Slashdot Mirror
European Police Plan to Remote-Search Hard Drives
Smivs points out a blandly-worded story from the BBC with scary implications, excerpting "Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs. It will also encourage better sharing of data among European police forces to track down and prosecute criminals. Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees."
In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".
And the other half is copyright infringement?
What it sounds like to me is that police departments will be able to search other police departments' computers. Not police searching civilian computers. The whole article is vague by using the term "remote searches" and not giving any more explanation.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
You know, it's awfully hard to not be yet again reminded of Orwell here. Constant surveillance and no privacy from the government so they can monitor everything you do.
But, of course, if your machine is behind a firewall, they'll just outlaw having firewall because it impedes their ability to investigate you for crimes. At which point if you need to be insecure enough to ensure that law enforcement can get in and do this, your machine will be hosed within the hour as the actual bad people break through as well.
This will either fall apart as un-doable, or spark some absurd laws to enforce it.
Cheers
Lost at C:>. Found at C.
as I sit here in a cafe, my laptop connected to some unsecured AP far awqay with a biquad wifi antenna, I say go right ahead, search my hard-drive, but don't forget to bring a good map and a gonio antenna to find me in case you realize I'm not the poor guy whose house you're about to raid.
This will never work, there are way too many anonymous internet connections around for this 1984 scheme to work, and people who have something to hide usually don't leave stuff hanging around unencrypted on their hard disks.
Even visible source code isn't entirely safe:
http://cm.bell-labs.com/who/ken/trust.html
Always a fun read.
I am officially gone from
If the police are planning to "remote search" hard drives, they'll need something on the client that lets them do so, along with some sort of command and control/results reporting channel between the client and the (totally secure and definitely not going to get breached in an embarrassing display of incompetence that will go utterly unpunished) police HQ.
In the short term, that means some flavor of spyware. The disconcerting bit, though, is that said spyware would look and act like normal spyware; but be part of a police investigation. Generally, interfering with those is a crime. Will removing that spyware be considered obstruction of justice? Will blocking its operations or reporting be considered obstruction of justice? "Your honor, the defendant did maliciously configure his router to drop outbound justice on port 315..." In order to be effective, spyware has to be covert and subtle, so it will be damn difficult to distinguish fedware from ordinary spyware.
Worse, of course, is the medium to long term: if "remote search" is the law of the land, it will soon enough seem like a good idea to mandate a few features from hardware and software manufacturers to make it easier. Make an antivirus program? Well, you'd better be sure that it ignores the activities of any app signed by $AUTHORITY, if you want to stay out of jail. OSes could easily do similar things with process listings, priviledge escalations and the like. Even hardware could get in on the act. In principle, you could build obedience to cryptographically signed orders into all sorts of devices. This would be bad in all the ways that DRM usually is, only worse.
Unfortunately, this sort of turn doesn't seem entirely unlikely. Digital surveillance is all the rage these days, and unlikely to get any less popular, and there are few jurisdictions that have any terribly encouraging history of resisting it. Specifically, the EU has comparatively strong privacy legislation; but it is written from the basic philosophy that privacy is having the state control other's access to the data it collects, rather than privacy being having those data never collected. The US is stronger on that score(at least in theory, and as long as drugs, kiddie porn, and terrorism aren't involved); but the state of private sector privacy is absolutely miserable and there is nothing stopping the state from simply buying surveillance from said private sector(which it indeed does, on a fairly massive scale).
That's funny. I tend to keep my highly illegal terrorism-and-kiddie-porn related files on disconnected usb drives.
I'm a satanic clam.
Indeed...one need only look at the last eight years in the U.S. for the proof of this statement.
Oh, wait...
____
~ |rip/\/\aster /\/\onkey
The Linux kernel is enormous and monolithic, which is why it is vulnerable to that sort of activity. But a smaller, microkernel design like Minix is easier to inspect, for those who have the time to do so. If you are truly concerned about people sneaking code into your OS, your best bet is to go with a microkernel and put in the effort to inspect that kernel and any relevant drivers; if you do not have that time, then you just need to trust others to do the inspecting for you.
Palm trees and 8
Oh, the irony of this is hilarious. Linux is now more cumbersome to work with than the operating system which caused Linus to write the Linux kernel in the first place. I'm sure Tanenbaum will be proud that he's come full circle. :-P
Besides, all of the stuff one layer up from the microkernel would still need to be checked for security, so I don't really think it buys you anything. The operating system is more than just the kernel.
Cheers
Lost at C:>. Found at C.
Someone in the arts or business is permitted to think 'The chances of that happening are remote, therefore it is unlikely, therefore I will ignore it. If it should arise, I'll see it and deal with it then.'
People in a technical disciple are obligated to think 'The possibility of that happening is there, therefore it is inevitable that it will happen, therefore the whole thing is wrong until I address it.'
-1 Uncomfortable Truth
From TFA: "In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography"
What? Half of all internet crime??
Hmmm. Bullshit detector's gone off the scale on this one. I think this is the work of industry lobbyists playing the child porn card to sell snakeoil to clueless, greedy politicians.
"And the meaning of words; when they cease to function; when will it start worrying you?"
Once the technology is available, it *will* be abused, and we know this, because such abuses have always happened. I don't know of a government (or a business) that had a technology available and decided not to use it because doing so would be unethical or even illegal. How many times must the same stories repeat before we learn?
An old saying puts it best: "What the government wants to do, and has the means to do, it will do -- logic, ethics, and common sense notwithstanding."
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer