Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Police Plan to Remote-Search Hard Drives

Posted by timothy on from the oh-you-needn't-come-into-the-office dept.

Smivs points out a blandly-worded story from the BBC with scary implications, excerpting "Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs. It will also encourage better sharing of data among European police forces to track down and prosecute criminals. Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees."

6 of 260 comments (clear)

  1. Bogus statistical claims. by VShael · · Score: 5, Insightful

    In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".

    And the other half is copyright infringement?

  2. More Information? by TripMaster+Monkey · · Score: 5, Informative

    Unfortunately, the article cited is maddeningly vague as to how this initiative will be implemented. A little digging turns up this Register article on the subject, which contains slightly more info.

    From the Register article:

    In practical terms, remote searches would involve planting law enforcement Trojans on suspects' PCs. Police in Germany are most enthusiastic about pushing this tactic, the sort of approach even Vic Mackey from The Shield might baulk at, despite its many potential drawbacks, highlighted by El Reg on numerous occasions.

    For starters, infecting the PC of a target of an investigation is hit and miss. Malware is not a precision weapon, and that raises the possibility that samples of the malware might fall into the hands of cybercrooks.

    Even if a target does get infected there's a good chance any security software they've installed will detect the malware. Any security vendor who agreed to turn a blind eye to state-sanctioned Trojans would risk compromising their reputation, as amply illustrated by the Magic Lantern controversy in the US a few years back.

    Then there are the civil liberties implications of the approach and questions about whether evidence obtained using the tactic is admissable in court.

    Despite all these problems the idea of a law enforcement Trojan continues to gain traction and could become mainstream within five years, if EU ministers get their way.

    So, in short, here's just one more compelling argument for ditching Windows for Linux...

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  3. Go ahead by Roland+Piquepaille · · Score: 5, Insightful

    as I sit here in a cafe, my laptop connected to some unsecured AP far awqay with a biquad wifi antenna, I say go right ahead, search my hard-drive, but don't forget to bring a good map and a gonio antenna to find me in case you realize I'm not the poor guy whose house you're about to raid.

    This will never work, there are way too many anonymous internet connections around for this 1984 scheme to work, and people who have something to hide usually don't leave stuff hanging around unencrypted on their hard disks.

  4. Disconcerting possibility: by fuzzyfuzzyfungus · · Score: 5, Insightful

    If the police are planning to "remote search" hard drives, they'll need something on the client that lets them do so, along with some sort of command and control/results reporting channel between the client and the (totally secure and definitely not going to get breached in an embarrassing display of incompetence that will go utterly unpunished) police HQ.

    In the short term, that means some flavor of spyware. The disconcerting bit, though, is that said spyware would look and act like normal spyware; but be part of a police investigation. Generally, interfering with those is a crime. Will removing that spyware be considered obstruction of justice? Will blocking its operations or reporting be considered obstruction of justice? "Your honor, the defendant did maliciously configure his router to drop outbound justice on port 315..." In order to be effective, spyware has to be covert and subtle, so it will be damn difficult to distinguish fedware from ordinary spyware.

    Worse, of course, is the medium to long term: if "remote search" is the law of the land, it will soon enough seem like a good idea to mandate a few features from hardware and software manufacturers to make it easier. Make an antivirus program? Well, you'd better be sure that it ignores the activities of any app signed by $AUTHORITY, if you want to stay out of jail. OSes could easily do similar things with process listings, priviledge escalations and the like. Even hardware could get in on the act. In principle, you could build obedience to cryptographically signed orders into all sorts of devices. This would be bad in all the ways that DRM usually is, only worse.

    Unfortunately, this sort of turn doesn't seem entirely unlikely. Digital surveillance is all the rage these days, and unlikely to get any less popular, and there are few jurisdictions that have any terribly encouraging history of resisting it. Specifically, the EU has comparatively strong privacy legislation; but it is written from the basic philosophy that privacy is having the state control other's access to the data it collects, rather than privacy being having those data never collected. The US is stronger on that score(at least in theory, and as long as drugs, kiddie porn, and terrorism aren't involved); but the state of private sector privacy is absolutely miserable and there is nothing stopping the state from simply buying surveillance from said private sector(which it indeed does, on a fairly massive scale).

  5. Re:lol by clam666 · · Score: 5, Insightful

    That's funny. I tend to keep my highly illegal terrorism-and-kiddie-porn related files on disconnected usb drives.

    --
    I'm a satanic clam.
  6. Summary is confused as usual by Xest · · Score: 5, Informative

    The summary takes the decision somewhat out of context.

    They're not planning to remotely connect to any old joes computer they can and search it, they're planning to connect to zombie computers that have been hijacked by criminals to try and trace back where the criminals are coming from.

    Apparently, there will be strict rules on what they can do on said machine too, that is, they're not allowed to start rummaging through people's personal data. Don't think I'm naive by saying that- I'm just repeating what I read on the issue, I don't believe for a minute those rules will be enforceable and I truly think as soon as they have access to these machines and their boss aint looking they're going to start rummaging like crazy.

    I'm not sure how I feel about the general idea, if a machine has a backdoor and they can manage to connect to it also then in a way I feel they should just temporarily patch it for the user and inform the user at absolute worse although I'm not sure this is ideal- what if they patch some security researcher's honey pot for instance!

    It certainly concerned me a bit when I read it but it's certainly not a plan to just use 0-day exploits to connect to everyone and anyone's PC or anything.