Slashdot Mirror
Precedent for Warrantless Net Monitoring Set
highcon writes "According to this editorial from SecurityFocus, a recent case of a drug dog which pushed the limits of "reasonable search" may have implications for Internet communications in the U.S. This Supreme Court case establishes a precendent whereby "intelligent" packet filters may be deployed which, while scanning the contents of network traffic indiscriminently, only "bark" at communication indicative of illegal activity."
The current rules on Internet snooping are based on the metaphor of an envelope... anybody can look at the addressing data on the outside of an envelope, but the contents within are private. This is a pretty nice metaphor, considering the possible options...
- Dog search metaphor: This is what the article is suggesting, a binary test can be used to see if the packet needs more inspecting. If the binary test comes back positive, it represents probible cause to break the seal.
- Postcard metaphor: An IP packet is really closer to a postcard, in that the datagram portion isn't really secured inside anything, it's out there for plain view.
- Shopping mall metaphor: The Internet is like a shopping mall. The government doesn't own the mall, but the owners might invite the police to establish a checkpoint at the door because any possible crime is bad for their business. Anything they see/hear from their perch there is fair game, especially if everybody sees that there are officers there.
So law enforcement can just sit with a packet filter scanning for the word "drugs"? That's just absurd. If law enforcement has reason to believe that an individual is committing illegal acts, they can go and get a warrant. Thanks to FISA, that's not the most difficult task. However, this isn't like a drug deal on a street corner; this is more analagous to being able to tap everybody's cell phone, hoping to find one or two people selling drugs.
A real blow to the Constitution.
before it gets better with regards to all of this. Everyone should be writing their rep's, running for office, something so we don't start going down that 'slippery slope'.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety
It's common for someone who has already been caught doing something illegal to be searched.
If the police randomly did a drug sniff at the local supermarket, they would get their asses handed to them.
Check out my sci-fi/humor trilogy at PatriotsBooks.
When you can no longer rely on the law to protect your privacy the time comes to take things into your own hands. Should this get applied to the internet I see a rather good reason to push for the encryption of all transmitted data.
This is precisely what an IDS tends to do. Unfortunately, not only is it trivial to do, it's also something that's essentially COTS (commercial off-the-shelf).
Yet another reason encryption needs to be widespread not only in availability, but in practice.
500GB of disk, 5TB of transfer, $5.95/mo
As this anonymous post on security focus points out:
The obvious error in this analysis is that the relevant privacy protections that apply online are statutory, not constitutional. So they are unaffected by Caballes.
My pics.
I like this
Everyone who visited blackboxvoting.org before a year ago was supposedly put onto an FBI watchlist. There are more details on the website.
I say this because I know that this includes most slashdotters, and because it is on topic to the article. I'm not sure if is true, but I do know that recently I am 7/7 for getting frisked at airports. Perhaps it is possible that everyone who visited this website is now in the airline shit list database.
I don't mean to sound paranoid, but the issues here are very real whether people realize them or not.
Kerry would have had absolutely zero effect on this decision whatsoever, but it doesn't surprise me in the least that someone who wishes to make that connection would himself not have clue one about the Constitution.
Amendment 3: No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.
The article brings up an interesting question: Can a machine violate your privacy?
Consider the hypothetical(?) packet sniffer that alerts on packets that contain evidence of criminal activity but lets all other packets go on without an alert.
If the authorities never see the contents of the packets for themselves, has a search really been made?
Can a machine/program violate your privacy if no one gets to see what the program has seen?
If the government were to try and sniff a large number of packets in the manner described they would be impossible to collect ones that are only illegal. They would have the same sort of situation I experienced when I installed snort and turned on everything. Spade was freaking out at me about once every 5 seconds, I was getting warnings about unicast ARP attacks and port-scans all over the place. How can you tell what constitutes a packet containing illicit transmissions? There would be so many false alarms that they wouldn't be able to do anything with that data. What if it was an encrypted communication? They can't just flag all encrypted stuff because legitimate transactions are encrypted all the time. A lot of people doing nothing wrong would be put under suspicion no matter what algorithm they were using. Therefore doing what is described is next to impossible.
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
You know that the article writer is a hack because he's trying to write legal analysis and doing it outside of law review journals. And you know he's really bad because not only does not not cite any authority whatsoever in his article, but he doesn't even give the actual name of the case. He just says that a case about Caballes was decided by the Supreme Court last month. Lawyers are precise. Good lawyers are precise and correct. This guy is neither.
