Precedent for Warrantless Net Monitoring Set

highcon writes "According to this editorial from SecurityFocus, a recent case of a drug dog which pushed the limits of "reasonable search" may have implications for Internet communications in the U.S. This Supreme Court case establishes a precendent whereby "intelligent" packet filters may be deployed which, while scanning the contents of network traffic indiscriminently, only "bark" at communication indicative of illegal activity."

Thy don't understand tech, they use metaphors

[LostCluster]

The current rules on Internet snooping are based on the metaphor of an envelope... anybody can look at the addressing data on the outside of an envelope, but the contents within are private. This is a pretty nice metaphor, considering the possible options...

- Dog search metaphor: This is what the article is suggesting, a binary test can be used to see if the packet needs more inspecting. If the binary test comes back positive, it represents probible cause to break the seal.
- Postcard metaphor: An IP packet is really closer to a postcard, in that the datagram portion isn't really secured inside anything, it's out there for plain view.
- Shopping mall metaphor: The Internet is like a shopping mall. The government doesn't own the mall, but the owners might invite the police to establish a checkpoint at the door because any possible crime is bad for their business. Anything they see/hear from their perch there is fair game, especially if everybody sees that there are officers there.

Re:Thy don't understand tech, they use metaphors

[ari_j]

It's not necessarily that they don't understand technology, but rather that they (meaning the Supreme Court) do everything they can to forge opinions that will be reasonably applicable to a variety of situations, so that people don't end up appealing fifty slightly different but analogous cases to the Court.

The dog search metaphor may or may not be as obvious to a court as it is to the article's author. Time will tell as this decision is applied in the lower federal courts, until someone appeals one of those decisions up again and gets it either explicitly applied, explicitly limited, or explicitly overruled.

Re:Thy don't understand tech, they use metaphors

[dourk]

When the post office re-seals your envelope, they put a nice sticker on it saying that it was opened.

If my packet is sniffed, and barked at, and later determined to be innocent (sometimes the dogs are wrong), will there be some nice header in my transmission letting me know they took a peek?

That'll be a big hint that I need to start using encryption.

Re:Thy don't understand tech, they use metaphors

[Lucky_Norseman]

I assume that using encryption is one of the things that will trigger a packet as suspicious.

Re:Thy don't understand tech, they use metaphors

[Aneurysm9]

hmm, there may be use for the Evil Bit after all!

Re:Thy don't understand tech, they use metaphors

[X0563511]

Anything that the sniffer can't parse would trigger that then.

If you can't parse something, from the code's view, it can either be encrypted or innocent data. How exactly would it be able to tell the difference? It can't. It's either something it understands or something encrypted.

If the thing was coded to ignore things it couldn't parse, then what happens if you simply make up your own algorithm (just use ROT13 or something) on top of the PGP/RSA/whatever? It would be nearly pointless.

What ever happened to the Constitution?

[raistphrk]

So law enforcement can just sit with a packet filter scanning for the word "drugs"? That's just absurd. If law enforcement has reason to believe that an individual is committing illegal acts, they can go and get a warrant. Thanks to FISA, that's not the most difficult task. However, this isn't like a drug deal on a street corner; this is more analagous to being able to tap everybody's cell phone, hoping to find one or two people selling drugs.

A real blow to the Constitution.

Re:What ever happened to the Constitution?

[tomstdenis]

From a practical standpoint if you rely on plaintext packets over the net for "privacy" you're not too smart. Things like SSH, SSL and GPG were invented to take care of this.

As I've maintained in my past the biggest thing that upsets me about things like this is just the incredible waste of resources for small returns.

They'll spend billions on super computers [from $INSERT_CORPORATION_HERE] so the "good ol boys" club gets fed then they'll catch 1 or 2 extra people a year for selling a drug....

