Slashdot Mirror
FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN
SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.
If the FBI starts to attack Tor and VPN users, those users are going to fight back. If they are not in the US the FBI might not be able to stop them doing it either.
All this kind of thing does is make the US a more legitimate target for cyber attacks. The NSA and GCHQ are already fair game for hacking because they try to illegally hack you, so it's just self defence.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
1. Run FF via TOR using valgrind.
2. Trace data flow
3. Harvest Exploit
4. Harden FF
5. Sell Exploit
4th amendment? What's that? People might be terrorists hurting children if they're behind a VPN! They must be stopped at all costs!!!1!
Or if you know somebody who has used TOR or a VPN. Or if you know what TOR or VPN is. Or if you might know somebody who might possibly know someone else who could know what TOR or VPN is. In fact, the FBI just wants to hack you.
My computer is not so well shielded against attacks. And you might want to take a good look at that "terror_cells_US.docx" file. Yes, you may have to activate macros, it has a bit of active content.
What? Me hack the FBI? I swear, I never even thought about it. I had this proof of concept for how to infest even well guarded VM-secured analysis centers to the point of taking them offline or making them my bitch on my PC but I have no idea how it got there...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
but if you use it, that is grounds for us to take it away.
Makes perfect sense in an inside the belt way sort of way.
So the Postal service is still the most secure legally protected method for sending data. Just mail CDs.
Next, I'd assume they'll be seeking to be able to enter our homes without a warrant but only if the home is locked.
then the FBI should have the authority to put cameras in your house. Right?
What if retaliate by hacking them? Is that legal?
I use VPN to watch geoblocked TV channels in the US. Sometimes when it's just for security when using hotel or café wifi. Other times it's for added security when i do online banking.
Boy, I can imagine all of the companies that have employees connect through VPNs to do confidential work will love this. I work for an internationally-based corporation that has me on a VPN before I can even BEGIN to work and I would imagine they'll be pretty pissed off if the FBI is legally hacking into their private systems.
This is such bullshit. When are we going to get some lawmakers who actually understand the fucking technology?
Such idiots...
...just a few few days ago? How do you like him now? That's right, he's still smearing turds all over the Constitution, and having him gone will be one of the best things about Obama's terms finally ending.
ALL major online email providers (google mail, yahoo, microsoft, etc.) and all major company networks work internally by using a VPN between the various locations that those companies have around the country/world... => they are going to be hacked... and this will raise an enormous shitstorm.
root@127.0.0.1
When I'm connected to my company's VPN connection, they route all of my traffic over that connection, sounds like this law is giving the feds carte blanche to hack all work-from-home users.
Once we kick those evil Rethuglicans out of power, we'll see the Democrats restore our rights.
Yeah, that worked out real well.
Are we beginning to see that the problem is the government itself, and not the particular party in power?
And are we beginning to see that giving that government more money is a really bad idea?
NSA and others do it and will do it no matter what the law says, while their dime eyed lawyers continue telling that they are defending our liberties. FBI was also doing it, but now that the discussion is public, there are same voices, probably in-house lawyers, who foresee a case in the future where the litigation is lost if FBI will continue lying using the paralel construction, like they (and all others) always did.
So now they want to legitimize something that is not legitimizable.
That would be a waste of taxpayers money. Multiple jobs would need to be created to open the mail and to manually download the data.
I use two factor auth'd VPN with Radius to access customer sites. I'd better warn my customers that the FBI is plotting to steal their credit card txn data. There could be no other explanation for this.
Legality has never matters to the FBI/CIA/NSA before. They typically operate above the law.
Without just cause the FBI will become as contemptible as the former KGB, which I would expect to snoop without reason other than to intimidate and dig up dirt on people. USA: stop this please. You exist for the people, not the other way around.
We had VPN at work with XP. W7 could be configured but the manual took some time to appear -- of course, knowledgeable folks will find a way, but this is about everyone being able to use it. Because it's useful.
IT people got shy, because it's hard to make it secure. And we deal with privacy responsibilities.
So VPN became progressively harder. Now, people will fret over this.
It's not like if you're not doing anything wrong, you have nothing to fear.
