is committing illegal acts, they can go and get a warrant. Thanks to FISA, that's not the most difficult task. However, this isn't like a drug deal on a street corner; this is more analagous to being able to tap everybody's cell phone, hoping to find one or two people selling drugs.
A real blow to the Constitution.
before it gets better with regards to all of this. Everyone should be writing their rep's, running for office, something so we don't start going down that 'slippery slope'.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety
It's common for someone who has already been caught doing something illegal to be searched.
If the police randomly did a drug sniff at the local supermarket, they would get their asses handed to them.
Check out my sci-fi/humor trilogy at PatriotsBooks.
When you can no longer rely on the law to protect your privacy the time comes to take things into your own hands. Should this get applied to the internet I see a rather good reason to push for the encryption of all transmitted data.
It's not necessarily that they don't understand technology, but rather that they (meaning the Supreme Court) do everything they can to forge opinions that will be reasonably applicable to a variety of situations, so that people don't end up appealing fifty slightly different but analogous cases to the Court.
The dog search metaphor may or may not be as obvious to a court as it is to the article's author. Time will tell as this decision is applied in the lower federal courts, until someone appeals one of those decisions up again and gets it either explicitly applied, explicitly limited, or explicitly overruled.
The article brings up an interesting question: Can a machine violate your privacy?
Consider the hypothetical(?) packet sniffer that alerts on packets that contain evidence of criminal activity but lets all other packets go on without an alert.
If the authorities never see the contents of the packets for themselves, has a search really been made?
Can a machine/program violate your privacy if no one gets to see what the program has seen?
They legitimitely pulled over someone for a violation. Technically, when this happened, you are "arrested." If they were found to have been pulled over falsely, I would hope that the conviction would have been quicly overturned (for having no probable cause at all)
If the case were such that a dog sniffed a guy out in public just walking down the street, and he was detained and arrested for having a joint, then it would apply to random packet sniffing, but this is not quite the case.
I don't like the supreme court's wording (no legitamite reason for carrying contraband) Because, what if the dog incorrectly assessed this? If they opened the trunk, thanks to "probable cause" and it was a false positive-- well, then their rights have been seriously violated. It sounds like the court was operating under the assumption that the dog will be right 100% of the time, and to me, THAT is the biggest flaw in this-- not that it might be stretched dramatically to justify a carnivore-type prosecution..
Criminals will just use the best available encryption to cover their crimes. This kind of thing is only going to effect regular people and the casual criminal.
Drugs give off molecules that anything with a sensitive enough nose can detect. A drug dog need not actually inspect a package full of heroin to smell it.
Have you ever been someplace right after someone just finished smoking weed? Same principle, but dogs can smell much better than we can.
If they want to liken the internet and packet sniffing to drug dogs, any time someone's engages in illicit activity on their computer they would need to drop millions of post it notes declaring somewhere.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Of course the democrat in me says this is all Bush's fault. OOO he makes me so mad!
The court ruled that because the dog only responded to drugs, that the search was perfectly reasonable and upset no privacy concerns. It is assumed that the dog discovers only drugs and that it is infalliable. Because all it does is look for drugs or no drugs, and there is no legitimate privacy concern around having drugs, the search is legit.
This is not applicable in many ways to the internet because the word drugs is not illegal. The words let's bomb the world trade center is not illegal. Nothing you do in your e-mail can be scanned, because nothing you do in your e-mail can be cleanly illegal.
On the other hand, if you're trading files, your MP3's might be checksummed and used against you in a court of law. However, this has already happened anyway, so what's the point in fighting this new justification?
This is an interesting non-issue, really.
The ______ Agenda
I assume that using encryption is one of the things that will trigger a packet as suspicious.
Then it'll trigger on every internet shopping spree. That is so far outside of 'only alerting on illegal activity' that I don't see even this Court upholding it.
It surely isn't the Netherlands, since drugs (including softdrugs) are illegal over there as well.
It is a common misconception that drugs are legal in Holland, while actually all drugs are still forbidden by law. However there are a number of permissive regulations that state that:
- If you are an individual with less than 5 grams of cannabis (hash/weed), police will ignore you.
- You can grow your own plants for your personal use (maximum 5 plants, no technical aids such as lamps... otherwise everything will be impounded and you're fair game for prosecution).
- You can open an establishment for selling cannabis, provided you abide with a whole number of regulations (including: no commercials, no admittance to minors, no selling of alcoholic beverages -- hence the name "coffeeshop", no selling of harddrugs, no selling of more than 5 grams per transaction, no total stock of more than 500 grams).
These rules and regulations are set country-wide, municipalities can add more regulations (restrict coffeeshops to specific areas, opening times,Ironically, there's no legal way for coffeeshops to get their drugs so even that's illegal.
Police can still decide to prosecute for any of the above if it's causing problems in any kind of way (i.e.: you're stealing to get drugs, the clients of a coffeeshop are wrecking the street, ...)
While the Netherlands is pretty liberal and permissive about softdrugs, it's far from legal and you still can get arrested for it.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
Anything that the sniffer can't parse would trigger that then.
If you can't parse something, from the code's view, it can either be encrypted or innocent data. How exactly would it be able to tell the difference? It can't. It's either something it understands or something encrypted.
If the thing was coded to ignore things it couldn't parse, then what happens if you simply make up your own algorithm (just use ROT13 or something) on top of the PGP/RSA/whatever? It would be nearly pointless.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
It seems like "they" (lawmakers, judges, whoever has the power at the moment) are constantly redrawing the lines of the law. Now, looking at this, it could be argued that an enforcement official could be required to get a warrant to examine the contents of a packet that such a watchdog system had flagged, but that's ridiculous. They can just build up a vault full of data on each user, and when the time comes, they can find a violation based on the cumbersomely large volume of laws on the books. In the long run, little adjustments in what constitutes "right," like this, are just baby steps.
At what point will they finally abandon the rhetoric of "freedom?" At what point will the system at large collapse into totalitarianism on one extreme or anarchy on the other?
(I myself would prefer the anarchy, as then there would be a lag time before some charismatic group of jerks convinces a majority that their version of "right" is worth imposing.)
Besides, even if a criminal DID send such a message, it is difficult to prove (in court) that they sent it. Try proving davethedrugdealer@yahoo.com is someone in particular. I imagine if dealers WERE going to use the net to communicate, it might look like:
So, these guys are looking for more privacy-invading abilities so they can catch stupid and careless criminals who outline their crimes in electronic messages and send valuable data to one another without encryption. You don't need special powers or technology to catch those sorts of criminals. All you need is a couple of minutes and a butterfly net.
--This sig is in beta. Please let us know abut any errors you find.
Except that that's not going to happen here. I very seriously doubt they're going to _stop_ packets, inspect them, and if they're OK send them on their way -- it would pretty much kill TCP streams.
What they're much more likely to do -- and if you think about it, that's what snoopers do anyway -- is just grab a copy of the packet and inspect it. If it's 'evil', they can move forward from there (what's the source/destination IP, etc?).
So you're not going to get your intercepted packet back -- and you wouldn't want it, of course, because that would also be annoying to TCP (though TCP will happily deal with duplicate packets arriving -- it'll just discard the duplicate. But it _is_ more traffic to go through your connection, and since TCP's going to drop it before any presentation layer that can see that it's been inspected (because they added to payload or something -- and hopefully re-calculated checksums), you're never going to see it anyway.
What this means, is that you shouldn't be waiting for the courts to uphold the 4th, because even if they do it, your privacy will still not be very well protected.
Everything should be encrypted. And if that happens to protect you against government intrusion, consider that a welcome side-effect.
The pot analogy is this: suppose your car is leaking an odor into the public air. Maybe this odor is of interest to police dogs, but remember that it's also of interest to insurance companies, blackmailers, thieves, marketers, gossipers, etc. You already have a problem, regardless of whether or not you're doing anything illegal, and regardless of whether or not the government is allowed to break into your car without your consent or a warrant.
Quit focusing on Big Brother when you have a dozen little brothers. You need to stop the information leak, not try to impose rules-of-honorable-conduct upon just one of the parties that may be spying on you.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Don't be so smug.
MD5 was thought to be secure, but was broken.
Factoring isn't a provably hard problem, either. It's an open question.
If factoring breaks, RSA breaks. If SHA1 breaks, so does a lot of GPG/PGP and SSL. If you are using MD5, things are already broken for you.
Just because it CAN be done, doesn't mean it should!
The Supreme Court doesn't have to hear a case. So time won't be the deciding factor. The Supreme Court members and their conscience will be.
G. W. "internets" Bush will be deciding the next couple of members, so don't expect very tech friendly opinions.
(1/3)^18 = 1/387,420,489 - so the odds are not quite as staggering, although still bad. But you probably fit a common profile that they use. For example, travelling to Cali regularly. Maybe short trips? Little Luggage?
no taxation without representation!
Never. It's the veil they use to cover their activities.
I recently went on a flight for the first time in 20 years. When I got to the security checkpoint, there were dozens of people there going through metal detectors, having their luggage x-rayed and sniffed, and holding their hands up while guards waved those silly wands all over them.
Overhead were giant homeland security banners with pictures of soaring eagles that said "Freedom!". Wished I'd have had my camera.
The Court was right: there is no right of privacy to conceal illegal material.
If this driver had smelled of alcohol, a search of the car for containers of alcohol would have been appropriate. In this case, the dog was there, reported the odor of marijuana, and a search ensued.
This ruling should not be interpreted as carte blanche for police to search every car stopped for soe other violation.
The SecurityFocus piece that tries to expand on the packet "sniffing" metaphor is just one more obvious reason why geeks don't make good lawyers.
-- Slashdot: When Public Access TV Says "No"
Actually, tech-friendly has nothing to do with it. I suspect Bush is likely to appoint people more like Scalia than Ginsburg, which is a good thing. Scalia is a textualist, which is what we want - those are the guys who read the document and tell you "You know what, it may really suck that people can burn flags, but it says here that we can't stop them." (not a direct quote, but it expresses his opinion in one such case)
If the goverment starts "sniffing" internet packets, unless the software is so good it never generates false positives, then a human will have to go in and verify that the packet did indeed contain some form of prohibited activity. That would violate expectations of privacy and probably get any cases dismissed on grounds of illegal search.