Meanwhile they'll let the roads, hospitals and schools rot. So that in say 20 years when kids can read only 37% of Hamlet in school [and not contigious] and get a good 43% of their Algebra lessons they'll be safe in knowing that the government sacrificed their education for a whopping 0.0001% more security!

So really they're going to go out with your money to protect you but in the end you might as well give it up if you're relegated to a quiet life of "Welcome to walmart".

And if you think I'm talking out of my ass, I come from Canada, a more socialist country and even our text books are "old and in disrepair". Like my shakespear texts had my cousins signatures in them... They're also about 15 years older than I am...

Tom

Re:What ever happened to the Constitution?

[ari_j]

The article is not even persuasive authority to a court. It's an amateur interpretation of a court decision that attempts to make an analogy. As you point out, the analogy is very weak. Since it is not even in a law review journal, nobody in the legal field is going to pay an iota of attention to it, and no court will care about it.

Now, if the courts did extend the analogy as the article makes it sound has already been done, it would be a real blow to the Constitution, notwithstanding the Anonymous Coward sibling to this comment. What that sibling fails to recognize is that deciding that Internet traffic is not among the "persons, houses, papers, and effects" made safe from "unreasonable searches and seizures" by the Fourth Amendment is itself a blow to the Constitution, because it's the equivalent of saying that the Constitution is of little to no effect in the 21st century.

Personally, I don't see the Supreme Court making the leap that the article thinks it already has. The Rehnquist Court has gone back to the text of the Constitution more than any Court since 1937, when FDR scared the Court into acceding to his wishes and giving Congress and the Presidency more power than the Constitution allows (and then giving the Presidency much of Congress's power for good measure). They have been working their way backwards and, as Justice Scalia put it, have to tear the house that was built apart, piece by piece.

Re:What ever happened to the Constitution?

[Happy+go+Lucky]

There is also frequently a connection to drug use, thus the fact that the vehicle was speeding is automatically sufficient cause to search a vehicle for drugs, even if only to add the potential for DWI charges.

Nope.

The controlling legal authority is the Fourth/Fourteenth Amendment, mandating freedom from unreasonable search. This is best viewed in the light of Katz v. United States, in which the Nine Worthies declared that searches into any area required justification, when a person had a reasonable expectation of privacy.

Your car isn't the same as your home, with the same protection. It is, however, more private than not. A search by a police officer may not require a warrant, but it does require some sort of legal justification, such as probable cause (facts and circumstances which would lead a reasonable officer to believe that evidence of a crime is present)

Speeding is evidence of speeding. It could possibly be evidence of drug/alcohol impairment, depending upon what else is going on. It could be a piece of circumstantial evidence for any number of things. It does not, however, automatically justify a search.

And I never charge DUI/DUID off of a vehicle search. I charge DUI/DUID off of my observations of the driver's manual dexterity and ability to focus and concentrate, and my observations of the vehicle in motion, and the alcohol/drug test justified by said observations. The mere presence of drugs does not imply the consumption of said drugs strongly enough to charge DUI, absent other evidence.

Re:What ever happened to the Constitution?

[Aneurysm9]

Since it is not even in a law review journal, nobody in the legal field is going to pay an iota of attention to it, and no court will care about it.

Sorry to burst your bubble, but I've been working on a comment for a law review on just this very topic. I'll be looking a bit more broadly at expectations of privacy in communications over publicly accessible networks, but this is certainly a decision I will have to discuss. The thing about the Supreme Court is that they don't want to have to address every situation that can conceivably come before them. So, they will often speak in broad language when they feel it is appropriate to address a whole range of issues with a single decision. This may be of that type since they discuss the legitimacy of privacy interests in illegal activity and not just the interest of this person in the privacy of the contents of his trunk. That leads to the obvious question: well, then, what is the legitimacy of an expectation of privacy in electronic communications regarding illegal activity?

Encryption Time

[Warskull]

When you can no longer rely on the law to protect your privacy the time comes to take things into your own hands. Should this get applied to the internet I see a rather good reason to push for the encryption of all transmitted data.

Next to impossible

[Cow007]

If the government were to try and sniff a large number of packets in the manner described they would be impossible to collect ones that are only illegal. They would have the same sort of situation I experienced when I installed snort and turned on everything. Spade was freaking out at me about once every 5 seconds, I was getting warnings about unicast ARP attacks and port-scans all over the place. How can you tell what constitutes a packet containing illicit transmissions? There would be so many false alarms that they wouldn't be able to do anything with that data. What if it was an encrypted communication? They can't just flag all encrypted stuff because legitimate transactions are encrypted all the time. A lot of people doing nothing wrong would be put under suspicion no matter what algorithm they were using. Therefore doing what is described is next to impossible.

encrypt everything

[Facekhan]

Criminals will just use the best available encryption to cover their crimes. This kind of thing is only going to effect regular people and the casual criminal.

Drugs

[Lord+Kano]

Drugs give off molecules that anything with a sensitive enough nose can detect. A drug dog need not actually inspect a package full of heroin to smell it.

Have you ever been someplace right after someone just finished smoking weed? Same principle, but dogs can smell much better than we can.

If they want to liken the internet and packet sniffing to drug dogs, any time someone's engages in illicit activity on their computer they would need to drop millions of post it notes declaring somewhere.

LK

This is not really an issue

[cgenman]

The court ruled that because the dog only responded to drugs, that the search was perfectly reasonable and upset no privacy concerns. It is assumed that the dog discovers only drugs and that it is infalliable. Because all it does is look for drugs or no drugs, and there is no legitimate privacy concern around having drugs, the search is legit.

This is not applicable in many ways to the internet because the word drugs is not illegal. The words let's bomb the world trade center is not illegal. Nothing you do in your e-mail can be scanned, because nothing you do in your e-mail can be cleanly illegal.

On the other hand, if you're trading files, your MP3's might be checksummed and used against you in a court of law. However, this has already happened anyway, so what's the point in fighting this new justification?

This is an interesting non-issue, really.

Re:Oh god no

[cgenman]

For a year and a half I was traveling back and forth between Boston and Cali to see my long-distance girlfriend. I was "randomly" searched 18 times out of 18 possible. As they were "randomly" searching 1 out of 3 people, this had a probability of 1 out of 2.1 billion.

Yet the government was insisting that no black lists existed. That they weren't keeping track, and that it was totally random.

The only reasons that I can think of offhand to blacklist me is that I joined Calperg and the ACLU, and I saw Nader speak at a local college.

I'm betting the reason that our government lies about what it does is not because there is a vested interest in keeping terrorists from knowing that they may be blacklisted, but rather because how the government chooses who is potentially good and potentially bad is so stereotypical, shallow, and offensive that they would get run out of office if people knew what they were doing.

Little Brothers

[Sloppy]

What people seem to be missing here, is that the fourth amendment is just a limit to what government can do. Regardless of whether the 4th amendment is found to apply to internet packets or not, there is nothing preventing anyone else from inspecting whatever packets happen to be passing through their system. Whether the government is doing it or not, you have to assume someone may be doing it.

What this means, is that you shouldn't be waiting for the courts to uphold the 4th, because even if they do it, your privacy will still not be very well protected.

Everything should be encrypted. And if that happens to protect you against government intrusion, consider that a welcome side-effect.

The pot analogy is this: suppose your car is leaking an odor into the public air. Maybe this odor is of interest to police dogs, but remember that it's also of interest to insurance companies, blackmailers, thieves, marketers, gossipers, etc. You already have a problem, regardless of whether or not you're doing anything illegal, and regardless of whether or not the government is allowed to break into your car without your consent or a warrant.

Quit focusing on Big Brother when you have a dozen little brothers. You need to stop the information leak, not try to impose rules-of-honorable-conduct upon just one of the parties that may be spying on you.