Quite the opposite: if you are not doing anything wrong, you must also take care not to be spied by NSA -- because that would be negligent.
That bit about "particularly describing the place to be searched, and the persons or things to be seized" isn't just a matter of criminal procedure. It actually comes from the constitution. Really -- check the restroom at headquarters, it's right there on the toilet paper.
Ya know, when I take a crap I expect privacy. Anyone who cuts an eyewhole in my bathroom wall ... and peeks ... can expect me to locate, retrieve, and drive a long sharp ladies hat-pin thru that pervoz peek-a-boo eyewhole. OhmeOHMy that's gonna hurt. In such manner I intend to defend basic personal privacy; if asked I suggest analogous behavior to all citizens for if all citizens behave like this the 2-eyed pervo population goes way-down way-fast. Does anyone need a postcard ?
So, you use a VPN to avoid getting hacked by your local situation, then get hacked by your own government.
By that reasoning they can justify a search warrant if I close the drapes in my house.
...but wouldn't getting vpn rights grant access to the plethora of cameras already in your home. Wait, don't they already have access to all of them?
I'm going to start using punch cards, along with a Live USB distro
This is just Phase 1. Once this is in place then in Phase 2 if you ever use any service that uses https then you must be trying to hide something and so they can take all of your data. Same for any other use of encryption, you might be a criminal or terrorist hiding something. And if you ever send anything through the mail in a sealed envelope, well you must be a criminal trying to hide stuff.
I'm an American. I love this country and the freedoms that we used to have.
They seem to be asking for all of this, but I wonder which subset of these they actually expect to get. If they ask for 10 unreasonable things but only get one, will we celebrate, or mourn the loss of one more civil right to privacy?
It's the same thing we always hear all the time. The lines that are an attempt to fool the general public. It goes "We need "x" because we can't do our job, and if we can't do our job your "(family, kids, wife, money, future, home, the earth)" are all in danger, so do it for them!"
More wannabe tyrants cheering on the big tyrant..
So we should expect no knock raids if we close our blinds?
X
Everything my employer does is via a VPN. This little change would be carte blanche for virtually all corporate communications within the United States. Even the company's internal networks would be laid bare if they're remotely accessible. The opportunities for abuse are staggering.
===== Murphy's Law is recursive. =====
The first arrest that happens due to this, will result in appeals that will eventually get this rule overturned as unconstitutional.
This is no different than saying your neighbor committed a crime so we want to search your house as well due to proximity to him. A decent lawyer will be able to make the argument that just because you are on a TOR or a VPN does not mean you are doing something illegal.
TOR was created as a method to allow people in oppressed countries to speak freely, it is funny that the country that funded this is now going to be one of those oppressed countries.
A *tiny* fraction of computer users will do *anything at all* to counter this searching. The overwhelming majority of voters don't even understand what this means, and inasmuch as they have a glimmer of an understanding, they think "so the FBI can see what I am doing when I remote in to work from home? So what? They will just get bored."
There won't be open cyber warfare between "the people" and "the government." There won't be a widespread refusal to work for the government on the part of geeks everywhere. This is all jejune nonsense, and a very good example of why geeks in general are very bad at politics (and have basically no representation in politics).
If you care about this issue, the absolute best thing you can do is give money (real tangible economic power) to the lobbies that are fighting it (EFF, ACLU, etc).
And don't forget that you owe Snowden a favor given all he has sacrificed for you. The very very least you could do for him is Sign the ACLU's petition to grant him Clemency (and maybe go the extra mile and pass that link along).
So it's true ... when they outlaw privacy, only criminals will have privacy.
And then there's this:
We want extraterritorial laws, with no judicial oversight.
I'm sorry, but can the rest of the world decree that FBI agents should all be shot on sight as enemies of basic civil rights? The argument is about equally stupid as what the FBI claim.
America, you have a problem, and you are making it the problem of everyone on the planet.
Land of the free and home of the brave? You have to be fucking kidding us.
Lost at C:>. Found at C.
I just cant believe how crooked the FBI and its agents have become. There is nothing special about them anymore.
Some already avoid email & might use pictures w/steganography.