In case anyone is wondering, the actual case is Illinois v. Caballes, 73 U.S.L.W. 4111. It's not in the US Reports yet, apparently. The Lexis cite is 2005 U.S. LEXIS 769.
Lexis' short synopsis of the case and the Supreme Court's holding is: The U.S. Supreme Court granted certiorari on the question of whether the Fourth Amendment required reasonable, articulable suspicion to justify using a drug-detection dog to sniff a vehicle during a legitimate traffic stop. The state trial court concluded that the duration of the stop was entirely justified by the traffic offense and the ordinary inquiries incident to such a stop. The state supreme court concluded that because the canine sniff was performed without any specific and articulable facts to suggest drug activity, the use of the dog unjustifiably enlarged the scope of a routine traffic stop into a drug investigation. The U.S. Supreme Court held that the use of a well-trained narcotics-detection dog--one that did not expose noncontraband items that otherwise would have remained hidden from public view--during a lawful traffic stop, generally did not implicate legitimate privacy interests. The dog sniff was performed on the exterior of respondent's car while he was lawfully seized for a traffic violation. Any intrusion on respondent's privacy expectations did not rise to the level of a constitutionally cognizable infringement.
My personal and immediate thought on this is that the closest analogy to the Internet acceptable to the Court would be if you can tell from an IP packet header ("performed on the exterior") that its contents are suspect, then you can open it up for inspection. However, my opinion is exactly as binding on anyone's behavior as is the article - specifically, it isn't at all.
Do a google search for "Pen Registers" or "Tap and Trace". Apparently, back before the internet, the government decided that they didn't need a warrant to put a little device on people's phone lines that just gave them a list of the numbers that were called and recieved, as long as it didn't monitor the conversation.
This carries over to email. The FBI can request a list of everyone your email account emailed, and everyone that emailed you without a warrant. Yahoo has at least 6 employees who's entire job is to just give this information to the government all day. The figure I heard was about 1 request per thousand users per year.
You may say, "great, I use my own domain for email", but once 1/2 of all email goes to Yahoo, MSN, Google, and AOL, all the governement has to do is ask them a list of 1/2 the people you emailed.
I'm surpised that this doesn't bother more people. I mean, chances are it happened to a few slashdot users today.
Between the US Patriot (??) Act and John Ashcroft's computer program (I have forgotten the name), this is a very real possiblity. Here is the real problem. Everyone 'sins' - If they want to attack you they can do so with impunity now. It seems to me that this is how the Roman Republic and then Empire fell. Abuse of power by those at the top.. 1984 is not far away.
This message was brought to you by "Lack of Sleep."
Criminals will just use the best available encryption to cover their crimes. This kind of thing is only going to effect regular people and the casual criminal.
Drugs give off molecules that anything with a sensitive enough nose can detect. A drug dog need not actually inspect a package full of heroin to smell it.
Have you ever been someplace right after someone just finished smoking weed? Same principle, but dogs can smell much better than we can.
If they want to liken the internet and packet sniffing to drug dogs, any time someone's engages in illicit activity on their computer they would need to drop millions of post it notes declaring somewhere.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Of course the democrat in me says this is all Bush's fault. OOO he makes me so mad!
The court ruled that because the dog only responded to drugs, that the search was perfectly reasonable and upset no privacy concerns. It is assumed that the dog discovers only drugs and that it is infalliable. Because all it does is look for drugs or no drugs, and there is no legitimate privacy concern around having drugs, the search is legit.
This is not applicable in many ways to the internet because the word drugs is not illegal. The words let's bomb the world trade center is not illegal. Nothing you do in your e-mail can be scanned, because nothing you do in your e-mail can be cleanly illegal.
On the other hand, if you're trading files, your MP3's might be checksummed and used against you in a court of law. However, this has already happened anyway, so what's the point in fighting this new justification?
This is an interesting non-issue, really.
The ______ Agenda
Fine, true enough about Carnivore's retirement. If you want to be pedantic, do this on my post: :%s/Carnivore/tcpdump/g ...or Ethereal, or any other packet sniffer/logger. Throw in some AI to parse all those packets and check for data the feds would consider "of interest".
Happy? My main point remains regardless of the technology the FBI chooses...
Is Capitalism Good for the Poor?
It surely isn't the Netherlands, since drugs (including softdrugs) are illegal over there as well.
It is a common misconception that drugs are legal in Holland, while actually all drugs are still forbidden by law. However there are a number of permissive regulations that state that:
- If you are an individual with less than 5 grams of cannabis (hash/weed), police will ignore you.
- You can grow your own plants for your personal use (maximum 5 plants, no technical aids such as lamps... otherwise everything will be impounded and you're fair game for prosecution).
