Slashdot Mirror
FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN
SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.
If the FBI starts to attack Tor and VPN users, those users are going to fight back. If they are not in the US the FBI might not be able to stop them doing it either.
All this kind of thing does is make the US a more legitimate target for cyber attacks. The NSA and GCHQ are already fair game for hacking because they try to illegally hack you, so it's just self defence.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
1. Run FF via TOR using valgrind.
2. Trace data flow
3. Harvest Exploit
4. Harden FF
5. Sell Exploit
Or if you know somebody who has used TOR or a VPN. Or if you know what TOR or VPN is. Or if you might know somebody who might possibly know someone else who could know what TOR or VPN is. In fact, the FBI just wants to hack you.
My computer is not so well shielded against attacks. And you might want to take a good look at that "terror_cells_US.docx" file. Yes, you may have to activate macros, it has a bit of active content.
What? Me hack the FBI? I swear, I never even thought about it. I had this proof of concept for how to infest even well guarded VM-secured analysis centers to the point of taking them offline or making them my bitch on my PC but I have no idea how it got there...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
but if you use it, that is grounds for us to take it away.
Makes perfect sense in an inside the belt way sort of way.
So the Postal service is still the most secure legally protected method for sending data. Just mail CDs.
then the FBI should have the authority to put cameras in your house. Right?
Boy, I can imagine all of the companies that have employees connect through VPNs to do confidential work will love this. I work for an internationally-based corporation that has me on a VPN before I can even BEGIN to work and I would imagine they'll be pretty pissed off if the FBI is legally hacking into their private systems.
This is such bullshit. When are we going to get some lawmakers who actually understand the fucking technology?
Such idiots...
...just a few few days ago? How do you like him now? That's right, he's still smearing turds all over the Constitution, and having him gone will be one of the best things about Obama's terms finally ending.
ALL major online email providers (google mail, yahoo, microsoft, etc.) and all major company networks work internally by using a VPN between the various locations that those companies have around the country/world... => they are going to be hacked... and this will raise an enormous shitstorm.
root@127.0.0.1
When I'm connected to my company's VPN connection, they route all of my traffic over that connection, sounds like this law is giving the feds carte blanche to hack all work-from-home users.
Once we kick those evil Rethuglicans out of power, we'll see the Democrats restore our rights.
Yeah, that worked out real well.
Are we beginning to see that the problem is the government itself, and not the particular party in power?
And are we beginning to see that giving that government more money is a really bad idea?
NSA and others do it and will do it no matter what the law says, while their dime eyed lawyers continue telling that they are defending our liberties. FBI was also doing it, but now that the discussion is public, there are same voices, probably in-house lawyers, who foresee a case in the future where the litigation is lost if FBI will continue lying using the paralel construction, like they (and all others) always did.
So now they want to legitimize something that is not legitimizable.
They don't need to enter your home, locked or not, anymore:
http://www.usatoday.com/story/...
New police radars can 'see' inside homes
At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance.
Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person's house without first obtaining a search warrant.
The radars work like finely tuned motion detectors, using radio waves to zero in on movements as slight as human breathing from a distance of more than 50 feet. They can detect whether anyone is inside of a house, where they are and whether they are moving.
Current and former federal officials say the information is critical for keeping officers safe if they need to storm buildings or rescue hostages. But privacy advocates and judges have nonetheless expressed concern about the circumstances in which law enforcement agencies may be using the radars — and the fact that they have so far done so without public scrutiny.
So, you use a VPN to avoid getting hacked by your local situation, then get hacked by your own government.
This is just Phase 1. Once this is in place then in Phase 2 if you ever use any service that uses https then you must be trying to hide something and so they can take all of your data. Same for any other use of encryption, you might be a criminal or terrorist hiding something. And if you ever send anything through the mail in a sealed envelope, well you must be a criminal trying to hide stuff.
I'm an American. I love this country and the freedoms that we used to have.
They seem to be asking for all of this, but I wonder which subset of these they actually expect to get. If they ask for 10 unreasonable things but only get one, will we celebrate, or mourn the loss of one more civil right to privacy?
Everything my employer does is via a VPN. This little change would be carte blanche for virtually all corporate communications within the United States. Even the company's internal networks would be laid bare if they're remotely accessible. The opportunities for abuse are staggering.
===== Murphy's Law is recursive. =====
The first arrest that happens due to this, will result in appeals that will eventually get this rule overturned as unconstitutional.
This is no different than saying your neighbor committed a crime so we want to search your house as well due to proximity to him. A decent lawyer will be able to make the argument that just because you are on a TOR or a VPN does not mean you are doing something illegal.
TOR was created as a method to allow people in oppressed countries to speak freely, it is funny that the country that funded this is now going to be one of those oppressed countries.
So it's true ... when they outlaw privacy, only criminals will have privacy.
And then there's this:
We want extraterritorial laws, with no judicial oversight.
I'm sorry, but can the rest of the world decree that FBI agents should all be shot on sight as enemies of basic civil rights? The argument is about equally stupid as what the FBI claim.
America, you have a problem, and you are making it the problem of everyone on the planet.
Land of the free and home of the brave? You have to be fucking kidding us.
Lost at C:>. Found at C.
At one time, they were in the business of teaching grammar.
Support my political activism on Patreon.
The US government funded Tor development and encourages its use as a way to avoid repressive governments and then considers its use in the US to be a suspcious act.
The irony, it burns!
From the article:
...without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants...
Text of the 4th amendment to the constitution:
The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The article is light on details, but if it is accurate, this looks like a straightforward violation of the 4th amendment. The devil is always in the details though. The article may be an oversimplification.
And what proof do you have of that? What assurances do you have they don't abuse this?
Sorry, but assuming law enforcement gives a shit about the law, or will follow it, is now such a naive and moronic statement as to be bordering on delusional. Increasingly, law enforcement wants to get around the law and oversight, and just do whatever the hell they want.
Which means you more or less have to assume they're going to misuse every tool in the book, and treat them like children.
And a valid warrant? Don't make me fucking laugh. How many times have law enforcement broken into the wrong damned home and killed some poor schmuck who wasn't doing anything other than defending his home from masked assailants?
I'm long past the point where I trust the actions, motivations, or ethics of the fucking police.
Because apparently they either don't know the law, or don't care.
Which is precisely why people don't trust them, and are growing hostile to them. If collectively the police don't give a shit about our rights, WTF would we give them more power with less oversight.
Sorry, but this is bad policing by agencies who find following the law too inconvenient.
Lost at C:>. Found at C.
At this rate, it won't be long before a Faraday cage becomes an option for your new home.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
And then they'll outlaw that.
Essentially anything which interferes with their ability to monitor your without restriction is now being deemed illegal.
Soon, they'll make it illegal to have secrets in your head, and you must submit to mandatory questioning and reeducation.
Sorry, but America has jumped the shark, and is taking down the whole world with them.
And for some reason, people are blindly accepting this crap.
Lost at C:>. Found at C.
Articles like this often get written because the author doesn't really understand the law, and rather than really trying to understand what's going on they just guess. The claims made in this article are so wildly off-base, however, that it makes me question whether the author is just trolling people.
Contrary to what the article suggests, Federal Criminal Rule 41(b) does not have a thing to do with what evidence law enforcement agencies are required to show to get a warrant, nor does it authorize the FBI (or anyone else) to get any particular type of warrant. Rule 41(b) is about VENUE; e.g., if you've already got enough evidence to get a search warrant, what judge (in what federal District) is the judge that you are supposed to present that evidence to?
You can read Rule 41(b) here: http://www.law.cornell.edu/rul...
The basic rule it sets out is that, when you want a warrant, you ask a judge located within the District where the person/property you want to search is located. There are exceptions to that basic rule, much like any other rule, because it's not always a simple matter of "X is located here." Sometimes things are located across several different Districts, sometimes they're mobile and can be easily moved to another District, etc. This is why there are currently 5 subsections to 41(b), each dealing with slightly different semi-unusual factual scenarios. At the end of the day, each exception is there for a very simple reason: to clearly and unambiguously tell federal law enforcement agencies how to identify the judge they are supposed to go to if they want to get a search warrant.
The proposal for changing Rule 41(b) is located here: http://justsecurity.org/wp-con...
What the DOJ is asking for is a scenario not currently covered by Rule 41(b). That being...what happens if you are dealing with someone you know to have committed a crime, you have enough evidence to get a search warrant, but the perpetrator of the crime is using some sort of technological means (like encryption, IP masking, etc.) to prevent you from finding the exact physical location of whatever you want to search? As of right now, it is not clear who the right judge would be to issue that warrant. The only thing the proposal would do is say that, if you can't identify the physical location of the computer to be searched (and therefore do not know which federal District it's located in), then you can go get your warrant from a judge in the District where the target of the crime was located.
Example: I'm an evil h@xx3r, and I hack some computers at the GooglePlex. I have masked my IP address, so the FBI does not know exactly where I'm at. Under current Rule 41(b), it's not clear who the right judge would be to try to get a warrant from. Under "new" Rule 41(b), they can go to a judge in California since that's where the GooglePlex is located.
That's literally the only thing this proposal would change. It says nothing about VPNs or TOR networks. It does not give the FBI (or any other law enforcement agency) the authority to hack your computer or your phone whenever they want. It doesn't even grant them the authority to do that with a warrant, because they already have the ability to do that with a warrant. It also doesn't say anything about how much evidence they have to present to get the warrant, because Rule 41(b) has nothing to do with that. The standards for search warrants are exactly the same as they have been for years; this proposal would only clarify who the right judge is to issue the warrant.
I don't know a whole heck of a lot about the "FEE" is, but if this article is representative of their work and/or legal abilities then color me unimpressed.
Tuck
Tuck's Journal.
Most people seem to have skipped this gem:
That, in effect, means that pretty-much every computer can be entered. Worse, as the user is mostly unaware of any malware or viri on his computer (duh!), he can be searched without knowing/realizing why that might be.
When this relaxing of permission gets granted it would also be quite interresting to see what kind of programs get classified as "viri", or even easier "malware". I get the feeling that than anyone who installs some tools or game and gets a toolbar installed will be easy prey for "the buro" ...
Ever heard of that treasonous document that starts out "When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation."?
It goes on to say: "Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."
The signers of the Declaration of Independence and the people who fought for the Colonies independence were committing treason.
Indeed, the 2nd Amendment self-state purpose is to allow the citizens to preserve their freedom from a despotic federal government that was being formed by the same document. Rather, the government being formed could become despotic and need to be thrown off, and the the 2nd provides the basis for that.
This is pretty clear from various Founder's explanations, e.g. Alexander Hamliton "[I]f circumstances should at any time oblige the government to form an army of any magnitude[, ] that army can never be formidable to the liberties of the people while there is a large body of citizens, little, if at all, inferior to them in discipline and the use of arms, who stand ready to defend their own rights and those of their fellow-citizens."
The Framers had *just* completed an armed (and treasonous) insurrection of their own, and were keenly aware of the fact that any government they might form could (and probably would) become despotic. The 2nd at least put a floor under the people's ability to fight back against that potential.
installed without PC owners knowing as malware.... should provide hours of fun to the FBI.
The feds already have a hard time, many geeks are already more aware, intellegent and active than the typical person, and more prone to action as well. It really would not take much to make a point. Many of them are also involved activities that disqualify them from federal service anyhow, and it wouldn't take much agitating to open up old wounds the feds try and closing by loosening restrictions.
If you care about this issue, the absolute best thing you can do is give money.... to the lobbies...
See thats the hipster problem is thinking like that, and it can do anything. If you can get enough people to donate, you can make an effective boycott. This is why hipsters fail at politics and have next to zero clout, but instead make a fuckton of noise and no one cares. This is also why when some dumb hipster comes into a webforums asking for support people laugh at them, and the reason why no one really gives a fuck about turning out the polls, and people think you are just a bunch of shills. Hipsters like to pretend they have political clout, but all they are foot soliders for lobbyists. Its very obvious and very showing to everyone but themselves. They don't have power, power has them. You demand inaction and blind support in lobbies, even ones I agree with is a terrible idea. I do agree donating to the ALCU and EFF is a good, but its not enough.
In short, a boycott will be effective if you want it to be effective. In addition to boycotting you can also support the EFF and ALCU, I don't see why you can't do both. At very least I call on the EFF and ALCU to donate some lawyers to people who plan civil disobediance against federal government shenanigans. I'm proud to support both the EFF and ALCU, and if you truely support the mission of both you should support my plan.
My idea doesn't require a ton of people, and if it fails the worst that happens is nothing. You have nothing to loose, and everything to gain in making a few friends and perhaps steering them into activism with the EFF, ALCU and other such groups.
I wouldn't be surprised if people put up honeypots on Tor just to mess with 'em, and log all of the output over serial or something so that even if they get in, they can't purge the logs of their attempts.
Search warrants are still subject to constitutional requirements of reason and due process; this is a procedural rule independent of that.
It will allow a judge to issue the warrant even if the FBI or police are not sure what judicial district it's happening in. It's important to let a magistrate judge approve a warrant on that basis, because the current rule 41(b) does not provide for it except in terrorism cases. So if you have someone selling hard drugs online, for example, but the government can't tell whether they are located inside the United States or not, this provides a way for them to get a warrant to search.
See the proposed rule (from last November) on page 111 of http://www.uscourts.gov/uscour...
The old one is here: http://www.law.cornell.edu/rul...
There are a host of federal regulations regarding maintaining the privacy of data that necessitate the use of corporate VPNs. Were the FBI to hack a corporate VPN and expose regulated data to the internet or the public via documents in an open hearing, the circus that would ensue as the Attorney General would try to explain how the FBI is exempt from all of those regs would be both entertaining and horrific.
My Lord, I request permission to knock in any door in Boston which my men find latched.
If Slashdot were chemistry it would look like this:Cadaverine
I can understand allowing the feds to hack TOR users... but VPN? Pretty much 100% of corporate environments these days use VPN... they make it sound like VPN is such an underground tool that harbors illegal activities.
Now that the FBI is handling my corporate penetration testing for me, how to I contact the NSA to arrange for online backup/restoral and disaster recovery? What better use of federal corporate taxes! ;-)
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."