FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN

SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.

Bad idea

[AmiMoJo]

If the FBI starts to attack Tor and VPN users, those users are going to fight back. If they are not in the US the FBI might not be able to stop them doing it either.

All this kind of thing does is make the US a more legitimate target for cyber attacks. The NSA and GCHQ are already fair game for hacking because they try to illegally hack you, so it's just self defence.

Re:Bad idea

[TWX]

I wouldn't be surprised if people put up honeypots on Tor just to mess with 'em, and log all of the output over serial or something so that even if they get in, they can't purge the logs of their attempts.

Re:Bad idea

[ron_ivi]

Most VPNs are corporate.

I imagine corporations will fight back legally if/when their employees start getting hacked by the FBI.

Re:Bad idea

[davydagger]

I think thats the point. Once they start fighting back, you can now openly declare war, and then have everyone who even remotely looks suspicious arrested.

Read, the war on nerds continues

Realisticly what can we do?

How about this, until this happy horse shit stops, lets all boycott working for the federal government. Take a job somewhere else. Unexpectedly find reasons to be somewhere else when they ask for help. Play internet detective and debunk all their theories on digital warfare.

Someone else can wage digital war on North Korea, Syria, Russia, and China. Someone else can keep state secrets safe. Just pass this around until we get a complete boycott on working for Uncle Sam.

Lets also continue to heckle recruiters and inform the n00bs to stay away from these people.

We don't need a war, we need to go on strike.

Re:Bad idea

[ShanghaiBill]

If the FBI starts to attack Tor and VPN users, those users are going to fight back.

Both TFA and the summary wildly misrepresent what this is all about. The FBI is NOT asking for permission to attack anyone that happens to be using Tor or a VPN. What they are asking for is the ability to get a warrant to search a particular Tor/VPN node, that appears to be engaging in criminal activity, without knowing who the owner is or where the system is physically located.

Re:Bad idea

[PhilHibbs]

Why would my employer fire me for using the corporate VPN from home? That's precisely what the VPN is for!

Re:Bad idea

[PhilHibbs]

I'm sure Airbus cared when the GCHQ snooped on the details of a bidding process and handed over the details to Boeing.

Re:Bad idea

[Jason+Levine]

They would care because they don't want the FBI hacking into their employee's computers while connected to the company servers via VPN. This "caring" might be due to caring about their employees (rare but it does exist in corporations), caring about their own computer security (much more likely), or worry over a FBI VPN hack uncovering corporate wrong doing (definitely possible). Companies that rely on VPN will use their lobbying might to fight this and there are some big companies that rely on VPN. I don't see this as gaining traction.

Then again, if the government screams "TERRORISM" or "PROTECT THE CHILDREN" loud and often enough, they've proven they can get almost anything passed. It's time someone changed the country's root passwords!

Re:Bad idea

[meta-monkey]

Yeah, it's not like the high-functioning sociopaths that seem so well-represented in the programmer population would be at all interested in the six-figure salaries offered by the secret government agencies with access to the most advanced and expensive computing resources on the planet, and may, with the blessing of the government, go crack and exploit all the things. I'm sure the "strike" will be very effective.

Re:Bad idea

[jandrese]

Wait till your corporations trade secrets are leaked because the FBI's collector was insecure.

Re:Bad idea

[redmid17]

Do you know what a corporate VPN is?

I only ask because it does not seem like you know what a VPN is, let alone a corporate VPN.

Re:Bad idea

[epyT-R]

I meant if you were using one on their system for something else as it would be breaking the law. The net result is that VPN use without a license will become a federal offense, like everything else.

Re:Bad idea

[redmid17]

The ability to get a warrant "without providing specific details" and the person doesn't have to be within the court's jurisdiction.

That's, um, just as troubling as it sounds.

Re:Bad idea

[Holi]

Well since treason is also in the constitution I think you will find that your 2nd amendment right does not include an attempt to violently overthrow the government.

Re:Bad idea

[Wonko+the+Sane]

And since there are precious few "jobs" available to neckbeards

...until the nerds invented Bitcoin.

Re:Bad idea

[mi]

Wait till your corporations trade secrets are leaked because the FBI's collector was insecure.

Yes, if that ever happens, a corporation's bottom line will be affected, and it (and others) will begin fighting it.

But a principled stand? Don't count on it...

Re:Bad idea

[houghi]

They just sold it to the highest bidder. Capitalism at its finest.

Re:Bad idea

[mean+pun]

Hint: pay attention to the second amendment. It gives you certain rights to conduct certain activities.

If one person takes up arms against the US government he's a lone wolf, a crazy, an incident. If one hundred people do, they're an extremist organisation (under a certain threshold of skin darkness) or a terrorist organisation (over said threshold). If a hundred thousand people do this, they are a political movement, and they may as well use political means, because organising a hundred thousand people will have required a lot of politics anyway, and it is better to just continue.

Can anyone name a successful change of politics in US history through second-amendment means?

Re:Bad idea

[ShanghaiBill]

That's, um, just as troubling as it sounds.

Yes, it is troubling, and we should be having a rational discussion about that. Instead we have a lot of hysterical rants based on the wildly misleading headline, summary, and article, that imply that the FBI wants to "legally hack" anyone connected to TOR or a VPN. That is not at all what this is about. By trying to manufacture outrage about a phony issue, the author is obfuscating the real issue.

Re:Bad idea

Were it not for the snooping, there would have been nothing to hand over.

Re:Bad idea

[phayes]

Kind of hard to complain (but they do anyway) when the DGSE is snooping on Boeing & handing the info over to Airbus...

Re:Bad idea

[Chandon+Seldon]

You can't really separate those things. The simple fact of securing information is that once it's out you have zero control over where it goes.

As a company, the only outside people who should get access to your information are your lawyers and entities that have signed an NDA. Unless GCHQ is going to sign an NDA, a competent Airbus managment can not tolerate snooping.

Re:Bad idea

[TemporalBeing]

I imagine corporations will fight back legally if/when their employees start getting hacked by the FBI.

Why would a corporation care?

One word: Liability.

Corporations would very much care because of liability concerns - both domestically to the US and foreign to other countries. It's already becoming enough of an issue that companies are taking to hosting data regionally instead of centrally just from a legal liability perspective.

For instance, suppose there was conversation going on regarding what to disclose to the US government over the operations of a foreign subsidiary between the execs and their lawyers? Regardless of the topic, matter-at-hand, or end result that is protected conversation regardless of medium, and the existence of the VPN would mean they expected it to be carried out in private.

And you can certainly bet the lawfirms will fight it too.

Re:Bad idea

[Archangel+Michael]

Capitalism is amoral. By that I mean it has no "right or wrong" other than a drive towards efficient market. People who make judgements have morals (or lack thereof) . We don't live in a Capitalist marketplace. There are way too many intrusions into free enterprise by government to be capitalist, we are just a socialist, corporatist, capitalist hybrid.

And of course, we have plenty of people who take a short term approach to market and cash out long term goals for short term profits, the long term result are a slew of failures that were rewarded early.

When all you see is the next quarter, you end up selling APPLE stock in '97 for $14.25 instead of holding onto it.

Re:Bad idea

[geekmux]

And since there are precious few "jobs" available to neckbeards

...until the nerds invented Bitcoin.

Until nerds invent a whole new form of greed and corruption, don't assume any hint of power or control is real.

After all, those controlling the incumbent monetary systems certainly don't have a problem blackballing any new eCurrency.

Re:Bad idea

[mpercy]

The Revolutionary War?

Re:Bad idea

[rwise2112]

Why would a corporation care?

My corporation would care as we access data that's considered controlled goods, and can be fined heavily and lose a good part of our business if the data gets accessed by anyone else. I'm not sure the State Department is going to say that's ok, since it was the FBI, because the VPN is then known to not be secure.

Re:Bad idea

[Archangel+Michael]

No, but the Declaration of Independence does.

I dare say, we have an obligation to overthrow a government that is Tyrannical in nature, which doesn't hold up the cornerstone foundation of our country (the Constitution). It is clear, from the elections, that changing the politicians have little to no effect on the bureaucratic machine that is eroding our rights daily.

"but but but those are family men and women, innocent and didn't know any better ... they were just following orders"

Re:Bad idea

[davydagger]

Obvious troll is obvious, but I think you'll find the "war on nerds" is receding. Google is finally large enough to buy congresscritters, 90s nostaliga and "nerd culture", i.e. a whole slew of hipsters posing as nerds has never been more popular, video games went mainstream, 76% of all computers world wide run Linux, and the tech sector is the hottest field to work in. Being a "nerd" is now cool and has been for around 7-10 years now. The hipsters have finally stopped pretending to be rock'n'roll types and now want to be us.

If you don't have a powerful 1Ghz+ dualcore internet capable computer in your pocket you're a looser, and even the trendies recent memes made online from nerds. Heck you are even on slashdot(you wouldn't see me caught dead hanging out with your lame friends).

On ESPN and I saw them discussing the physics of the flight of a baseball when discussing sports, estimating both the neccary force for a home run, and the actual force of the ball using some pretty good maths. Their new mascot for football is a robot as well.

Just about every industry is computerized, and the most powerful businesses and governments in the world depend on computers to function, and for their power. To include the massive intra-national cyberwars, again, all fought by nerds.

President Obama won both elections because of internet help. First with a large grassroots movement of cyber-activists, second with a specialized team of nerds loaned from google to help connect with people. Unlike "Real People", they don't have social intellegence to connect with people, they just run statistics on people based on what they get from google, and then instead of misguiding insticts, make decisions based on logic and observation.

Oh, speaking of "Real People", most of you are simply puppets that do whatever advertising tells you to do. Of course back in 1995 you'd have some fancy pants media type doing that. Guess who does the programming for that today? Some fucking neckbeard. The same type who told you to "Vote Obama" in 2012. But a liiiberaal consparacy you say? Guess who the only real bunch of "conservatives" really able to stick up to him? you guessed it, internet libertarians, more nerds. 20 years ago, if the media industry wanted legilsation passed it was rubber stamped. Today, SOPA/PIPA sank like a stone. Guess who's been the only real driving force in politics in the last 5 years? Nerds nerds more nerds. Some liberal nerds, some libertarian nerds.

suggesting to turn down an offer from the State would be... Unwise.

there is no shortage of tech jobs. If you can't see that, you're not working in industry. You'll get paid more and treated better elsewhere.

Re:Bad idea

[Archangel+Michael]

Can anyone name a successful change of politics in US history through second-amendment means?

1775-1783

Which is exactly why the 2nd Amendment is there in the first place. But too many pansy ass liberals want to take away guns because "oooh scary", and want a totalitarian government telling everyone how to live.

Re:Bad idea

[Archangel+Michael]

the author is obfuscating the real issue.

Are they now? Or is it perhaps that you can't see how this slippery slope is going to end. This is just simply the camel's nose in the proverbial tent.

Re:Bad idea

[hierophanta]

good point - maybe the best way to fight back against the government is to make use of corporate lobbyist armies already in place.

Re:Bad idea

[PRMan]

Welcome to the club. Most of us already would never work for the government.

Re:Bad idea

[NatasRevol]

They just gave it to your US competitor. Nationalism at its finest.

Re:Bad idea

[mrchaotica]

Why would a corporation care?

Because their competitor corporations might have hired a dirty FBI agent to steal their secrets.