- You can open an establishment for selling cannabis, provided you abide with a whole number of regulations (including: no commercials, no admittance to minors, no selling of alcoholic beverages -- hence the name "coffeeshop", no selling of harddrugs, no selling of more than 5 grams per transaction, no total stock of more than 500 grams).
These rules and regulations are set country-wide, municipalities can add more regulations (restrict coffeeshops to specific areas, opening times,Ironically, there's no legal way for coffeeshops to get their drugs so even that's illegal.
Police can still decide to prosecute for any of the above if it's causing problems in any kind of way (i.e.: you're stealing to get drugs, the clients of a coffeeshop are wrecking the street, ...)
While the Netherlands is pretty liberal and permissive about softdrugs, it's far from legal and you still can get arrested for it.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
Well, what about the other two prongs to be considered?...
1)Dog sniffed out marijuana during a legitimate traffic stop.
2)Whether there's a legitimate privacy interest being protected.
The first prong would still require some appropriate reason ('probable cause' created by dog) to investigate an individual's packets, and only until a reasonable point (free from being unduly detained) under the Fourth Amendment.
Admittedly, an automated packet sniffer might fit this definition, although whether such a sniffer would be 'sui generis' like the dog, I don't know, but I suspect not. [Here is where a law review article might be useful.]
Second, the case here is over possession of drugs, whereas packets may be more like communication that would be entitled to constitutional privacy interests.
Besides, SCOTUS did decide to determine the question narrowly, saying "The question on which we granted certiorari, 541 U.S. 972, 159 L. Ed. 2d 84, 124 S. Ct. 2219 (2004), is narrow: "Whether the Fourth Amendment requires reasonable, articulable suspicion to justify using a drug-detection dog to sniff a vehicle during a legitimate traffic stop."" limiting its potential application to online packet sniffing.
It seems like "they" (lawmakers, judges, whoever has the power at the moment) are constantly redrawing the lines of the law. Now, looking at this, it could be argued that an enforcement official could be required to get a warrant to examine the contents of a packet that such a watchdog system had flagged, but that's ridiculous. They can just build up a vault full of data on each user, and when the time comes, they can find a violation based on the cumbersomely large volume of laws on the books. In the long run, little adjustments in what constitutes "right," like this, are just baby steps.
At what point will they finally abandon the rhetoric of "freedom?" At what point will the system at large collapse into totalitarianism on one extreme or anarchy on the other?
(I myself would prefer the anarchy, as then there would be a lag time before some charismatic group of jerks convinces a majority that their version of "right" is worth imposing.)
What this means, is that you shouldn't be waiting for the courts to uphold the 4th, because even if they do it, your privacy will still not be very well protected.
Everything should be encrypted. And if that happens to protect you against government intrusion, consider that a welcome side-effect.
The pot analogy is this: suppose your car is leaking an odor into the public air. Maybe this odor is of interest to police dogs, but remember that it's also of interest to insurance companies, blackmailers, thieves, marketers, gossipers, etc. You already have a problem, regardless of whether or not you're doing anything illegal, and regardless of whether or not the government is allowed to break into your car without your consent or a warrant.
Quit focusing on Big Brother when you have a dozen little brothers. You need to stop the information leak, not try to impose rules-of-honorable-conduct upon just one of the parties that may be spying on you.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Don't be so smug.
MD5 was thought to be secure, but was broken.
Factoring isn't a provably hard problem, either. It's an open question.
If factoring breaks, RSA breaks. If SHA1 breaks, so does a lot of GPG/PGP and SSL. If you are using MD5, things are already broken for you.
Just because it CAN be done, doesn't mean it should!
Never. It's the veil they use to cover their activities.
I recently went on a flight for the first time in 20 years. When I got to the security checkpoint, there were dozens of people there going through metal detectors, having their luggage x-rayed and sniffed, and holding their hands up while guards waved those silly wands all over them.
Overhead were giant homeland security banners with pictures of soaring eagles that said "Freedom!". Wished I'd have had my camera.
The Court was right: there is no right of privacy to conceal illegal material.
If this driver had smelled of alcohol, a search of the car for containers of alcohol would have been appropriate. In this case, the dog was there, reported the odor of marijuana, and a search ensued.
This ruling should not be interpreted as carte blanche for police to search every car stopped for soe other violation.
The SecurityFocus piece that tries to expand on the packet "sniffing" metaphor is just one more obvious reason why geeks don't make good lawyers.
-- Slashdot: When Public Access TV Says "No"