How the FBI Hacks Around Encryption

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.

Hacking 'Round Encryptions

[smittyoneeach]

Hacking 'round encryptions
Gives Libertarians conniptions
Who really wants to be an unkempt slave?
From this fracas let be born
Finally, Federalist reform
Taking us to fabled fields of Burma Shave

Re:Hacking 'Round Encryptions

Ideally, judicial review ought to be good enough. However, in practice that's not true. The FISA court is one entity that frequently deals with cases involving electronic surveillance. While I'd like to think the court is well-intentioned, they are overwhelmed and wield great power. They've helped to expand law enforcement powers with rulings like the "special needs" doctrine. They face so many requests for surveillance that they admit they simply don't have the ability to properly review them. Essentially, the NSA is left to police itself and ensure it doesn't violate the Constitution. They're a rubber stamp. Even with other courts, requests for search warrants aren't given sufficient scrutiny and aren't refused often enough.

Re:Hacking 'Round Encryptions

FISA courts aren't courts. There is no defense council. It is one sided, and the government can do whatever it wants and get a warrant for anything, so long as the courts can find some ridiculous, contrived view that 'limits' the search. For example, "every email ever sent, except the one last tuesday about carl's lunch" why, that clearly narrows it down! Warrant approved!

Re:Hacking 'Round Encryptions

[moeinvt]

I don't think libertarians have drifted toward neoconservativism. If you're perceiving Republicans in libertarian clothing, I think there are a couple of things going on which might give that impression but neither is driven by a philosophical shift.

The whole "TEA Party" thing for example is a rejection of the big government neocons of the Bush era. It has a few libertarian leanings, but unfortunately maintains much of the Republican baggage. These neocon/libertarian hybrids have evolved in the opposite direction from what you're implying.

Then, you're also seeing the Rand Paul type folks who are willing to jump through the Republican hoops in order to bring a few libertarian ideas to the mainstream. Let's face it. In order to win the Republican presidential nomination, you need to have at least some appeal to the "family values" and "strong defense" contingents in the Republican base. The strategy of compromising principles for political appeal is a huge bone of contention among liberty activists. People willing to go down that road might also appear to be "pseudo-libertarians", but their drift toward the Republican orthodoxy is a matter of practical necessity, not political philosophy.

Re:Hacking 'Round Encryptions

[Curunir_wolf]

But ... but.. Muh ROADS!

Re:Hacking 'Round Encryptions

[Curunir_wolf]

Then, you're also seeing the Rand Paul type folks who are willing to jump through the Republican hoops in order to bring a few libertarian ideas to the mainstream. Let's face it. In order to win the Republican presidential nomination, you need to have at least some appeal to the "family values" and "strong defense" contingents in the Republican base. The strategy of compromising principles for political appeal is a huge bone of contention among liberty activists. People willing to go down that road might also appear to be "pseudo-libertarians", but their drift toward the Republican orthodoxy is a matter of practical necessity, not political philosophy.

It certainly seemed like a necessity based on the past outcomes of elections and primaries. But it's not working at all for Rand Paul and other libertarian-leaning candidates that are trying to appear more "mainstream". Instead, the electorate these days is bent on rejecting anything that looks like a mainstream politician. Even the Democrats are leaning that way, with Bernie Sanders polling way higher than any of the political pundits predicted. That says less about Sanders than it does Hillary Clinton - an "insider" that no one views as more trustworthy than any other career politician (yes, Sanders is, in fact, also a career politician, but he has managed to be perceived as an outsider. It's all about the optics.

We are, it seems, on the verge of a populist uprising. Voters have been betrayed so many times and so completely they now realize there is no one in Washington that is listening to their concerns any more. I'm actually surprised there haven't been more of them dumped by voters like Eric Cantor was.

Re:Hacking 'Round Encryptions

I believe you are referring to the John Birch Society of libertarians? They started out as right wing, only because they were so far left wing. Regan was not the first to fall under their spell. Tricky was there also. But chevy gave them their inroads. Let them hide under the bushes. And lets not forget the bushes whose father should have been in jail. Damn, that would have cut them off at the knees. But then how much more subversive, then the campaign against Carter. By the US Military. So it had to go all the way to the top of the pentagon then. Active subversion of the political process, by the generals, reminds you of a novel. But this really happened. In the US. And the press played along. Damn their lying.

Re:Hacking 'Round Encryptions

[mrchaotica]

They're still a court even if no defense counsel is present.

BULLSHIT.

Star chamber, kangaroo "court," FISA "court"... they're all the same. Any institution that contemptible does not deserve to be called a "court" at all!

Re:Hacking 'Round Encryptions

I don't disagree that they're not worthy of being called a court. I'm just saying that there generally isn't a defense present when a search warrant is issued in any court. However, the Constitution and the law still need to be followed (FISA doesn't really do this), there needs to be probable cause (mass surveillance clearly isn't justified with probable cause), there needs to be real judicial review (FISA doesn't do this), and there needs to be a practical way for the defense to contest the validity of the warrant at a later time (seems like this is hard to do with FISA). If criminals knew the police have actual probable cause and were getting a search warrant, they would easily be able to hide or destroy evidence. It makes more sense to allow the warrant to be contested afterward, so there's still real judicial review. Of course, that's how courts are supposed to work, but that's not really how FISA works.

Re:Hacking 'Round Encryptions

[KGIII]

The saddest part is that Sanders is closer to my ideals than Paul. I don't like Sander's route, I don't think. But, yeah... Rand's an idiot from what I can see and I agree that he's pandering to the Republicans.

Re:Hacking 'Round Encryptions

[KGIII]

I'm actually a big fan of things like roads, libraries, and police departments. I don't even mind paying my taxes (I wish they were better spent/invested). Hell, I even support a strong social safety net - it stops people from stealing my stuff. I like my stuff. That's why I bought it. We need an educated citizenry that can increase their upward mobility and we need to maintain that while also ensuring that we retain our rights while establishing and maintaining protections for the commons. Most important is the rights of the individual (not the businesses and sure as shit not the government).

Re:Hacking 'Round Encryptions

The moderation on posts like this is why so many people troll here. Agree or disagree with the reasoning, it's not a troll. Modding -1 troll shouldn't be used to mean -1 disagree.

If the police believe they have probable cause to search your property or monitor your communications, they have to go to a judge and present their evidence. There is no defense counsel present for this proceeding; only the police and the judge. If a search warrant is issued, it authorizes the police to search and possibly seize property within the scope of the warrant. In the case of a wiretap, the police can listen to communications relevant to the investigation but don't get to snoop on anything and everything. If the person being searched was present when a warrant was issued, they would have the ability to hide or destroy evidence. This is called obstruction of justice. They don't find out until after the search was executed. In the case of a wiretap, the person whose communications are being tapped isn't told until after the search warrant is completed. Instead of contesting the issuance of the warrant, the search warrant is executed, but the person being searched has the opportunity to contest the warrant afterwards. If a judge finds the warrant was invalid, any evidence obtained is inadmissible in court. This is how it's supposed to work.

There is nothing unusual about not having the defense present in the FISA court when the government seeks authorization for surveillance. That's no different than the process I described above. There are numerous other issues, though, including:
1) There is no probable cause to justify mass surveillance
2) Some of the justification for authorizing search warrants isn't legally sound, i.e., special needs doctrine
3) FISA isn't able to adequately review all the requests they receive for surveillance, so they become a rubber stamp
4) When the person being searched never becomes aware of a search warrant against them, they can't contest whether it's valid or not (especially true for mass surveillance)
5) The judges making these decisions don't understand technology and, therefore, make some strange rulings such as Smith v. Maryland (1979) -- not a FISA ruling, but the criticism applies to FISA, too
6) It may be necessary to keep some search warrants secret for a finite time to protect an investigation and prevent obstruction of justice, but this should be for a limited time, not effectively permanent as many of the FISA warrants allow
7) The entire process can be circumvented with national security letters that are also very difficult to contest (though as of a 2006 law, this is possible)

The FISA court was created in response to abuses of surveillance by the executive branch. They were supposed to prevent this, but instead they've actually expanded surveillance powers. Whether they're worthy of being called a court is up to you, but they're a court in the sense that their rulings are every bit as legally binding as any other court in the US.

Also, I haven't a clue why I inexplicably got a "lameness filter" error with a slightly different last line of this post.

Re:Hacking 'Round Encryptions

That isn't unique to FISA courts. The defense isn't present when regular warrants are requested either.

Re:Hacking 'Round Encryptions

Do a favor to yourself and the world. Don't put a socialist at the White House. Can you see how Latin American is faring with all these self-proclaimed socialist saviors? Just don't.

Captcha: reddish

Re:Hacking 'Round Encryptions

[KGIII]

The Democrats hate him, the Republicans despise him. He won't get much done. A government amusing itself with itself might be a good thing for the citizens. There's that.

Re:Hacking 'Round Encryptions

[doccus]

So long as it is a lawful and just warrant then I've no problem with this. I used to be able to say that most libertarians aren't crackpots. Such is no longer true. Today, they're mostly Ayn Rand worshiping Republicans who are too ashamed to admit they're neoconservatives and have opted to co-opt the moniker in hopes that nobody notices. It's our fault for not speaking up against them.

I think you should be able to encrypt all you want and that they should be able to get a warrant to try to break that encryption but that you needn't help them to do so. They can have my mangled and unreadable data if they want it. With enough time and money they're allowed to decrypt it too. I can't wait until they do and find out that it's all just a bunch of saved pictures of lolcats and the occasional lolrus.

pleaz to no decrypt my bukkit! my encypted bukkit!!! nooo!!!

No, really. No lolcats but I do have a few lolrus pics saved. For some reason he amuses the hell out of me.

Wuzza "Lolrus"; "googookatchoo". Same as "I am the Lolcat; yakyakachat" ? No?