Re:Bad idea

[JRV31]

The purpose of the second amendment is the final check and balance against an oppressive government.

Re:Bad idea

[NatasRevol]

Is it ok if I have real outrage about the real issue?

You know, where they can break into & search any VPN anywhere, without probable cause.

BECAUSE I'M FUCKING OUTRAGED AT THAT.

Re:Bad idea

[JRV31]

The armed revolt begins when you have mass desertion within the military.

Re:Bad idea

[Solandri]

The ability to get a warrant "without providing specific details" and the person doesn't have to be within the court's jurisdiction.

I believe that's a mischaracterization of what's going on here. It's not that the FBI wants the warrant without having to reveal specific details that they know, it's that they don't know the specific details. Only that there's criminal activity going at that node. Likewise, it's not that they want to get a warrant for a target known to be outside the court's jurisdiction, it's that they don't know what jurisdiction the target falls within. And they don't want the warrant to retroactively be declared invalid because after serving it they discover the target was outside the court's jurisdiction.

This is a subtle distinction I see a lot of people missing in a lot of things. Logic doesn't resolve down to everything being binary in state - true or false. It resolves down to three states - true, false, unknown/cannot be determined. (Math is the same way - that's why x/0 is undefined, not infinity.) If you assume binary logic and absolutely disallow warrants which are outside the court's jurisdiction, then yes you've eliminated the abuse of granting warrants outside a known jurisdiction. But you've also made crimes where the jurisdiction is unknown immune to warrants.

Re:Bad idea

[davydagger]

"TERRORISM" or "PROTECT THE CHILDREN", still can't screaming louder than "MUH BOTTOM LINE, JOB CREATORS".

given than 60% of spying is industrial, the government spying on one corporation on the behalf of a competitor, I'd say yeah they'd care.

Re:Bad idea

[davydagger]

we are still mostly a capitalist and corporatist. But yeah, at one time, we where pretty damn close to capitalism and it didn't work out well. corporatism and little bits of socialism where thrown in because they tended to be more effective than police in containing mobs

Re:Bad idea

[Triklyn]

because your arms will do very much against a tank...

Re:Bad idea

[ShanghaiBill]

You know, where they can break into & search any VPN anywhere, without probable cause.

If you think that is the "real issue" then you are either illiterate or being deliberately obtuse. That is NOT what they are asking for. What they are asking for is the ability to search a specific node when they DO have probable cause, yet do not know the owner or location of the node.

They are NOT asking for the ability to "search any VPN anywhere" and they are NOT asking to search "without probable cause".

BECAUSE I'M FUCKING OUTRAGED AT THAT.

Outrage tends to be more constructive when it is connected to reality.

Re:Bad idea

[poetmatt]

The only thing touting the 2nd amendment does is show how stupid you are. And we're not talking vaguely stupid, we're talking "you make tinfoil hat conspiracists sound completely normal" stupid.

There are ways to fix things, there are responses to things, implying that you're citing the right to bear arms when it talks about a militia during times of war is absolutely bonkers.

Please stop posting on slashdot at a minimum and maybe take a class on reading comprehension.

Re:Bad idea

[Wonko+the+Sane]

Don't assume that anyone involved with Bitcoin since the beginning had any illusions about how it would be received by the incumbents.

Bitcoin early adopters are more prepared for the conflict than the incumbents, because they knew a fight was coming before the incumbents knew Bitcoin existed.

Re: Bad idea

[xlr82xs]

Sometimes, the computers are not so expensive.

Re:Bad idea

[lgw]

Way to completely miss the point.

If the FBI can skip the warrant for anyone using VPN, and that's basically every /.er, the powers being granted are broader than a non-technical person would suspect.

Re:Bad idea

[mean+pun]

The Revolutionary War?

That can't be right, because it obviously predates the 2nd amendment.

Re:Bad idea

[ogdenk]

Exactly, force the government to turn their toys on the rich, cost them money, and then you will see results. Guaranteed.

They only pick on those without the resources to fight back..... which is most of the country now, sadly.

Re:Bad idea

[garyebickford]

Actually the sociopaths tend to go into management, not programming. From my own experience I would say that programmers are very rarely in the psychopathy spectrum, more typically going toward the autism spectrum. I was curious as to what value psychopaths had in an evolutionary sense (both individually and in society), and I learned that they can be valuable. In an experiment with spiders, an equivalent to psychopathy was indicated as a group survival trait, as without it nobody defended the group against external enemies. In society, some level of psychopathy is to my mind almost essential to being a successful politician - imagine a President who could not lie ("No, we have no intentions of invading next week."), and truly did "feel our pain" when he ordered thousands of soldiers to kill, and die. I wouldn't want a surgeon to "feel my pain" either.

Incidents of sociopathy/psychopathy increase from about 1% to 4% as you go up in the corporate (or government) hierarchy. (I would say the incidence among executives of big financial institutions is probably more like 20%, but that's just me.) It's also high among surgeons but not other doctors. Sociopaths are often natural leaders. In fact in that sense it is can be a positive trait. This book was recommended to me, and I coincidentally saw an article also recommending it - written by a neuroscientist who discovered in the course of his research that he had psychopathic traits: The Neuroscientist Who Discovered He Was a Psychopath.

See also The Pros to Being a Psychopath. Quote:

Psychopaths are assertive. Psychopaths don’t procrastinate. Psychopaths tend to focus on the positive. Psychopaths don’t take things personally; they don’t beat themselves up if things go wrong, even if they’re to blame. And they’re pretty cool under pressure. Those kinds of characteristics aren’t just important in the business arena, but also in everyday life.

The key here is keeping it in context. Let’s think of psychopathic traits—ruthlessness, toughness, charm, focus—as the dials on a [recording] studio deck. If you were to turn all of those dials up to max, then you’re going to overload the circuit. You’re going to wind up getting 30 years inside or the electric chair or something like that. But if you have some of them up high and some of them down low, depending on the context, in certain endeavors, certain professions, you are going to be predisposed to great success. The key is to be able to turn them back down again.

So I applied my newfound knowledge to the US Constitution. I realized that, having dealt with royal and other psychopaths and seen both their use and their risk, the founding fathers tried to construct a system that essentially pitted power-seekers (which to me is mostly psychopaths) against each other, allowing the system to make use of their talents competitively while never allowing any single one or group to take complete control - and always have a way for the system to re-stabilize away from any monopoly of power over time. This is an interesting new perspective.

Re:Bad idea

[garyebickford]

Jefferson explicitly recommended that the government might need overthrowing occasionally.

Re:Bad idea

[Darinbob]

Sort of agree, however the reason is not that the corporations are cooperating willingly with the governments, but instead because they don't want the hassle that comes from refusing. It's time and money to mount a legal defense.

Re:Bad idea

[Cederic]

Will you stop spouting that inane irrelevant bullshit.

Illegal activity has fuck all to do with this attempt at legalising hacking.

Re:Bad idea

[redmid17]

Not really. Their description in the summary is pretty spot on.

Re:Bad idea

[sjames]

Many users of corporate VPNs are using their own PC at home. They just install the client there (which is a licensed use)

I doubt very much the corporations would be amused if the FBI starts hacking away.

Re:Bad idea

[sjames]

Capitalism in and of itself may not contain a moral principle (in the same way that a trig table doesn't), but as members of our society, capitalists are expected to behave morally. Capitalism is just the tool.

Re:Bad idea

[sjames]

The Battle of Athens

Re:Bad idea

[fustakrakich]

It is clear, from the elections, that changing the politicians have little to no effect...

Say whaa??! What 'change' are youtalking about? 95% of these bastards get reelected every time. And all these great revelations about government abuse have not changed any of that since... well, ever. Switching back and forth between republican and democrat cannot be called 'change' by any sense of the word, except for their spelling. The government is an undistorted, but maybe slightly embellished reflection of the wishes of the voters. Let's consider looking at the root of the problem, instead of the symptoms, which is all everybody is talking about here.

What is clear from the elections is that people wake up, push a button, and go back to sleep. I'm not sure what you could expect from that, other than what we have.

Re:Bad idea

[tombeard]

And we know they are because VPN, duh.

Re:Bad idea

[gweihir]

Well, if criminal gangs (and that is the modus operandi the FBI is asking to be allowed to use) attack computer systems all over the world, this will have negative consequences for them. The term "cyber-terrorists" comes to mind.

Re:Bad idea

[gweihir]

It is actually pretty easy to set up a fully transparent logging proxy. Just have it masquerade as an Ethernet switch, use a smart-switch that copies everything to a sniffing port, or, the really secure option, sniff passively using a classical dumb hub that is not smart enough to be hacked. I have several hubs here for Fast Ethernet that still work fine and I am not the only one. On the cheap, a physical SLIRP connection can be listened to with two serial inputs and that is totally undetectable, except for the somewhat bizarre set-up. Pretty standard RS232 cards go up to 1Mbit/s these days.

Re:Bad idea

[gweihir]

If it is not on US soil, what they are asking to be allowed to do is basically an act of war, unless there are specific, legally valid treaties with the country the TOR client is located in in place.

Re:Bad idea

[gweihir]

They do not even know that there is criminal activity going on. The TOR client or hidden site may well be in a country where what is done there is legal. Without knowing the location, they do not know anything that gives them the right to attack or "search". Now, intelligence agencies operate under different rules, but that is one main reason that most information they turn up cannot be used in court routinely, because it was obtained in an extra-legal fashion.

Re:Bad idea

[erapert]

Tell that to the Syrians, the Vietnamese, the Koreans, the Russians, the French ("le muskets are useless against le mighty warships of Le Rois! C'est madness to resist!").

You have no idea how a war is fought or even what the term "Guerrilla warfare" is let alone the fact that at least half the current military would be fighting against the feds.

Re:Bad idea

[cold+fjord]

If the FBI starts to attack Tor and VPN users, those users are going to fight back. If they are not in the US the FBI might not be able to stop them doing it either.

All this kind of thing does is make the US a more legitimate target for cyber attacks. The NSA and GCHQ are already fair game for hacking because they try to illegally hack you, so it's just self defence.

There isn't any part of you that thought that trying to "hack" or otherwise attack the FBI, NSA, or GCHQ for engaging in law enforcement activity might be a bad idea, is there? And I would also guess you pay no attention to the people that go to jail for overseas hacking?

Do you harbor similar venom towards Russia or China, since they engage in similar actions? Or is all the venom directed at the US/UK/West?

Re:Bad idea

[cold+fjord]

I'm sure Airbus cared when the GCHQ snooped on the details of a bidding process and handed over the details to Boeing.

Probably not, since that doesn't appear to be what happened.

Boeing Called A Target Of French Spy Effort

The Boeing Co. was among the targets of a French government plan for a massive spying effort to learn U.S. technological secrets and trade strategies, according to classified documents.

The plan targeted 49 high-tech companies, 24 financial institutions and six U.S. government agencies with important roles in international trade, the French documents show.

The plan focused on research breakthroughs and marketing strategies of leading-edge U.S. aerospace and defense contractors that compete directly with French firms.

The French also sought advance knowledge of the bargaining positions of American negotiators in trade talks involving France. . . .

Among the most coveted U.S. secrets:

-- Research, test results, production engineering and sales strategies for Boeing and McDonnell-Douglas. Both compete against the French-led European conglomerate Airbus Industrie.
 