1. Run FF via TOR using valgrind.
2. Trace data flow
3. Harvest Exploit
4. Harden FF
5. Sell Exploit
There's no profit in it.
More open source developers should join working on Tor. I looked at its code and it can definitely use some cleaning up. With more people working on it, we'll have more github forks and versions. Perhaps features like randomly faking Internet traffic and honeypots will be made? I was for example thinking of making a feature where two Tor instances do the exact same request and then let them compare the results upfront feeding it to the browser. If they differ in malicious way, tell the user's browser about the differences and allow browser plugins to visualize the diff.
The US government funded Tor development and encourages its use as a way to avoid repressive governments and then considers its use in the US to be a suspcious act.
The irony, it burns!
From the article:
...without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants...
Text of the 4th amendment to the constitution:
The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The article is light on details, but if it is accurate, this looks like a straightforward violation of the 4th amendment. The devil is always in the details though. The article may be an oversimplification.
What they are saying is that it is possible by some technical means to hack secure networks.
How long till others figure this out and exploits are in wild.
It would be interesting to see how banks and online businesses(Visa, Mastercards, etc) explain how their networks are secure if some teen can snoop into it from his basement and show off his h33t h4x0r skills.
So, if an opposing campaign uses VPN to secure their communications, it makes them a target by the sitting executive branch party.
Guess we won't hear anything about this on the SOTU.
www.facebook.com/DareDefendOurRights
www.fairtax.org
go on strike!
They need us more than we need them. Its aparant. I am sick of being viewed as a terrorist when they need people like us to perpetrate their new digital wars. This is the last straw that broke the camel's back. I am sick of media propaganda making us all out to be anti-social terrorists. I am sick of being view as "crazy". I am sick of this fucking bullshit, while other obvious fuck ups in mainstream society get a pass. I am sick of being a perminant suspect, especially when my actions are what makes me valuable to the same people after me.
The plan:
1. Stop working for them. Don't get a job doing computers for LE, Corrections, Intellegence, or Military
2. Don't give them advice and recommendations, further than "stop treating me like a terrorist". Stop giving them recommendations that would help them against their other victims
3. If someone asks you to put a backdoor in any piece of hardware or software just say no, and go to the press/wikileaks
4. Don't be affraid to leak pertinant evidence of their otherwise wrongdoing to the press/leaks organization. They make no bones about investigating you or smearing you as a terrorist/mental patient/criminal. Don't be affraid to do the same to them
5. Communicate to your fellow techies what we are doing and why. Heckle recruiters and warn n00bs to try and get other people to do the same.
6. Co-operate as little allowed by law with any of the organizations mentioned in point one. If you can afford to do so, commit civil disobediance, make sure you have a lawyer handy.
7. Stand in solidarity with everyone else getting picked on unfairly. Stop the bullying by saying "I simply won't believe their crap", and tell other people how you feel.
Lets stand united and do this.
This assumes FBI *can* hack, just like how some people falsely assume NSA can see everything.
when in reality they are both useless and incapable of doing anything.
So where exactly do they find this right in the constitution?
As a warrant must specify exactly the place and thing being searched for and must be approved by a Judge.
Clearly a broad power grab like this violates all intents and purposes of the law. /soapbox
What's needed is for a popular news client to have the option of automatically adding a random .sig to every e-mail like:
53dd73cb10a1540c9d3adb36fd8cd0d8f5b2ef736a4a23a07d6d2a80c88e907f
Could be random, could be encrypted. The police state types would be overwhelmed in no time.
Articles like this often get written because the author doesn't really understand the law, and rather than really trying to understand what's going on they just guess. The claims made in this article are so wildly off-base, however, that it makes me question whether the author is just trolling people.
Contrary to what the article suggests, Federal Criminal Rule 41(b) does not have a thing to do with what evidence law enforcement agencies are required to show to get a warrant, nor does it authorize the FBI (or anyone else) to get any particular type of warrant. Rule 41(b) is about VENUE; e.g., if you've already got enough evidence to get a search warrant, what judge (in what federal District) is the judge that you are supposed to present that evidence to?
You can read Rule 41(b) here: http://www.law.cornell.edu/rul...
The basic rule it sets out is that, when you want a warrant, you ask a judge located within the District where the person/property you want to search is located. There are exceptions to that basic rule, much like any other rule, because it's not always a simple matter of "X is located here." Sometimes things are located across several different Districts, sometimes they're mobile and can be easily moved to another District, etc. This is why there are currently 5 subsections to 41(b), each dealing with slightly different semi-unusual factual scenarios. At the end of the day, each exception is there for a very simple reason: to clearly and unambiguously tell federal law enforcement agencies how to identify the judge they are supposed to go to if they want to get a search warrant.
The proposal for changing Rule 41(b) is located here: http://justsecurity.org/wp-con...
What the DOJ is asking for is a scenario not currently covered by Rule 41(b). That being...what happens if you are dealing with someone you know to have committed a crime, you have enough evidence to get a search warrant, but the perpetrator of the crime is using some sort of technological means (like encryption, IP masking, etc.) to prevent you from finding the exact physical location of whatever you want to search? As of right now, it is not clear who the right judge would be to issue that warrant. The only thing the proposal would do is say that, if you can't identify the physical location of the computer to be searched (and therefore do not know which federal District it's located in), then you can go get your warrant from a judge in the District where the target of the crime was located.
Example: I'm an evil h@xx3r, and I hack some computers at the GooglePlex. I have masked my IP address, so the FBI does not know exactly where I'm at. Under current Rule 41(b), it's not clear who the right judge would be to try to get a warrant from. Under "new" Rule 41(b), they can go to a judge in California since that's where the GooglePlex is located.
That's literally the only thing this proposal would change. It says nothing about VPNs or TOR networks. It does not give the FBI (or any other law enforcement agency) the authority to hack your computer or your phone whenever they want. It doesn't even grant them the authority to do that with a warrant, because they already have the ability to do that with a warrant. It also doesn't say anything about how much evidence they have to present to get the warrant, because Rule 41(b) has nothing to do with that. The standards for search warrants are exactly the same as they have been for years; this proposal would only clarify who the right judge is to issue the warrant.
I don't know a whole heck of a lot about the "FEE" is, but if this article is representative of their work and/or legal abilities then color me unimpressed.
Tuck
Tuck's Journal.
Most people seem to have skipped this gem:
That, in effect, means that pretty-much every computer can be entered. Worse, as the user is mostly unaware of any malware or viri on his computer (duh!), he can be searched without knowing/realizing why that might be.
When this relaxing of permission gets granted it would also be quite interresting to see what kind of programs get classified as "viri", or even easier "malware". I get the feeling that than anyone who installs some tools or game and gets a toolbar installed will be easy prey for "the buro" ...
Stock up on guns, people.
You're going to need them.
The FBI is a tool those in power use to remain in power.
If you're in power they might be your buddies, otherwise they
are anything but. Disregard this reality at your own peril.
imagine engineers at home doing VPN to try and restore, for instance, FAA and 911 trunk circuits. the carriers will not want FBI checking out the internals of the networks. that is prohibited by law.
Ever heard of that treasonous document that starts out "When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation."?
It goes on to say: "Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."
The signers of the Declaration of Independence and the people who fought for the Colonies independence were committing treason.
Indeed, the 2nd Amendment self-state purpose is to allow the citizens to preserve their freedom from a despotic federal government that was being formed by the same document. Rather, the government being formed could become despotic and need to be thrown off, and the the 2nd provides the basis for that.
This is pretty clear from various Founder's explanations, e.g. Alexander Hamliton "[I]f circumstances should at any time oblige the government to form an army of any magnitude[, ] that army can never be formidable to the liberties of the people while there is a large body of citizens, little, if at all, inferior to them in discipline and the use of arms, who stand ready to defend their own rights and those of their fellow-citizens."
The Framers had *just* completed an armed (and treasonous) insurrection of their own, and were keenly aware of the fact that any government they might form could (and probably would) become despotic. The 2nd at least put a floor under the people's ability to fight back against that potential.
installed without PC owners knowing as malware.... should provide hours of fun to the FBI.
The Fourth Amendment reads in part:
> "...and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized ."
This looks like an attempt to get around that provision. Sorry, FBI, you actually have to do police work.
http://www.uscourts.gov/uscourts/rules/preliminary-draft-proposed-amendments.pdf
Page 338
3 (b) Authority to Issue a Warrant. At the request of a
4 federal law enforcement officer or an attorney for the
5 government:
6 * * * * *[ begin proposed new text ]
7 (6) a magistrate judge with authority in any district
8 where activities related to a crime may have
9 occurred has authority to issue a warrant to use
10 remote access to search electronic storage media
11 and to seize or copy electronically stored
12 information located within or outside that district
13 if:
14 (A) the district where the media or information
15 is located has been concealed through
16 technological means; or
17 (B) in an investigation of a violation of
18 18 U.S.C. Ã 1030(a)(5), the media are
19 protected computers that have been
20 damaged without authorization and are
21 located in five or more districts.
[end proposed new text]
It reads to me like they want to be able to get warrants without knowing in what legal juristiction a server is located (thanks to Tor). It still requires a judge or magistrate to approve the warrant to investigate a crime. I don't immediately see a problem with this.
I assume Rule 41(b) explains why there was only one kiddy pron conviction after the FBI seized Freedom Hosting and took over a CP hidden site, using it to install drive-by malware on suspects' machines? Or was it that the malware only revealed visitors to an illegal hidden site and didn't capture what they downloaded or viewed?
The free market method is to offer "dead or alive" bounties on whoever dumped in your water system, and let competition sort it out. One mining company might do it once, but after that, the rest would have an object lesson.
Supposedly, so were the centrifuges targeted by Stuxnet.
Raytheon Buttfuck Systems (in short "Buttfuck") will sell the government their new X-Ray-CD-Reading-Buttfuck-System which can look through envelopes. I am sure Buttfuck will love to spend a couple hundred millions on this challenge. Or more precisely YOU will spend the money.
The inside still requires a warrant.
I wouldn't be surprised if people put up honeypots on Tor just to mess with 'em, and log all of the output over serial or something so that even if they get in, they can't purge the logs of their attempts.
Search warrants are still subject to constitutional requirements of reason and due process; this is a procedural rule independent of that.
It will allow a judge to issue the warrant even if the FBI or police are not sure what judicial district it's happening in. It's important to let a magistrate judge approve a warrant on that basis, because the current rule 41(b) does not provide for it except in terrorism cases. So if you have someone selling hard drugs online, for example, but the government can't tell whether they are located inside the United States or not, this provides a way for them to get a warrant to search.
See the proposed rule (from last November) on page 111 of http://www.uscourts.gov/uscour...
The old one is here: http://www.law.cornell.edu/rul...
Mostly, they are trying to establish legal cover for what they intend (are) to do anyway. Get rid of the pesky defense lawyers that try to use the 4 amendment protections to protect ordinary citizens
The 4th amendment is invalid if you have door locks on your home. After all, if you have door locks it is proof that you have something to hide, so the FBI ought to bust in the door without a warrant. If you don't have door locks since you have nothing to hide and your door is unlocked you are legally obliged to let the FBI in anytime they want without a warrant.
There are a host of federal regulations regarding maintaining the privacy of data that necessitate the use of corporate VPNs. Were the FBI to hack a corporate VPN and expose regulated data to the internet or the public via documents in an open hearing, the circus that would ensue as the Attorney General would try to explain how the FBI is exempt from all of those regs would be both entertaining and horrific.
My Lord, I request permission to knock in any door in Boston which my men find latched.
If Slashdot were chemistry it would look like this:Cadaverine
I can understand allowing the feds to hack TOR users... but VPN? Pretty much 100% of corporate environments these days use VPN... they make it sound like VPN is such an underground tool that harbors illegal activities.
Maybe it depends on the definition of hacking, but I didn't think it was illegal to access data that wasn't secured very well. Obviously, there should be laws with consequences if you do something bad with said data, but accessing it should be illegal.
Now that the FBI is handling my corporate penetration testing for me, how to I contact the NSA to arrange for online backup/restoral and disaster recovery? What better use of federal corporate taxes! ;-)
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."
