European Police Plan to Remote-Search Hard Drives

Smivs points out a blandly-worded story from the BBC with scary implications, excerpting "Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs. It will also encourage better sharing of data among European police forces to track down and prosecute criminals. Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees."

More Information?

[TripMaster+Monkey]

Unfortunately, the article cited is maddeningly vague as to how this initiative will be implemented. A little digging turns up this Register article on the subject, which contains slightly more info.

From the Register article:

In practical terms, remote searches would involve planting law enforcement Trojans on suspects' PCs. Police in Germany are most enthusiastic about pushing this tactic, the sort of approach even Vic Mackey from The Shield might baulk at, despite its many potential drawbacks, highlighted by El Reg on numerous occasions.

For starters, infecting the PC of a target of an investigation is hit and miss. Malware is not a precision weapon, and that raises the possibility that samples of the malware might fall into the hands of cybercrooks.

Even if a target does get infected there's a good chance any security software they've installed will detect the malware. Any security vendor who agreed to turn a blind eye to state-sanctioned Trojans would risk compromising their reputation, as amply illustrated by the Magic Lantern controversy in the US a few years back.

Then there are the civil liberties implications of the approach and questions about whether evidence obtained using the tactic is admissable in court.

Despite all these problems the idea of a law enforcement Trojan continues to gain traction and could become mainstream within five years, if EU ministers get their way.

So, in short, here's just one more compelling argument for ditching Windows for Linux...

Re:More Information?

[dunkelfalke]

thank german minister for the interior for that shit. he introduced the law, the law was modded down by young social democrats, he was pretty pissed and so he tries to push the law through this way.

Re:Worried?

For those who don't know what you are refering to -
http://www.nytimes.com/2008/11/02/world/europe/02iceland.html

Re:yeah

[CannonballHead]

I find it interesting that you are complaining about the last eight years in the US, yet the article is about Europe...

IMO, it shows the anti-US sentiment, apparently because of the US's more or less high position in the world, as opposed to many European countries that are trying to rival it with the EU, etc., but failing.

And yet, The UK and Europe have far worse "wire-tapping" sorts of things than the US. But it's not in vogue to complain about it anywhere but in the US, it seems.

Summary is confused as usual

[Xest]

The summary takes the decision somewhat out of context.

They're not planning to remotely connect to any old joes computer they can and search it, they're planning to connect to zombie computers that have been hijacked by criminals to try and trace back where the criminals are coming from.

Apparently, there will be strict rules on what they can do on said machine too, that is, they're not allowed to start rummaging through people's personal data. Don't think I'm naive by saying that- I'm just repeating what I read on the issue, I don't believe for a minute those rules will be enforceable and I truly think as soon as they have access to these machines and their boss aint looking they're going to start rummaging like crazy.

I'm not sure how I feel about the general idea, if a machine has a backdoor and they can manage to connect to it also then in a way I feel they should just temporarily patch it for the user and inform the user at absolute worse although I'm not sure this is ideal- what if they patch some security researcher's honey pot for instance!

It certainly concerned me a bit when I read it but it's certainly not a plan to just use 0-day exploits to connect to everyone and anyone's PC or anything.

Re:Summary is confused as usual

[KlausBreuer]

Sadly, this is not quite correct.

Here in Germany, they plan (and already have) to simply control you. Are you an eeeeeevil terrarist? Do you think of possibly considering, at some time in the far future, if you might want to do something which might bother some state bureaucrats? Do you Obey The RIAA?

It's not about spam, and zombie computers, and stuff like that. It's about control.

And, by the way, they are allowed to secretly enter your home, install some crap on your PC, and leave again. The might need a judges permission, but will get it in 95% of the time, no matter what reasons they give. Welcome to 1984, v2.08

Re:All the more reason...

[karstux]

Actually, he's right. The intel-compiled gcc might be faster than the gcc-compiled gcc, but their (the 2nd generation compiler's) outputs should be identical.

Re:Wow!

[TripMaster+Monkey]

If you don't care for that analysis, here's another.

Pwned machines

[phorm]

Besides, what kind of "evidence" could you trust in a machine that's been well and truly owned, especially if it's playing puppet to a criminal botnet?

Having worked somewhere where a server (not one of mine, but one setup by a contractor) was owned in short order, I can attest to the fact that once that happens you have very little ownership or control of the content on that box. That particular one (a WinNT box) couldn't even *delete* the files that had been uploaded due to issues with the character-set used in filenames, and some of the filenames were very disturbing as to what content they might have had...

I'd say that arresting somebody based on files on a box they *know* somebody else likely had control of is a pretty weak case.