Why We Spy on Our Allies - By R. James Woolsey, ... former Director of Central Intelligence

The European Parliament's recent report on Echelon, written by British journalist Duncan Campbell, has sparked angry accusations from continental Europe that U.S. intelligence is stealing advanced technology from European companies so that we can -- get this -- give it to American companies and help them compete. My European friends, get real. True, in a handful of areas European technology surpasses American, but, to say this as gently as I can, the number of such areas is very, very, very small. Most European technology just isn't worth our stealing.

Why, then, have we spied on you? The answer is quite apparent from the Campbell report -- in the discussion of the only two cases in which European companies have allegedly been targets of American secret intelligence collection. Of Thomson-CSF, the report says: "The company was alleged to have bribed members of the Brazilian government selection panel." Of Airbus, it says that we found that "Airbus agents were offering bribes to a Saudi official." These facts are inevitably left out of European press reports.

That's right, my continental friends, we have spied on you because you bribe. Your companies' products are often more costly, less technically advanced or both, than your American competitors'. As a result you bribe a lot. So complicit are your governments that in several European countries bribes still are tax-deductible.

When we have caught you at it, you might be interested, we haven't said a word to the U.S. companies in the competition. Instead we go to the government you're bribing and tell its officials that we don't take kindly to such corruption. They often respond by giving the most meritorious bid (sometimes American, sometimes not) all or part of the contract. This upsets you, and sometimes creates recriminations between your bribers and the other country's bribees, and this occasionally becomes a public scandal. ...

Re:Bad idea

[triffid_98]

The government is an undistorted, but maybe slightly embellished reflection of the wishes of the voters.

Is it really though? When your only two choices are crap, and it comes in a choice of brown or dark brown it's really not much of a choice, and it seems perfectly reasonable for the voters not to care much. It's not as if anything substantial will change depending on which of these amoral fuckwads they vote in.

Re:Bad idea

[kwbauer]

Way to completely miss the point. Glad AC could help you find it.

Re:Bad idea

[kwbauer]

Summary said TOR or VPN not TOR VPN. Companies use encrypted VPN for all manner of reasons, some of which include compliance with data security laws or is it now acceptable for a corporation to pass your CC across the internet in plaintext?

Re:Bad idea

[Kasar]

In the old Wired article about the NSA archives and eventual decryption of everything they could gather, they mentioned seeing every stock trade and business deal. Lots of insider information to be had by public employees. If they get their way as they have with server access, they could watch everything without even logging their presence, leaving no trail to explain their futures market or stock trade wizardry.

Re:Bad idea

[fustakrakich]

When your only two choices are crap...

That is bullshit bullshit bullshit! There are more than two choices on the ballot. And if you bother to work the primaries you can put more on (get it?). The entire problem lies with the voters and nobody else. They do every thing they can to absolve themselves of responsibility, and they sell their vote to the flashiest bullshitter that promises a pot of gold and a higher fence. Sorry, this government is their own damn fault. It's as simple as that.

Re:Bad idea

[dave420]

Seeing as the second amendment was created in 1791, I don't know what you are talking about. I suspect you don't, either ;)

Re:Bad idea

[PhilHibbs]

So, Airbus's reaction to this should be just to accept that anyone can eavesdrop on their VPNs? Are Boeing ok with European governments snooping on their VPNs? Maybe China should be allowed to snoop on all our communications as well. After all, more eyes means less corruption, right? And since American companies never bribe, they have nothing to hide by letting every government in the world listen in on all their internal communications.

Re:Bad idea

[cold+fjord]

What makes you think that Airbus will be involved in a criminal investigation by the FBI? Do you have some inside information there?

As I previously documented, Boeing has already been the subject of European espionage. Does the method matter that much to you?

I find it amusing that you don't seem to understand that Airbus, like every other important part of European technical and defense industries, is already a target of Chinese espionage, never mind Russia or Iran. The Chinese have proven very successful and stealing and commercializing secrets from many nations, and may ultimately use them against your country if they haven't already.

Perhaps your experience is different than mine, but I doubt that relying upon hyperbole when evaluating arguments is going to produce a sound outcome. Your fancy is resulting in rubbish.

Re:Bad idea

[Triklyn]

and you're putting the cart before the horse. you're talking of armed rebellion, when i think all we'd be seeing would be one lunatic with an AR-15 trying to shoot a fucking tank.

really? half the military would be deserting at the drop of a hat? we should probably work on that. :) the republic comes first. before you, or me. I think the majority of americans will say, fuck everything else, we must remain united.

Re:Bad idea

[PhilHibbs]

Which company is or was being spied on by whom is irrelevant. Every company should take measures to ensure that no agency can spy on them, simple as that.

Re:Bad idea

[davydagger]

which is telling on how are society thinks. Its only bad if its the lower class doing it.

Re:Bad idea

[davydagger]

Yes, murdered children and adults at school shootings are now simply considered an acceptable loss in the preservation of your unfettered second amendment rights. Meanwhile, first and fourth are being chipped away at constantly.

I think its mainly because their deaths are highlighted in the media they are worth more. Here is an inconvienant truth: more people get murdered by the police than at school shootings. School shootings, while tragic are rare, isolated, and more damage is done taking away rights, more privacy and speech than is done by the shootings themselves.

lets put some perspective: 11,000 people are murdered every year, all causes, out of 30,000 gun deaths, all causes. 40,000 die of drug related causes, 110,000 die of obesity.

But good job standing on a media-created tragedy to push your political views on people. Its no diffrent than white supremecists pointing out everytime a black man rapes a white women or kills a random white person as the dangers of the black race.

Re:Bad idea

[david_thornley]

I use the corporate VPN to work from home. My employer considers our source code to be a competitive advantage to be kept secret from the rest of the world, and would not like the FBI to be in a position to look at it.

Re:Bad idea

[david_thornley]

The listed source is clearly biased, and I didn't dig through to see what is going on.

I suspect that the "without providing specific details" refers to the person and physical place that is going to be searched, and that the warrant will describe a specific "place" on the internet.

Right now, if there's suspicious activity at my house, involving my phone line, or on an IP currently assigned to my equipment, there's ways of localizing that and determining where the activity is physically. Given probable cause, the FBI knows specifically where to go and whether they're going to US territory or not.

If there's suspicious activity at a Tor node or coming out of a VPN, it's not possible in general to know where the physical activity is, and therefore it can neither be assigned a geographic location nor determined to be under US jurisdiction. This gives the bad guys an assured place to hide (which is far from saying that only bad guys use those services), which can be a real problem. The question is whether it's legitimate to issue a warrant to intrude on such internet locations given probable cause.

Re:Bad idea

[fxsoap]

This is a serious problem. How do I hide myself without worry now?

Re:Bad idea

[epyT-R]

I only meant to imply that such law would basically require a license and key disclosure in order to setup a vpn. Your employer would have a license for this because they're a corp that can afford it.. your home vpn would require a separate license, complete with key disclosure of course.

I never said this was a good idea. It's terrible.

Re:Bad idea

[cold+fjord]

Every company should take measures to ensure that no agency can spy on them, simple as that.

On that we can agree.

Re:Bad idea

[lgw]

Ah, you're coming from the perspective that VPNs are actually secure against the government. I get what you were saying. You might be a bit behind on events, however.

Re:Bad idea

[kestasjk]

Wait till your corporations trade secrets are leaked because the FBI's collector was insecure.

So the scenario is a someone is selling hard drugs / distributing child porn / etc from a corporate VPN? Wouldn't the FBI just ask the company to provide the logs and wouldn't the company gladly comply?

I don't think corporate VPNs will be much affected/troubled by this.. Only the VPNs that market themselves as hiding internet users are likely to be affected I would say.

Not saying whether that's good or bad, I've not got enough info to know. I would be interested to know why they don't want to give any details in these cases, since I can't think why it should be any more or less private than a regular wiretap (not "hack" as the title misleadingly states).

(It's 2015 and I still need to put <br /> for newlines.. Come on guys.)

Re:Bad idea

[davydagger]

To be pendactic, Shay's Rebellion. But your point does stand. Revolutions only work generally when a good chunk of the population accepts the revolutionaries as more legitimate as the government. All points of lack of military prowess aside, I don't see any of us getting that any time soon. Also, cost of failure, and likely of failure is extreme. We'll all be hunted men for the rest of our lives if we are lucky. Its insane enough to even suggest that the people arguing for armed rebellion at this point are most likely agent provucauters trying to get us to say and do dumb stuff so they can arrest us all, and reframe the question away from their own actions.

I'll update my idea. Its not simply "don't work for the government", as I am not calling for a boycott on people working on health services, NOAA, simply a boycott on doing IT/Programming/any tech work for Law Enforcement, Intellegence, Defense, Corrections, as well as all private contractors and private companies that are dependant on above to function such as private prisons, and contractors.. If they feel they are so much smarter than us they need do devious stuff for our own good, they can fix their own computers. They need us, plain and simple. They don't have the expertise. Some yuppie with a $500 suit, no matter if he's the smartest suit in the world still isn't a hacker. They know this. Its obvious when General Alexander went to DEFCON. Its obvious there is a pretty big culture gap, and they have a hard time recruiting talent, because most brazen assumptions about how to find it are not just slightly off, but blatantly wrong.

To work, we only need a slim amount of people to be active in the movement, perhaps %10, vocally agitating ideaology. The rest who are not confident enough to share their views simply need to just look for a job elsewhere, and if they have a job with said agencies, politely accept work elsewhere, and then leave, and discuss their views in private, but encouraged to talk about their politics if they feel comfortable. Even people in the military can do things like request change of MOS, or simply decide to not renew their contracts. If you program Free Software Open Source, you can simply choose not to contribute to projects sponsored by the military, or fork them and not-contribute back upstream.

Its a reasonable plan of action, because it won't take much to make change. There is very little to loose, and only the agitators have any real risk, but the risk is slight. We can also form channels of communication, form communities based on solitarity and just talk. Big key here is solidarity.

the cost of failure is almost none. Start this you and me, just pass it on. I am not asking you to shoot anyone, rob anyone, plant any bombs, launder money, and I won't. I simply ask for solitarity.

Re:Bad idea

[davydagger]

if you feel comfortable doing so, start agitating, or pass on so we can turn a passive sentiment into a more active movement. fire up photoshop/gimp, create memes, and do activism so more people think like us, and articulate reasons.

rememer, solidarity. It starts you and me, as in all movements and then it grows.

Harvest Exploits

1. Run FF via TOR using valgrind.
2. Trace data flow
3. Harvest Exploit
4. Harden FF
5. Sell Exploit

Re:Harvest Exploits

[xarragon]

Sounds like that would infringe someones "intellectual property", and you know what happens then..

"Privacy? Ain't nobody got time for that!"

4th amendment? What's that? People might be terrorists hurting children if they're behind a VPN! They must be stopped at all costs!!!1!

Also if you've ever used TOR or a VPN

Or if you know somebody who has used TOR or a VPN. Or if you know what TOR or VPN is. Or if you might know somebody who might possibly know someone else who could know what TOR or VPN is. In fact, the FBI just wants to hack you.

Please do

[Opportunist]

My computer is not so well shielded against attacks. And you might want to take a good look at that "terror_cells_US.docx" file. Yes, you may have to activate macros, it has a bit of active content.