The FBI is primarily a Mormon Organization. I bet you didn't know that did you?
So while its great that all the Ameribros are getting all up tight about their archaic parchment based rights... this is easily overlooking the obvious problem...
There is no international treaty, body, or group of laws designed to protect against investigation across boarders... sure you've got sovereign rights, but your 4th amendment rights only apply to you on 'American soil'. The definition of American soil fluctuates daily, and if there is no longer a need to have reasonable cause to investigate 'unknown' targets, the number of overseas targets will increase... particularly if you consider the international, boarderless, nature of TOR.
Its all very hacker manifesto.
"Wait till your corporations trade secrets are leaked because the FBI's collector was insecure."
Wait till your infrastructure dies because the FBI or some other three letter agency is poking around in your systems trying to install a backdoor or exploit. High end routers are expensive, but loss of data or business because of some G-man trying to hack your hardware is on another level entirely.
the FBI might think you have something to hide!
By what means are they attempting to change this 'Federal Rule 41 (b)'? TFA says nothing other than 'They are trying to'. What is the mechanism by which this is accomplished?
The fact that they are distinguishable from regular traffic makes the damn thing completely useless, worse than useless, it attracts attention like a flare. If you can't blend in, you're doing it wrong.
And, you know, screw the FBI. They're going to do what they want, and nothing will come of it. Despite it all, they stand as tall as they ever did. And 95% of congress will win reelection next year. I guess all this ongoing chatter is just venting. Tomorrow? It's back to work...
“He’s not deformed, he’s just drunk!”
The author is confused. See this discussion on HN where a lawyer or two explain what is actually going on.
Basically, nothing is changing concerning the substantive requirements for a warrant. All that is changing is which judges can issue a warrant after the police have satisfied all the requirements of the Constitution and of the Federal Rules of Criminal Procedure. Suppose a crime took place in district X, using a computer in district Y. Before, the police would have to go to a judge in district Y. After the change, they will be able to go to a judge in district X if and only if something like TOR or VPN was used that prevents them from determining Y.
The proposal would allow agencies to get a warrant with probable cause, without a specific location for the computer. You know a warrant from a judge to search to search the computer of a suspected criminal. That's actually how its supposed to work.
That's all this means. They're going to have a harder time using this nonsense outside of US jurisdiction. So that means the whole US tech sector that was hoping to get the world to log into US cloud data centers is dead.
That's all these insane politicians and regulatory agencies have accomplished. The whole thing will just be moved to Sweden or Ireland or something where FBI orders are ultimately ignorable.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
"the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details "
Since when do the police need a warrant for anything?
Did PATRIOTACT get repealed & i missed it?
Search warrants are still subject to constitutional requirements of reason and due process
I dunno where you have been all the while ... USA is no longer a place where Constitution matters anymore
If they can lie to the Congress and not charged ...
...
If they can invade citizens' privacy without any due process
... what makes you think they even give a rat ass on obtaining 'search warrants', or to go through the proper channel to obtain whatever warrants they need in order to frisk you, your grandma and your young daughters?
Please wake up, dude !
This ain't the USA of yonder. Brave new world we live here, a world where no law applies other than the laws as stated by NSA
Encryption is still your best friend.
Im no TOR expert so i wont comment on it but a good VPN (from a corp outside the USA is a good place to start)
and full disc encryption is good too (AES 256 or more is still very secure if not completely unbreakable)
I pay for a Buisness class Internet connection 100Mb/s and use a VPN (http://btguard.com/)
I am using full disc encryption 2048 bit (64 character passwords) with triple cascadeing ciphers and hidden volumes.
I sit here with my desktop facing backwards so i can rip the power cord out if anyone kicks my door in.
Paranoia can keep you alive. =)
SECURITY:
Until May 2009, the only successful published attacks against the full AES were side-channel attacks on some specific implementations. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for U.S. Government non-classified data. In June 2003, the U.S. Government announced that AES could be used to protect classified information:
The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.
AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.