What? Me hack the FBI? I swear, I never even thought about it. I had this proof of concept for how to infest even well guarded VM-secured analysis centers to the point of taking them offline or making them my bitch on my PC but I have no idea how it got there...

Re:Please do

[oodaloop]

I had this proof of concept for how to infest even well guarded VM-secured analysis centers to the point of taking them offline or making them my bitch on my PC

Good luck with that. I don't know if you watched Skyfall one too many times, but all of those centers are disconnected from the internet and run on their own network, precisely for this reason.

Re:Please do

[Lord+Apathy]

Good luck with that. I don't know if you watched Skyfall one too many times, but all of those centers are disconnected from the internet and run on their own network, precisely for this reason.

Fairly close. Where those networks need to cross over they are protected by what the military had labeled the 10 digit interface. Some poor SOB has to read what is on screen A and type it in on screen B.

Re:Please do

[oodaloop]

Maybe that was the solution 40 years ago. I haven't seen it. There are trusted one-way links that allow movement between networks with automated filtering for questionable content. You're not going to fat-finger pictures, videos, and other non-text from one network to another, are you?

Re:Please do

[NatasRevol]

But which one was his default gateway?

Re:Please do

[Opportunist]

15 years ago I would have suggested a wider tinfoil hat, the one you'd have been wearing was too tight.

Today I'm probably going to ask whether you have a spare one.

Re:Please do

[Opportunist]

Apologies for not keeping current with the lunacy that MS dubbed "file formats". But congrats on correcting the one thing in the whole sentence that was wrong and didn't matter at all.

Re:Please do

[garyebickford]

Hmm. Tests by a Navy cyber defense unit back around 1999 showed that the average cost of getting a poor SOB sysadmin into allowing physical access to a Fortune 500 server room was around $7000. Which ties back to an XKCD cartoon - "Let's use this $5 hammer to beat on his head until he gives us the password." So we convince poor SOB to allow us to put a tiny camera into his glasses to watch while he types.

Sure, you have the right to privacy,

but if you use it, that is grounds for us to take it away.

Makes perfect sense in an inside the belt way sort of way.

USPS

[buback]

So the Postal service is still the most secure legally protected method for sending data. Just mail CDs.

Re:USPS

[alphatel]

So the Postal service is still the most secure legally protected method for sending data. Just mail CDs.

The USPS scans all mail
The USPS monitors mail on behalf of the feds without any authorization.
What's to stop them from opening it without a warrant? Sorry but the whole system is controlled and abused by your favorite government officials.

Sidenote: CDs were replaced by DVDs and now Blu Rays. Just fyi if you want to send more than 700mb of crap.

Re:USPS

[DigitalPagan]

Sorry, following this logic, they can open your mail sans-warrant because the envelope prevents them from reading your letters.

Re:USPS

[NatasRevol]

Send everything via laser disk. That way, they don't have the hardware to scan it even if they do open it.

Re:USPS

[steveo777]

I was going to suggest using a box of 3.5" floppy disks as I wouldn't expect them to have the equipment to read them anymore, but then I realized this is the post office, so maybe just a DVD would be okay since they probably haven't gotten around to procuring any of those yet.

Locked Homes are Next?

Next, I'd assume they'll be seeking to be able to enter our homes without a warrant but only if the home is locked.

Re:Locked Homes are Next?

[neilo_1701D]

They don't need to enter your home, locked or not, anymore:

http://www.usatoday.com/story/...

New police radars can 'see' inside homes

At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance.

Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person's house without first obtaining a search warrant.

The radars work like finely tuned motion detectors, using radio waves to zero in on movements as slight as human breathing from a distance of more than 50 feet. They can detect whether anyone is inside of a house, where they are and whether they are moving.

Current and former federal officials say the information is critical for keeping officers safe if they need to storm buildings or rescue hostages. But privacy advocates and judges have nonetheless expressed concern about the circumstances in which law enforcement agencies may be using the radars — and the fact that they have so far done so without public scrutiny.

Re:Locked Homes are Next?

[meta-monkey]

To be honest, I'm fine with that one. It's only for scanning buildings before entering to serve already-valid warrants. Using it constitutes a search in and of itself and may not be done without a warrant. They're not driving down the streets scanning everybody's homes.

Not that they wouldn't want to. They totally would. But the Supremes already put a stop to that with the ruling about the infrared cameras being used to spot grow houses.

If the cops are already going to bust down my door (remember, they already have a valid warrant. They did not use the radar to obtain a warrant), I'd rather have them scan the place first and see that I'm sleeping in the back room and my baby crib is in the front room, so they might (just might!) be less likely to toss a flashbang in the crib.

So, I don't really see the downside to the radar gadget.

Re:Locked Homes are Next?

[gstoddart]

It's only for scanning buildings before entering to serve already-valid warrants.

And what proof do you have of that? What assurances do you have they don't abuse this?

Sorry, but assuming law enforcement gives a shit about the law, or will follow it, is now such a naive and moronic statement as to be bordering on delusional. Increasingly, law enforcement wants to get around the law and oversight, and just do whatever the hell they want.

Which means you more or less have to assume they're going to misuse every tool in the book, and treat them like children.

And a valid warrant? Don't make me fucking laugh. How many times have law enforcement broken into the wrong damned home and killed some poor schmuck who wasn't doing anything other than defending his home from masked assailants?

I'm long past the point where I trust the actions, motivations, or ethics of the fucking police.

Because apparently they either don't know the law, or don't care.

Which is precisely why people don't trust them, and are growing hostile to them. If collectively the police don't give a shit about our rights, WTF would we give them more power with less oversight.

Sorry, but this is bad policing by agencies who find following the law too inconvenient.

Re:Locked Homes are Next?

[NormalVisual]

At this rate, it won't be long before a Faraday cage becomes an option for your new home.

Re:Locked Homes are Next?

[gstoddart]

And then they'll outlaw that.

Essentially anything which interferes with their ability to monitor your without restriction is now being deemed illegal.

Soon, they'll make it illegal to have secrets in your head, and you must submit to mandatory questioning and reeducation.

Sorry, but America has jumped the shark, and is taking down the whole world with them.

And for some reason, people are blindly accepting this crap.

Re:Locked Homes are Next?

[TheCarp]

> And what proof do you have of that? What assurances do you have they don't abuse this?

Yup and, what evidence would exist if they did abuse it? None at all. This is something that, if they have it, the ONLY protection we have for our privacy is to hope they don't abuse it; or if they do abuse it, that they meticulously log their abuses.

How would you ever know that a legitimate warrant was not proceeded by other scans, which were then used to manufacture a believable story with which to gain the warrant? Hell, with police actually defending the practice already as "Parallel construction", we can't really trust them at all.

Re:Locked Homes are Next?

[gstoddart]

Precisely. Which is why the default position for police has to be "fuck no, fuck off, we don't believe you".

And there has to be much harsher penalties when they decide the law doesn't apply to them. Me, I'm of the opinion parallel construction should lead to dismissal, and a raft of criminal charges -- obstruction of justice, perjury, being general douchebags.

Because if we did any of these things, we'd be charged.

Sorry, but when your "law enfocement" can bypass the law any time they like, they're just armed thugs who can do anything they want to.

That is not how you run a fucking free society.

If we have to hope that the police are obeying the law .. then fuck the police, they're not doing what they're there for.

And increasingly, since it's impossible to know which might be honest, and which are just abusing their power ... the only rational thing is to assume they're all crooked.

Re:Locked Homes are Next?

[jmcwork]

If they could just mount that on a small EM rifle ...

Re:Locked Homes are Next?

[meta-monkey]

You have the same guarantee you do against any misuse of technology or procedure by the state: evidence from illegal searches is thrown out and you can sue for a violation of your civil rights. And this isn't a new thing that would have to be fought for. The Supreme Court already ruled in Kyllo vs United States that the use of thru-the-wall cameras constitutes a search, and is invalid without a warrant. This was the case about the infrared cameras used to spot grow houses. That decision covers these devices, too, and to my knowledge the use of IR cameras has not been abused since.

Do you want to ban wiretaps because what guarantee do you have the cops aren't listening to your phone call without a warrant? Do you want to ban guns because what guarantee do you have cops won't shoot you for sport? Do you want to ban boots because what guarantee do you have cops won't kick in your door for funsies? Against all of these uses of technology you have the same protection: it's illegal to do so and you can sue them if they do.

I know it's fun to hate on the police, but they do kind of have to serve search and arrest warrants. If they're going to search your house anyway (as authorized by same methods for determining the validity of a search we've always had) what does it matter if they're doing it with a magnifying glass or a scanning electron microscope?

Remember, with the radar devices, we're not granting the police any new authority*. It's a new tool, but there's no new authority required to peer inside your home with a search warrant. They already have the authority to do so because of the warrant. Probable cause, sworn statements in front of a judge. The radar devices cannot be used to gather the evidence needed to get the warrant. They can only be used once the warrant is already issued via the same systems we've always had. Once the warrant is issued, I want the cops to thoroughly execute it. Do we want cops getting warrants to search the homes of people for whom probable cause for the evidence of the commission of a crime exists and then do a shitty job? Not find evidence they could have? Do we want them to not know who's inside the house hiding in the closet before they enter?

Seems to me if they know who's in the house, and where they are in the house before they enter, the scenario you bring up about the guy getting shot is less likely to happen, as the cops would (in a good world) be less likely to engage in overwhelming force when they know there's only one guy in the house sleeping in the back room or (in the shitty world in which we live) better able to subdue the occupant quickly before he has a chance to raise a weapon to the cops.

I guess what I'm saying is, give me the nightmare scenario that you envision use of the radar device will bring that is not already handled by current case law and procedures, and is different from the use of every other tool police have at their disposal?

*as opposed to the subject of this article. The FBI wants authority they didn't have before, to hack your computer for using a VPN. I'm opposed to that...I'm just saying the radar devices don't confer any new authority to police.

Re:Locked Homes are Next?

[DanielRavenNest]

Metallic foil "radiant barrier" insulation is already a thing:

http://www.amazon.com/EcoFoil-...

Just make sure to cross-connect the pieces, so they form a single ground plane.

Re:Locked Homes are Next?

[meta-monkey]

The Supreme Court already ruled in Kyllo vs United States that use of thru-the-wall cameras constitute a search, and are invalid without a warrant. If they do this, evidence discovered in this way is inadmissible and you can sue them for a violation of your civil rights. This was the case about the infrared cameras used to spot grow houses. To my knowledge, such cameras have not been abused since, and that decision covers devices like these.

So, already, use of radar scanners into your home without a warrant is illegal. What more do you want? You can't ban the devices...they're just a piece of technology with many uses, and are commercially available. You can't ban boots because cops might use them to kick in your door. You can say "ban cops from having them!" but you've already said you think they won't follow the rules that already exist against misuse of them, so what's to say they'd obey the ban?

The radar devices don't grant the cops any new authority* they didn't have before. They can only use them when they have a warrant, and if they have a warrant, they're authorized to search your home. They can't use them to get a warrant...use of the device already constitutes a search. So once they're authorized by the state to search your home, what does it matter whether they use a magnifying glass or a scanning electron microscope?

Now if you think warrants are being illegally obtained, or you don't like the laws for which the warrants are being obtained, that's a completely different matter.

But once a valid warrant is issued, yes, we want the police to conduct a thorough search. I don't want to grant warrants to cops and then have them do a shitty job of searching. Do you? Sworn statements have been made that probable cause exists that evidence of the commission of a crime (as described by the legislative branch at the behest of the people) and an authorized member of the judicial branch has reviewed this and granted the authority to the executive branch to conduct the search. All rights of the subject of the search have been observed. At this point, why not use any evidence-collecting tools available?

*as opposed to the topic of this article. The FBI does want new authority to hack your computer for using a VPN. I'm opposed to that. But I'm saying that's qualitatively different from using a new tool to do something they're already authorized to do anyway.

Re:Locked Homes are Next?

[gstoddart]

you want it every man for himself? no fucking thank you.

No, not at all.

Am I willing to live with police who will do "by any means necessary" and erode our laws and freedoms in the name of expediency? Hell no.

If the police have to ignore the Constitution, and commit perjury (parallel construction) to "do their job" then something is seriously flawed.

But accepting total power by the police to do anything at all they want to?? That's utterly fucking moronic.

That's living in a police state so you can still have the illusion you're free.

But if the police can do anything they want to, without oversight, and bypassing legal protections which have been in place for a very long time ... well, we might as well have pure anarchy.

Re:Locked Homes are Next?

[roman_mir]

Yes, and this shark jumping happened more than a hundred years back now. From Sherman Antitrust Act and the 'private' bank known as the Federal reserve that creates fake dollars out of thin air and IRS collecting illegal income taxes illegally and FBI and SS and Medicare and minimum wage and EPA and FDA, and departments of 'education', energy, housing, commerce and interior and more, to defaulting on the gold dollar and destroying the value of money (around the world actually, since the others were relying on the dollar to be reserve and dollar itself no longer had any backing itself once Nixon defaulted on the gold promise).

Basically USA jumped the shark when it gave up on individual liberties and started building a gigantic government machine for the sake of propping up giant companies and the empire.

Re:Locked Homes are Next?

[meta-monkey]

I read some more about these systems, and there's even less to be worried about.

Of the devices approved by the FCC, the maximum detection range is 20m. That's 20m from the device, not 20m from the wall. Most of them require you to place the emitter/detector brick up against the wall of the building you're scanning. So you can't just drive by and scan. As I said, use of through-the-wall scanners is already illegal without a warrant, so if you catch the cops at it, enjoy collecting your sweet $1.4 million civil liberties lawsuit settlement. I should be so lucky.

All you get from these things is blips. "There's movement 10m away, 30 degrees left." You don't get a 3d-render of everything going on in the home. Some devices are sensitive enough to spot the movement associated with breathing. Still, all you know is that there's something breathing in the house, but you have no idea what it's doing.

So as they stand, they're illegal to use without a warrant, and impossible to use discretely for any length of time. And if the cops already have a warrant...who the hell cares that they're scanning blips through your wall? They have a warrant. 30 seconds later they're going to come through the door and see everything inside, with actual eyes.

There are some designs coming down the pipe that claim they can be mounted on a drone and have ranges of 400m. Who knows if that will pan out or be approved. Still, it's just blips and is less useful than FLIR, which cops already have on helicopters (and probably drones). Kyllo banned indiscriminate scanning with FLIR, and that seems to have worked out fine. It didn't ban the cameras themselves. Little girl lost in the woods? Yes, please bust out the helicopter with the FLIR camera. And if you've ever watched "World's Zaniest Police Chases 27" on Fox, you've seen FLIR cameras in use during manhunts, where the carjacker running from police is tracked by the helicopter and you can see him hiding in the shed. That's all totally fine. Just don't go scanning people's homes without a warrant, and that doesn't seem to have been a problem.

And, FLIR is passive. You wouldn't know if they were spying on you. This radar tech, which gives shittier results than FLIR, is active. It requires them to bombard you with massive amounts of EM radiation, much of which is around 5GHz, which is totally detectable by your 802.11n wireless NIC in your phone, laptop, router, etc. So all it takes is a few security-minded individuals to write a very simple program that could detect those scans to expose these unconstitutional activities and collect the settlement checks.

The cops do plenty, plenty of horrible, invasive things with technology. This isn't one of them. Choose your battles. Let this one go, and focus on Stingray and military surplus APCs.

If you put locks on your door...

[JoeIsuzu83]

then the FBI should have the authority to put cameras in your house. Right?

Re:If you put locks on your door...

[Penguinisto]

Only if your blinds are drawn.

Re:If you put locks on your door...

[CanadianMacFan]

Well if your blinds are drawn then you definitely have something to hide.

Re:If you put locks on your door...

My blinds are drawn because I definitely have something to hide. And believe me, you want me to keep it hidden!

Corporations and Companies

[captnjohnny1618]

Boy, I can imagine all of the companies that have employees connect through VPNs to do confidential work will love this. I work for an internationally-based corporation that has me on a VPN before I can even BEGIN to work and I would imagine they'll be pretty pissed off if the FBI is legally hacking into their private systems.

This is such bullshit. When are we going to get some lawmakers who actually understand the fucking technology?

Such idiots...

Re:Corporations and Companies

[neilo_1701D]

When are we going to get some lawmakers who actually understand the fucking technology?

They understand the technology well enough. It's the Constitution they're having problems understanding.

Re:Corporations and Companies

[g0bshiTe]

When we the people demand it.

Re:Corporations and Companies

[captnjohnny1618]

Hah! Sad but true.

Re:Corporations and Companies

[captnjohnny1618]

And people smart enough to have a clue start running. Problem is most of our ilk has better and more interesting stuff with our time and don't want to put up with clowns like these guys.

Maybe we should make the EFF a political party as well...

Re:Corporations and Companies

[Jason+Levine]

When are we going to get some lawmakers who actually understand the fucking technology?

They understand the technology well enough. It's the Constitution they're having problems understanding.

They understand the Constitution well enough. They just don't care about it all that much. After all TERRORISTS and PROTECT THE CHILDREN (and the power grabs that these words enable them to achieve) are much more important to them than a 200+ year old piece of paper.

Remember when you guys applauded Holder...

[PeeAitchPee]

...just a few few days ago? How do you like him now? That's right, he's still smearing turds all over the Constitution, and having him gone will be one of the best things about Obama's terms finally ending.

Re:Remember when you guys applauded Holder...

[ganjadude]

i did no such thing

Re:Remember when you guys applauded Holder...

[fnj]

You win some, you lose some. Mr. Holder is a lot like just about everybody else in the government. They do a lot of good and a lot of evil, and it's all mixed up together. When they say or do good things you give them credit. When they say and do evil things you lambaste them. Or would you rather not run your life by ethics and logic?

Re:Remember when you guys applauded Holder...

[pushing-robot]

Technically this is the FBI, so you should be pissed off at Comey, not Holder. Comey is officially Holder's subordinate at the DoJ, though I'm not sure how much the FBI chief really answers for.

And you won't have to wait so long for Holder's departure; he announced his resignation months ago and Obama already tapped his replacement.

Re:Remember when you guys applauded Holder...

holder will be replaced with an establishment man.

you can NOT become a senior official unless you play ball,
Appointees are even less required to serve the public good
than an elected representative.

Clinton, Bush, Romney... regardless the appointee will serve the
establishment.

there is no such thing as a president who does not serve power.
All of his chosen men line up with the donors like iron filings
near a magnet.

want to change politics? want to influence politicians?

fund them.

wolf-pac.com

Re:Remember when you guys applauded Holder...

[g0bshiTe]

Ethics and logic when making a reference to government, I see what you did there!

Re:Remember when you guys applauded Holder...

[epyT-R]

That doesn't excuse the current trends towards heavy handed abuse of liberty.

fan hitting event on the horizon

[galaad2]

ALL major online email providers (google mail, yahoo, microsoft, etc.) and all major company networks work internally by using a VPN between the various locations that those companies have around the country/world... => they are going to be hacked... and this will raise an enormous shitstorm.

Re:fan hitting event on the horizon

[ShaunC]

ALL major online email providers (google mail, yahoo, microsoft, etc.)

That horse has already left the barn, they even poked fun at Google's internal setup with a doodle. There was no enormous shitstorm. Google responded by encrypting their internal traffic (or announcing that they did, anyway) and life went on. Millions upon millions of Americans simply don't care, and millions more actually want the government reading everyone's email because they think it protects us from them ay-rab turrists. Until the surveillance apparatus somehow fucks up football or The Voice or Pawn Stars, nobody's going to give a shit.

work from home users

[hawguy]

When I'm connected to my company's VPN connection, they route all of my traffic over that connection, sounds like this law is giving the feds carte blanche to hack all work-from-home users.

Re:work from home users

[squiggleslash]

That's not what's meant by VPN in this context.

For reasons I've never been entirely clear on, a lot of commercial proxy servers market themselves as "VPN providers", I'm guessing they offer connectivity via one of the common VPN protocols, but they resemble your office VPN the same way a legitimate business resembles a "Legitimate business".

Re:work from home users

[prehistoricman5]

So in order to get around isps bitching about too much netflix traffic someone uses a vpn. They may very well use one of these "VPN providers" that you claim exist to carry "legitimate traffic."

Usage of a VPN for non-business purposes doesn't automatically mean criminal activity. If the FBI knows a VPN provider is being marketed as a service for hiding criminal activity there is nothing stopping them from getting a warrant now - loosening the restrictions is just a power grab.

Re:work from home users

[DarkOx]

That's not what's meant by VPN in this context.

"context" don't make me laugh. There is no application of context to modern law. All sides take advantage. The words are stretched and the intents are ignored until the law can practically mean anything the AG wants it to mean that day. "VPN" already has plenty of interpretations in the tech world once the legal world gets hold of it, it is certain to be interpreted as just about anything that isn't a direct essentially the most direct path between hosts available using a plaintext protocol.

If you think otherwise you are crazy, or haven't been paying attention.

Re:work from home users

[CanadianMacFan]

When I had a contract with a local telco I would have to use a VPN in order to get onto a network with a test switch. The problem with I had was that I lost my access to the Internet with that connection. What I ended up doing was running the VPN in a virtual machine. My software ran in the virtual machine connecting to the test switch without a problem but the rest of my computer still had access to the Internet.

You could do the same and only your business stuff would be sent over the VPN. Of course the FBI might just listen to everything coming out of your connection instead of anything just on the VPN which would mean that this wouldn't work.

Re:work from home users

[squiggleslash]

This is a press release not a piece of legislation.

Re:work from home users

[garyebickford]

So this raises the question, "what if I use a VPN just to route around the snooping, domain-snatching, ad-insertion and cookie shenanigans that my ISP is perpetrating?"

Re:work from home users

[squiggleslash]

Different issue, but it's ultimately one of those times you recognize you're more likely to be under surveillance simply because you're doing something very similar to what a large number of other people are doing that's illegal. Not even necessarily a majority, but a large enough sub group that you'll be watched.

Think in terms of walking through the red light district in your local city at night, or getting groceries from a convenience store you know is a front for a drug dealing syndicate.

God damn Bush and Cheney

Once we kick those evil Rethuglicans out of power, we'll see the Democrats restore our rights.

Yeah, that worked out real well.

Are we beginning to see that the problem is the government itself, and not the particular party in power?

And are we beginning to see that giving that government more money is a really bad idea?

Re:God damn Bush and Cheney

[NetNed]

Beginning? You miss the last 15 to 20+ years or something?

Re:God damn Bush and Cheney

[g0bshiTe]

There's a difference there Bush had high profile terror attack to get the people behind him, once that happened he had carte blanche.

With Obama's sidestepping and reinterpretation of laws and the Constitution a very dangerous precedent has been set for us.

Re:God damn Bush and Cheney

[fnj]

Having the government collect and spend more money is an empowerment. It can empower good, and it can empower evil. You might want to consider that the problem is not the government itself. The government is made up of people. That is like saying the problem is people.

There are problems only the government can address, and you won't make any progress with those problems by strangling the government.

Re:God damn Bush and Cheney

[Uberbah]

Are we beginning to see that the problem is the government itself, and not the particular party in power?

If you've read so much Rand that you believe that keeping a mining company from dumping lead and arsenic into your drinking water is just as evil as illegal spying and assassinations, maybe. Cuz gubbmit.

Re:God damn Bush and Cheney

[DarkOx]

The problem is people, that is why we set a government up in the first place; primarily to protect ourselves from each other.

So yes government is the problem. It never can be anything better than a necessary evil. It should be restricted, strangled, starved, and otherwise impeded to the point it can only barely achieve its goal of protecting people from each other, with minimal efficacy. To allow it to get any bigger or more capable than that as we have done not only invites abuse but assures it.

Re:God damn Bush and Cheney

[garyebickford]

Most of what was in the Patriot Act was already in force under the War on Drugs, for use against Evil Drug Lords - wiretapping, etc. The Patriot Act just expanded those provisions into a much larger portion of society. IIRC, that is.

Re:God damn Bush and Cheney

[Uberbah]

Too busy with your tantrum to come up with a coherent response, Randian? Getting rid of government, cuz NSA, is as sensible as getting rid of all businesses, cuz Enron.

Or as asinine.

As always, dick measuring between agencies

[Trachman]

NSA and others do it and will do it no matter what the law says, while their dime eyed lawyers continue telling that they are defending our liberties. FBI was also doing it, but now that the discussion is public, there are same voices, probably in-house lawyers, who foresee a case in the future where the litigation is lost if FBI will continue lying using the paralel construction, like they (and all others) always did.

So now they want to legitimize something that is not legitimizable.

If everybody would be sending CD's

[Trachman]

That would be a waste of taxpayers money. Multiple jobs would need to be created to open the mail and to manually download the data.

Re:If everybody would be sending CD's

[g0bshiTe]

That's what the government is in business for, "wasting taxpayers money" at one time they were in the business of governing.

Re:If everybody would be sending CD's

[bluefoxlucid]

At one time, they were in the business of teaching grammar.

Re:If everybody would be sending CD's

[garyebickford]

That is the essential difference between the Stasi (East German Secret Police) and what some in the NSA want to do. The Stasi had to work with paper and actual human informants.

Hack my VPN?

[MobSwatter]

I use two factor auth'd VPN with Radius to access customer sites. I'd better warn my customers that the FBI is plotting to steal their credit card txn data. There could be no other explanation for this.

Just cause needed

[ITRambo]

Without just cause the FBI will become as contemptible as the former KGB, which I would expect to snoop without reason other than to intimidate and dig up dirt on people. USA: stop this please. You exist for the people, not the other way around.

Re:Just cause needed

[dablow]

Lol USGOV never existed for the people.....

And the FBI was worse than the KGB...they just had a better PR firm!

Re:Just cause needed

[neilo_1701D]

USA: stop this please. You exist for the people, not the other way around.

Republics exist for the people (res publica = public affairs). Empires tend towards having the people the subjects of the Emperor.

Is the USA a republic or an empire?

Ya know, FBI

[russotto]

That bit about "particularly describing the place to be searched, and the persons or things to be seized" isn't just a matter of criminal procedure. It actually comes from the constitution. Really -- check the restroom at headquarters, it's right there on the toilet paper.

Re:Ya know, FBI

[david_thornley]

OK, now define "place". I can refer to "someplace on the internet" without implying a physical location. I'm using the same sort of interpretation that gives bloggers rights, because blogging is considered free speech or freedom of the press, despite the word "blog" appearing nowhere in the First Amendment, no speech being involved (except for people who use text-to-speech interpreters), and no printing press being involved.

VPN hack Great for travellers

[cant_get_a_good_nick]

So, you use a VPN to avoid getting hacked by your local situation, then get hacked by your own government.

Re:VPN hack Great for travellers

[Kabukiwookie]

Don't worry, if you get hacked, the US government will always trace it back to 'North Korea' or 'Cyber ISIL'.

"as long as computer hidden behind technical tool"

[JoeyRox]

By that reasoning they can justify a search warrant if I close the drapes in my house.

Mix it up

[BobSwi]

I'm going to start using punch cards, along with a Live USB distro

Re:Mix it up

[Bob+the+Super+Hamste]

Punch cards won't protect you. Of all the places that would still be making use of them the US federal government seems the most likely.

Phase 1

[frovingslosh]

This is just Phase 1. Once this is in place then in Phase 2 if you ever use any service that uses https then you must be trying to hide something and so they can take all of your data. Same for any other use of encryption, you might be a criminal or terrorist hiding something. And if you ever send anything through the mail in a sealed envelope, well you must be a criminal trying to hide stuff.

Re:Phase 1

[Bengie]

http://yro.slashdot.org/story/...

If you want the moon, ask for the stars

[SailorSpork]

They seem to be asking for all of this, but I wonder which subset of these they actually expect to get. If they ask for 10 unreasonable things but only get one, will we celebrate, or mourn the loss of one more civil right to privacy?

Mantra

[NetNed]

It's the same thing we always hear all the time. The lines that are an attempt to fool the general public. It goes "We need "x" because we can't do our job, and if we can't do our job your "(family, kids, wife, money, future, home, the earth)" are all in danger, so do it for them!"

Re:Mantra

[Jason+Levine]

I agree. The pathetic thing is that they keep trying to frame these requests as "we really want to do our job well but can't because of X." All I hear is "Doing our job with X in place is too haaard!" in the same whiny voice a kid might use if asked to take out the garbage instead of playing video games. These attempts aren't "we can't do our job" requests, but attempts to change the system - which was put in place to prevent abuses - because they're just too lazy to work within the system the way they've done for a long time.

Re:Mantra

[meta-monkey]

Sure, but this should be pretty easy for them to get. I've seen headlines from the Silk Road case that the judge and jury are confused by the (and I quote) "mumbo jumbo" about Tor, and basically have no understanding of what it is.

Public: "The FBI wants to hack Tor? What's that?"
Feds: "It's the secret system pedophiles, drug dealers, and terrorists (also drug dealing, terrorist pedophiles) use."
Public: "Oh okay."

Re:Shine the light...

[epyT-R]

More wannabe tyrants cheering on the big tyrant..

Seeking privacy is now considered evidence?

[Gliscameria]

So we should expect no knock raids if we close our blinds?

The bank I work for would just love this.

[Jaywalk]

The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network.

Everything my employer does is via a VPN. This little change would be carte blanche for virtually all corporate communications within the United States. Even the company's internal networks would be laid bare if they're remotely accessible. The opportunities for abuse are staggering.

Re:The bank I work for would just love this.

[tekrat]

Apparently; the FBI wants their cut of the insider trading and rampant fraud happening at most banks.

Give it 3-5 years.

[kwiecmmm]

The first arrest that happens due to this, will result in appeals that will eventually get this rule overturned as unconstitutional.

This is no different than saying your neighbor committed a crime so we want to search your house as well due to proximity to him. A decent lawyer will be able to make the argument that just because you are on a TOR or a VPN does not mean you are doing something illegal.

TOR was created as a method to allow people in oppressed countries to speak freely, it is funny that the country that funded this is now going to be one of those oppressed countries.

Re:Give it 3-5 years.

[CanadianMacFan]

Who is going to overturn it? A bunch of judges that have never touched a computer in their lives?

Re:Give it 3-5 years.

[epyT-R]

Yeah, that's what they said about the shit in the patriot act.

Wow ...

[gstoddart]

So it's true ... when they outlaw privacy, only criminals will have privacy.

And then there's this:

Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.

We want extraterritorial laws, with no judicial oversight.

I'm sorry, but can the rest of the world decree that FBI agents should all be shot on sight as enemies of basic civil rights? The argument is about equally stupid as what the FBI claim.

America, you have a problem, and you are making it the problem of everyone on the planet.

Land of the free and home of the brave? You have to be fucking kidding us.

Re:Wow ...

[jdavidb]

America, you have a problem, and you are making it the problem of everyone on the planet.

Yes, we do. Please be sure not to equate us with our government, though.

Land of the free and home of the brave? You have to be fucking kidding us.

It's a big not-so-funny joke to us, too. :(

Re:Wow ...

[steelfood]

Land of the free and home of the brave? You have to be fucking kidding us.

You bought into that pile of marketing dog shit?

Reality is closer to land of the diminishingly-freer, home of the cowardly and ignorant but loud.

We're still freer than most countries (for example, we have hate crime laws, but no hate speech laws) and without a strong American traditional culture, more tolerant, which is freedom in a different sense. But we're not that much freer, and we're losing what we have little by little.

Bad Guys Aren't Stupid

[BoRegardless]

Some already avoid email & might use pictures w/steganography.

Re:Bad Guys Aren't Stupid

[Bob+the+Super+Hamste]

If they were actually smart they would just use TrueCrypt containers. The computation necessary to break that should make it secure enough (heat death of the universe provided TrueCrypt was implemented properly). Then for some shits and giggles just to make the feds waste a bunch of resources make some TrueCrypt containers filled with cat pictures, the text of the US constitution, the Declaration of Independence, goatse, etc. or just dump out a bunch of data from /dev/random or random.org to a file.

Let's see if I got this right

[real+gumby]

The US government funded Tor development and encourages its use as a way to avoid repressive governments and then considers its use in the US to be a suspcious act.

The irony, it burns!

Re:Let's see if I got this right

[jandrese]

Those repressive governments consider it to be suspicious as well. Go figure.

Re:Let's see if I got this right

[Actually,+I+do+RTFA]

The part of government trying to overthrow repressive governments invents it. Different part of the government, different goals.

Re:Let's see if I got this right

[AHuxley]

Yes the anonymity and privacy part is for well funded NGO's, journalists and activists to help with Colour revolutions https://en.wikipedia.org/wiki/... in other parts of the world.
The use of the same networks now has a legal backing to remove anonymity and privacy. Anonymity is removed by tracking to uncover the original ip on any type of network used.
Privacy is removed by using malware to capture the plain text of any message as entered.
The tracking of all whistleblowers as they try to contact any journalist would now be legal. The journalist would be bait, all press websites nothing more than tracking websites.
Offer a journalist a news story, get it published, get a court order as the story was real, track everyone who then makes contact.
A well published journalist is now a false-front website for the next few years. From parallel construction to just construction.

4th amendment requires specifics

[MobyDisk]

From the article:

...without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants...

Text of the 4th amendment to the constitution:

The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The article is light on details, but if it is accurate, this looks like a straightforward violation of the 4th amendment. The devil is always in the details though. The article may be an oversimplification.

Re:4th amendment requires specifics

[omnichad]

Unless you are like our government and say that VPN or Tor = probable cause.

Re:4th amendment requires specifics

[MobyDisk]

I don't think the term "probable cause" means "can conduct a search without a warrant." Rather, "probable cause" is justification for a warrant to be issued. But I think people get confused on this point because the courts have made exceptions for motor vehicles and that gets mixed up with "probable cause."

http://en.wikipedia.org/wiki/F...

Re:4th amendment requires specifics

[omnichad]

They are still getting warrants. Just non-specific ones. In other words, the use of encryption at all is an assumption of illegal activity and worthy of a warrant. Which is completely invalid, of course.

The thing to be searched is specified (at a John/Jane Doe level - which case law supports) so I don't see why it's a 4th amendment violation on those grounds. The "why" is non-specific but encryption alone is being called probable cause. That's the violation.

Re:4th amendment requires specifics

[MobyDisk]

Ahhh, I get it. Thanks.

If they can so can others

[ic3m4n1]

What they are saying is that it is possible by some technical means to hack secure networks.
How long till others figure this out and exploits are in wild.

It would be interesting to see how banks and online businesses(Visa, Mastercards, etc) explain how their networks are secure if some teen can snoop into it from his basement and show off his h33t h4x0r skills.

Politics

[Libertarian_Geek]

So, if an opposing campaign uses VPN to secure their communications, it makes them a target by the sitting executive branch party.
Guess we won't hear anything about this on the SOTU.

Here is the solution

[davydagger]

Here is the solution. Before someone tries doing anything dumb, aggressive, that would hardly be noticed and not be effective, lets do something that will truley kick 'em in the pants:

go on strike!

They need us more than we need them. Its aparant. I am sick of being viewed as a terrorist when they need people like us to perpetrate their new digital wars. This is the last straw that broke the camel's back. I am sick of media propaganda making us all out to be anti-social terrorists. I am sick of being view as "crazy". I am sick of this fucking bullshit, while other obvious fuck ups in mainstream society get a pass. I am sick of being a perminant suspect, especially when my actions are what makes me valuable to the same people after me.

The plan:
1. Stop working for them. Don't get a job doing computers for LE, Corrections, Intellegence, or Military
2. Don't give them advice and recommendations, further than "stop treating me like a terrorist". Stop giving them recommendations that would help them against their other victims
3. If someone asks you to put a backdoor in any piece of hardware or software just say no, and go to the press/wikileaks
4. Don't be affraid to leak pertinant evidence of their otherwise wrongdoing to the press/leaks organization. They make no bones about investigating you or smearing you as a terrorist/mental patient/criminal. Don't be affraid to do the same to them
5. Communicate to your fellow techies what we are doing and why. Heckle recruiters and warn n00bs to try and get other people to do the same.
6. Co-operate as little allowed by law with any of the organizations mentioned in point one. If you can afford to do so, commit civil disobediance, make sure you have a lawyer handy.

7. Stand in solidarity with everyone else getting picked on unfairly. Stop the bullying by saying "I simply won't believe their crap", and tell other people how you feel.

Lets stand united and do this.

What happened to the constitution?

So where exactly do they find this right in the constitution?

As a warrant must specify exactly the place and thing being searched for and must be approved by a Judge.

Clearly a broad power grab like this violates all intents and purposes of the law. /soapbox

Google Mail Needs Random Sigs

[Maltheus]

What's needed is for a popular news client to have the option of automatically adding a random .sig to every e-mail like:

53dd73cb10a1540c9d3adb36fd8cd0d8f5b2ef736a4a23a07d6d2a80c88e907f

Could be random, could be encrypted. The police state types would be overwhelmed in no time.

Baseless fearmongering at its finest

[Tuckdogg]

Articles like this often get written because the author doesn't really understand the law, and rather than really trying to understand what's going on they just guess. The claims made in this article are so wildly off-base, however, that it makes me question whether the author is just trolling people.

Contrary to what the article suggests, Federal Criminal Rule 41(b) does not have a thing to do with what evidence law enforcement agencies are required to show to get a warrant, nor does it authorize the FBI (or anyone else) to get any particular type of warrant. Rule 41(b) is about VENUE; e.g., if you've already got enough evidence to get a search warrant, what judge (in what federal District) is the judge that you are supposed to present that evidence to?

You can read Rule 41(b) here: http://www.law.cornell.edu/rul...

The basic rule it sets out is that, when you want a warrant, you ask a judge located within the District where the person/property you want to search is located. There are exceptions to that basic rule, much like any other rule, because it's not always a simple matter of "X is located here." Sometimes things are located across several different Districts, sometimes they're mobile and can be easily moved to another District, etc. This is why there are currently 5 subsections to 41(b), each dealing with slightly different semi-unusual factual scenarios. At the end of the day, each exception is there for a very simple reason: to clearly and unambiguously tell federal law enforcement agencies how to identify the judge they are supposed to go to if they want to get a search warrant.

The proposal for changing Rule 41(b) is located here: http://justsecurity.org/wp-con...

What the DOJ is asking for is a scenario not currently covered by Rule 41(b). That being...what happens if you are dealing with someone you know to have committed a crime, you have enough evidence to get a search warrant, but the perpetrator of the crime is using some sort of technological means (like encryption, IP masking, etc.) to prevent you from finding the exact physical location of whatever you want to search? As of right now, it is not clear who the right judge would be to issue that warrant. The only thing the proposal would do is say that, if you can't identify the physical location of the computer to be searched (and therefore do not know which federal District it's located in), then you can go get your warrant from a judge in the District where the target of the crime was located.

Example: I'm an evil h@xx3r, and I hack some computers at the GooglePlex. I have masked my IP address, so the FBI does not know exactly where I'm at. Under current Rule 41(b), it's not clear who the right judge would be to try to get a warrant from. Under "new" Rule 41(b), they can go to a judge in California since that's where the GooglePlex is located.

That's literally the only thing this proposal would change. It says nothing about VPNs or TOR networks. It does not give the FBI (or any other law enforcement agency) the authority to hack your computer or your phone whenever they want. It doesn't even grant them the authority to do that with a warrant, because they already have the ability to do that with a warrant. It also doesn't say anything about how much evidence they have to present to get the warrant, because Rule 41(b) has nothing to do with that. The standards for search warrants are exactly the same as they have been for years; this proposal would only clarify who the right judge is to issue the warrant.

I don't know a whole heck of a lot about the "FEE" is, but if this article is representative of their work and/or legal abilities then color me unimpressed.

Re:Baseless fearmongering at its finest

[dcollins117]

Don't be a spoilsport. We were having a lot of fun until you showed up with your actual facts and rational explanations.

Re:Baseless fearmongering at its finest

[h4x0t]

Thanks, Tuck. TFA was pretty devoid of source material.

What you know is not what is going to bite you ...

Most people seem to have skipped this gem:

it would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses)

That, in effect, means that pretty-much every computer can be entered. Worse, as the user is mostly unaware of any malware or viri on his computer (duh!), he can be searched without knowing/realizing why that might be.

When this relaxing of permission gets granted it would also be quite interresting to see what kind of programs get classified as "viri", or even easier "malware". I get the feeling that than anyone who installs some tools or game and gets a toolbar installed will be easy prey for "the buro" ...

Treason is one reason for the existence of 2nd

[mpercy]

Ever heard of that treasonous document that starts out "When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation."?

It goes on to say: "Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."

The signers of the Declaration of Independence and the people who fought for the Colonies independence were committing treason.

Indeed, the 2nd Amendment self-state purpose is to allow the citizens to preserve their freedom from a despotic federal government that was being formed by the same document. Rather, the government being formed could become despotic and need to be thrown off, and the the 2nd provides the basis for that.

This is pretty clear from various Founder's explanations, e.g. Alexander Hamliton "[I]f circumstances should at any time oblige the government to form an army of any magnitude[, ] that army can never be formidable to the liberties of the people while there is a large body of citizens, little, if at all, inferior to them in discipline and the use of arms, who stand ready to defend their own rights and those of their fellow-citizens."

The Framers had *just* completed an armed (and treasonous) insurrection of their own, and were keenly aware of the fact that any government they might form could (and probably would) become despotic. The 2nd at least put a floor under the people's ability to fight back against that potential.

Re:Treason is one reason for the existence of 2nd

[harperska]

First off, the Declaration of Independence was a call to arms, not a legally binding precedent. Only the Constitution can be used as the source of what is considered legal. Second, Using the second amendment to rationalize treason is absurd. The second amendment and the treason clauses are both within the framework of the US government. If you are planning on using the Declaration of Independence as precedent, you are talking about overthrowing the US government, which means throwing out the Constitution and starting over. So if you consider what the Constitution has to say about treason to be moot, you likewise must consider what the Constitution has to say about bearing arms to be moot as well, as you are declaring the Declaration of Independence to supersede the Constitution in its entirety.

Re:Treason is one reason for the existence of 2nd

[ebyrob]

... against all enemies foreign AND DOMESTIC. You can throw out the corrupted implementation and keep the founding document quite easily. Maybe minus a couple hundred of the latter amendments. (minus 3 or so good ones: equal rights for women and race, Miranda etc.)

reverse tunnel to other FBI networks

[ruir]

installed without PC owners knowing as malware.... should provide hours of fun to the FBI.

Re:certainly I expect the blowback

[ron_ivi]

that is prohibited by law

s/is/was/

This proposed law changes that.

Re:certainly I expect the blowback

[JRV31]

Since when do governments follow laws? Laws exist just to keep us common folk in line. And the powers that be in power.

Re: Unconstitutional too

[DanielRavenNest]

The Fourth Amendment reads in part:

> "...and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized ."

This looks like an attempt to get around that provision. Sorry, FBI, you actually have to do police work.

Re: Free Markets

[DanielRavenNest]

The free market method is to offer "dead or alive" bounties on whoever dumped in your water system, and let competition sort it out. One mining company might do it once, but after that, the rest would have an object lesson.

Stuxnet

[phorm]

Supposedly, so were the centrifuges targeted by Stuxnet.

The outside of the envelope is one thing

[mpercy]

The inside still requires a warrant.

Re:You guys are ridiculous

[davydagger]

only a tiny fraction of computer users are talented enough to get a job. The ones that are really good with computers tend to be more aware of rights. Awareness would make this work, but in history, strikes, slowdowns, etc... have been very effective.

The feds already have a hard time, many geeks are already more aware, intellegent and active than the typical person, and more prone to action as well. It really would not take much to make a point. Many of them are also involved activities that disqualify them from federal service anyhow, and it wouldn't take much agitating to open up old wounds the feds try and closing by loosening restrictions.

If you care about this issue, the absolute best thing you can do is give money.... to the lobbies...

See thats the hipster problem is thinking like that, and it can do anything. If you can get enough people to donate, you can make an effective boycott. This is why hipsters fail at politics and have next to zero clout, but instead make a fuckton of noise and no one cares. This is also why when some dumb hipster comes into a webforums asking for support people laugh at them, and the reason why no one really gives a fuck about turning out the polls, and people think you are just a bunch of shills. Hipsters like to pretend they have political clout, but all they are foot soliders for lobbyists. Its very obvious and very showing to everyone but themselves. They don't have power, power has them. You demand inaction and blind support in lobbies, even ones I agree with is a terrible idea. I do agree donating to the ALCU and EFF is a good, but its not enough.

In short, a boycott will be effective if you want it to be effective. In addition to boycotting you can also support the EFF and ALCU, I don't see why you can't do both. At very least I call on the EFF and ALCU to donate some lawyers to people who plan civil disobediance against federal government shenanigans. I'm proud to support both the EFF and ALCU, and if you truely support the mission of both you should support my plan.

My idea doesn't require a ton of people, and if it fails the worst that happens is nothing. You have nothing to loose, and everything to gain in making a few friends and perhaps steering them into activism with the EFF, ALCU and other such groups.

What is actually happening

[Etherwalk]

I wouldn't be surprised if people put up honeypots on Tor just to mess with 'em, and log all of the output over serial or something so that even if they get in, they can't purge the logs of their attempts.

Search warrants are still subject to constitutional requirements of reason and due process; this is a procedural rule independent of that.

It will allow a judge to issue the warrant even if the FBI or police are not sure what judicial district it's happening in. It's important to let a magistrate judge approve a warrant on that basis, because the current rule 41(b) does not provide for it except in terrorism cases. So if you have someone selling hard drugs online, for example, but the government can't tell whether they are located inside the United States or not, this provides a way for them to get a warrant to search.

See the proposed rule (from last November) on page 111 of http://www.uscourts.gov/uscour...

The old one is here: http://www.law.cornell.edu/rul...

Re: What is actually happening

[Rujiel]

That's no reassurance.If they can't get a warrant, they can always resort to a national security letter or a gag order.

Re:What is actually happening

[Cederic]

It's still illegal in the UK and if the FBI hack my computer then I will initiate legal action against them for it.

Re:What is actually happening

[gweihir]

There is just a slight problem: For TOR, most users will not be in the US, and the warrant will be completely invalid.

Re:What is actually happening

[Etherwalk]

It will allow a judge to issue the warrant even if the FBI or police are not sure what judicial district it's happening in.

Sounds like it will also allow a judge to issue a warrant when all I am "guilty" of is telecommuting.

Yes, it *sounds* like that, if you don't remember the constitution and due process parts. This is about which judge is able to issue a search warrant, *not* about whether the police have met the requirements for a search warrant based on probable cause (or falling within a few exceptions, like border searches).

Re:What is actually happening

[Rich0]

It's still illegal in the UK and if the FBI hack my computer then I will initiate legal action against them for it.

Sure, and they'll just ignore your legal action. It isn't like the FBI is going to show up in a UK court to defend their actions. They'll just send an apology by way of the state department that they had a hunch you might be a terrorist and that they'd have told the UK in advance if they had realized that was where you were, and the UK government will say, "yeah, we know how that goes, thanks for the letter!"

I'm not entirely sure whether there is a better solution besides decriminalizing stuff that the FBI shouldn't be harassing people about in the first place. For genuine serious crimes where they have a lead on tor and the means to investigate but no way to tell what borders that investigation will take them across, I'm not sure what could be done besides act first and apologize later. Absent some kind of international jurisdiction for internet crimes I'm not sure what any individual country can do.

Re:What is actually happening

[Rich0]

There is just a slight problem: For TOR, most users will not be in the US, and the warrant will be completely invalid.

Agree, but the victims of the invalid warrant will also be without recourse.

Re:What is actually happening

[Hydian]

It *sounds* like that because that is what they are asking for according to the article:

Now the FBI is asking for the authority to hack into and search devices without identifying any of the essential whos, whats, wheres, or whys — giving the FBI the authority to search your computer, tablet, or smartphone even if you are in no way suspected of a crime.

By the same logic of the FBI

The 4th amendment is invalid if you have door locks on your home. After all, if you have door locks it is proof that you have something to hide, so the FBI ought to bust in the door without a warrant. If you don't have door locks since you have nothing to hide and your door is unlocked you are legally obliged to let the FBI in anytime they want without a warrant.

Re:Fuck You

[Triklyn]

... you realize that watching geoblocked TV is of questionable legality right? not saying it's particularly egregious or necessarily wrong, or that the content producer even cares, but they might wish to retain you as a customer for like, dvd sales.

SOX, HIPAA, SEC & other regs

[prgrmr]

There are a host of federal regulations regarding maintaining the privacy of data that necessitate the use of corporate VPNs. Were the FBI to hack a corporate VPN and expose regulated data to the internet or the public via documents in an open hearing, the circus that would ensue as the Attorney General would try to explain how the FBI is exempt from all of those regs would be both entertaining and horrific.

You do not have to latch if you are innocent

[paiute]

My Lord, I request permission to knock in any door in Boston which my men find latched.

Re:Fuck You

[Stormwatch]

Then you're violating copyrights, and that is worse than murder!

LOL

[sentiblue]

I can understand allowing the feds to hack TOR users... but VPN? Pretty much 100% of corporate environments these days use VPN... they make it sound like VPN is such an underground tool that harbors illegal activities.

Disaster Recovery!

[Mariner28]

Now that the FBI is handling my corporate penetration testing for me, how to I contact the NSA to arrange for online backup/restoral and disaster recovery? What better use of federal corporate taxes! ;-)

Re:Disaster Recovery!

[jmccue]

backup is already in place, as always the problem is getting it restored -- ie: 9-track tapes

Re:Disaster Recovery!

[Rich0]

Now that the FBI is handling my corporate penetration testing for me, how to I contact the NSA to arrange for online backup/restoral and disaster recovery? What better use of federal corporate taxes! ;-)

You say that as a joke, but there is actually a serious side to this.

The fact is that big brother is already well on their way to tracking everything that everybody on the planet does. And yet, in the US we have these crazy ideas like not wanting to have federal government IDs and such which holds back all kinds of progress. Imagine if you could get a government ID that in addition to the usual photo ID card has a smartcard on it for online authentication, and maybe even an acoustic modem for over-phone authentication. You could eliminate most forms of identity theft overnight.

The whole reason we resist stuff like this is that we don't want the government/corporations/etc tracking us. The thing is, they already do it. When you have enough scale and enough data to aggregate you can get around the need for tidy unique IDs assigned to each individual. However, this solution means that only huge organizations can track you - small companies then can't compete as effectively, and you don't benefit personally either.

For all we know the NSA probably has half of our hard drives fully copied onto their servers. Since they're going to do that whether we want them to or not, we might as well actually get some of the benefits of that...

Even Better

[nehumanuscrede]

"Wait till your corporations trade secrets are leaked because the FBI's collector was insecure."

Wait till your infrastructure dies because the FBI or some other three letter agency is poking around in your systems trying to install a backdoor or exploit. High end routers are expensive, but loss of data or business because of some G-man trying to hack your hardware is on another level entirely.

Re:Even Better

[Frobnicator]

Wait till your infrastructure dies because the FBI or some other three letter agency is poking around in your systems trying to install a backdoor or exploit.

Seems like you missed the news on that.

Last May, as part of Glenn Greenwald's book, the NSA's process of supply-chain interdiction was exposed. They would intercept shipments of Cisco hardware, install the back doors, replace factory seals, and put it back into the shipping chain. One story. And another.

Cisco's response was somewhat curious. It wasn't outrage. It wasn't a lawsuit. It wasn't an emotional response. It was a calm, publicly released letter addressed to President Obama about trust and confidence. Nowhere in their public statements do they say anything about surprise, or about lack of knowledge that it was happening, or that they were not complicit.

Nope, it is an open letter asking the government to restore trust and confidence. It reads like the company was asking "please don't let these secrets go public again."

It is widely believed -- and documented -- that government agencies have already inserted various backdoors into Cisco corporate security products. It is also likely that the companies know full well about their products being intercepted and modified by the government, and that Cisco and others are helping the various agencies by tagging the products to be modified.

Source?

[h4x0t]

By what means are they attempting to change this 'Federal Rule 41 (b)'? TFA says nothing other than 'They are trying to'. What is the mechanism by which this is accomplished?

TOR nodes

[fustakrakich]

The fact that they are distinguishable from regular traffic makes the damn thing completely useless, worse than useless, it attracts attention like a flare. If you can't blend in, you're doing it wrong.

And, you know, screw the FBI. They're going to do what they want, and nothing will come of it. Despite it all, they stand as tall as they ever did. And 95% of congress will win reelection next year. I guess all this ongoing chatter is just venting. Tomorrow? It's back to work...

Article author is confused

[harlows_monkeys]

The author is confused. See this discussion on HN where a lawyer or two explain what is actually going on.

Basically, nothing is changing concerning the substantive requirements for a warrant. All that is changing is which judges can issue a warrant after the police have satisfied all the requirements of the Constitution and of the Federal Rules of Criminal Procedure. Suppose a crime took place in district X, using a computer in district Y. Before, the police would have to go to a judge in district Y. After the change, they will be able to go to a judge in district X if and only if something like TOR or VPN was used that prevents them from determining Y.

So US VPN providers are dead

[Karmashock]

That's all this means. They're going to have a harder time using this nonsense outside of US jurisdiction. So that means the whole US tech sector that was hoping to get the world to log into US cloud data centers is dead.

That's all these insane politicians and regulatory agencies have accomplished. The whole thing will just be moved to Sweden or Ireland or something where FBI orders are ultimately ignorable.

Re:certainly I expect the blowback

[kwbauer]

No, this changes a regulation. Contrary to popular belief, POTUS cannot change the law.

Re:You guys are ridiculous

[davydagger]

then mabey you could help?

What is the worst that could happen?

Nothing. Nothing happening is the worst that could happen. If you truely support Snowden, then support the type of activism he did. We have information on the government because he acted. More people need to act.

Hit The Little Guy

[jman.org]

And just how many legitimate small businesses run vpn over the open internet to connect their offices?

This is, alas the "guns don't kill people" argument all over again. The weapon (or in this case, technology) is in and of itself not the problem. It's the way it gets used by a small subset of those who employ it.

drawbacks for edata

[perih60]

i do not live in the usa , a law has been passed whereby doctors now have to write medical patient notes on a computer !! this is not a joke , " my government " has ordered my doctor to put all the MEDICAL details on to a pc ! in hospitals because of this new law doctors have told me that it takes them much longer to retrive data than before . from their perspective it was much easier using charts . and considering that about 60% of the money in the " healthbudget " goes to administration , 60% . so as there are a lot of clarks able to have acsess to info they do not need , nor do i see a reason for politicen to know , or have acsess to our medical info . or sell info to a 3rd party . we have problems mainly in the tax dept, and social securety , people selling other peoples personal info . taking everything into account as they would have said in 1984 this is" double plus ungood " we are already at the point best displayed in the movie " modern times " cameras everywhere ( in modern times there is even one in the loo ) but in my opinion forcing a GP to put everything into electronic storage ( cycles , nocturnal emissions should stay private ), is much more dangerous . lastly because i have certain ailments it is important that i put appointments ect on my cheap old handy ( cellphone ) , and just because i happen to be in a park does NOT mean all that info is in the open wether i'm talking on the phone or not , because i only discuss some things with my doctors ! writting in a diary could be done ,however that would sepperate the info , this hightens the inconvenience of needing to remember to have a working pen and diary as well . do people in general not see the difference between secrecy and plain old fashon privacy ?

We can conclude

[NewYork]

Internet is HONEYPOT.

VPN = any company

[ancientmyth]

Any law created is to pursue those they have jurisdiction. In this case, its citizens. Any company that uses remote users have VPNs. Any browser that 'can' use TOR will becomethat allows remote users use a VPN. This will put any company that does works or resides in the US at risk. If you use TOR to browse, this will allow them to