MOST SUCCESSFUL ATTEMPT:
The first key-recovery attacks on full AES were due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011. The attack is a biclique attack and is faster than brute force by a factor of about four. It requires 2126.1 operations to recover an AES-128 key. For AES-192 and AES-256, 2189.7 and 2254.4 operations are needed, respectively. This is a very small gain, as a 126-bit key (instead of 128-bits) would still take billions of years. Also, the authors calculate the best attack using their technique on AES with a 128 bit key requires storing 288 bits of data. That works out to about 38 trillion terabytes of data, which is more than all the data stored on all the computers on the planet. As such this is a theoretical attack that has no practical implication on AES security.
According to the Snowden documents, NSA is doing research on whether a cryptographic attack based on tau statistic may help to break AES.
As for now, there are no known practical attacks that would allow anyone to read correctly implemented AES encrypted data.
America, you ARE a problem, and this already IS a problem for everyone on the planet. ...
It's the land of the slogan and home of the willfully ignorant.
Not all, but sadly the mouth-breathing majority
These agencies just don't give a shit about "laws", the constitution or anything in general. They have proven over and over again they will do whatever the hell they want because they will not suffer any consequences!!
You know, like how a locked trunk is reasonable suspicion of wrongdoing, so the cops are allowed to saw it open when they see fit.
Check out the actual rules: http://fee.org/freeman/detail/youll-never-guess-whos-trying-to-hack-your-iphone#comment-1804529890
Normally, to obtain a warrant, they would have to go to the judge from the district in which the target computer is located. This says that if they don't know where the target computer is located (because it is behind TOR or a VPN, for example), then they can simply go to the judge in the district where the crime they're investigating was committed, and even though technically that judge probably doesn't have jurisdiction over the target computer, he can issue a warrant for it. Common sense really. Doesn't change whether they would have to prove probable cause.
And just how many legitimate small businesses run vpn over the open internet to connect their offices?
This is, alas the "guns don't kill people" argument all over again. The weapon (or in this case, technology) is in and of itself not the problem. It's the way it gets used by a small subset of those who employ it.
i do not live in the usa , a law has been passed whereby doctors now have to write medical patient notes on a computer !! this is not a joke , " my government " has ordered my doctor to put all the MEDICAL details on to a pc ! in hospitals because of this new law doctors have told me that it takes them much longer to retrive data than before . from their perspective it was much easier using charts . and considering that about 60% of the money in the " healthbudget " goes to administration , 60% . so as there are a lot of clarks able to have acsess to info they do not need , nor do i see a reason for politicen to know , or have acsess to our medical info . or sell info to a 3rd party . we have problems mainly in the tax dept, and social securety , people selling other peoples personal info . taking everything into account as they would have said in 1984 this is" double plus ungood " we are already at the point best displayed in the movie " modern times " cameras everywhere ( in modern times there is even one in the loo ) but in my opinion forcing a GP to put everything into electronic storage ( cycles , nocturnal emissions should stay private ), is much more dangerous . lastly because i have certain ailments it is important that i put appointments ect on my cheap old handy ( cellphone ) , and just because i happen to be in a park does NOT mean all that info is in the open wether i'm talking on the phone or not , because i only discuss some things with my doctors ! writting in a diary could be done ,however that would sepperate the info , this hightens the inconvenience of needing to remember to have a working pen and diary as well . do people in general not see the difference between secrecy and plain old fashon privacy ?
the power of men in charge of words over men in charge of machines surpasses all wondering S WEIL
Internet is HONEYPOT.
Casteism
We're not really afraid. Bring it on.
Any law created is to pursue those they have jurisdiction. In this case, its citizens. Any company that uses remote users have VPNs. Any browser that 'can' use TOR will becomethat allows remote users use a VPN. This will put any company that does works or resides in the US at risk. If you use TOR to browse, this will allow them to
OK, I'm stupid.
Does this mean they don't need a search warrant to search my computer if I'm not using TOR or a VPN?
I have read many posts and have had time digest and to deduce certain ideas on this topic. Every person (as of this writing) has the right to express their opinions in whichever way they see fit. When all things have been said and done, does anyone have an actual "solution" to what is happening?
We here in North Korea have such rights already and are conducting criminal investigations on all.
USA just mistakes them as military attacks.