Re:Hacking 'Round Encryptions

[KGIII]

I don't usually enjoy most memes but I do like the Lolrus. Here's a good start.
http://knowyourmeme.com/memes/...

Well, but...

It does not give the FBI bulk surveillance capabilities unless they work with bulk tools, namely botnets and worms trying to infect everything they can get. And that looks pretty bad when discovered.

So widespread use of end-to-end encryption would mean that the FBI would be mostly restricted to operating within the confines of the Constitution. We can't really have that.

Re:Well, but...

So widespread use of end-to-end encryption would mean that the FBI would be mostly restricted to operating within the confines of the Constitution. We can't really have that.

Exactly. How else would they go about their job of harassing the minorities and prosecuting the poor?

Re:Well, but...

Why are you giving them ideas ?

Re:Well, but...

I'm not sure that they aren't using bulk methods. One day I got interested in a highly contaminated radioactive site in Colorado. I put the name of the site in youtube and the video that popped up was a nuclear protest. Every youtube video I watched for the rest of the day crashed my browser. Further investigation showed that something was launched and was looking for an external hdd.

Re:Well, but...

You've been hacked via honeypot. I hope you wiped your box.

Re:Well, but...

[coolmoe2]

What with a cloth or something? Sorry I felt it needed to be said.

Re:Well, but...

It must have been something installed through adobe flash. Other computers in the house could use youtube just fine. The protest was just some people singing something to the tune of "little boxes". https://www.youtube.com/watch?v=2_2lGkEU4Xs

Not quite the same thing

[Cow+Jones]

To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.

Re:Not quite the same thing

[Yetihehe]

For NSA, if you use encryption, you ARE a suspect.

Re:Not quite the same thing

[PolygamousRanchKid+]

For that, they must first have a suspect.

. . . So the FBI just declares everyone in the US to be suspects . . . so they can spy on everyone . . . that's more or less how it works these days.

Re:Not quite the same thing

[james_gnz]

To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device. For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.

According to them, encryption would still prevent people becoming suspects anyway, as I understand it. I believe they claim that they'd only ever use the back door* to access encrypted data of people who are already suspects, not to conduct fishing expeditions.

*Erm, I mean the "front door",which only they can use, leaving me to use the "back door" I suppose, meaning, metaphorically, I would have to walk around the house whenever I wanted to enter or leave it, which sounds rather metaphorically inconvenient, but I digress.

Re:Not quite the same thing

[Big+Hairy+Ian]

Brings a whole new definition for "Eve Online" :D

Re:Not quite the same thing

The metaphor the FBI uses to describe encryption is a locked door. There should be no reason to open the locked door unless someone is already a suspect. I'd say it's generally a good thing if encryption prevents people from becoming suspects. In detective work, often when someone is suspected of a crime, the police look for evidence to support their hypothesis while disregarding evidence to the contrary. It's not necessarily malicious, but rather how the human mind works. While this may prevent a few guilty people from becoming suspects, it also protects many more innocent people. It's why lawyers advise their clients not to speak to the police. The goal isn't to make crimes go unsolved, though it prevents the police from overstepping their bounds to solve those crimes. But the real reason is so that innocent people aren't harassed and charged with crimes they didn't commit.

Re:Not quite the same thing

[AmiMoJo]

I guess it depends how indiscriminate their malware and delivery systems are. Brute forcing a WPA key is one thing, but we know from the leaked NSA catalogues that at least some government agencies use malware too.

Re:Not quite the same thing

[EmagGeek]

Except that using encryption at all makes you a suspect automatically.

Re:Not quite the same thing

[cdrudge]

For NSA, you ARE a suspect.

FTFY

Re:Not quite the same thing

For NSA, if you use encryption, you ARE a suspect.

It would seem you and the parent here are under quite the illusion when trying to define what is a suspect, but I've devised a quick and easy test to determine if you are.

Are you breathing?

Do you have a pulse?

If you've answered yes to either of these two questions, then you have your answer, so wake the hell up about any illusions that encryption would somehow prevent mass surveillance and mass data collection. It hasn't, and it won't. Laws and Rights that are enforced protect us, as in the US Constitution and every Amendment therein. We no longer care about those Rights, nor do we choose to identify leaders who care.

Unfortunately, a lot of this surveillance will create jobs, but that's a hell of a spot to put both employers and potential employees in as the definition of terrorism expands to include digital invasion of privacy, forcing into question the definition of conscientious objector.

Re:Not quite the same thing

[Antique+Geekmeister]

> To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.

Not at all. Hacking can include unauthorized access to online records, to email, to phone records or audio recording on devices of people who've been in contact or may hold records of the targtet, etc. Search warrants and subpoenas are theoretically to balance the privacy of individuals, and of innocent parties, against the needs to investigate the relevant authorized search target.

Encryption helps raise the bar for casual, unauthorized review, and is well worth doing in this age of easy computer access. But I'm afraid that using it often raises interest in your personal caase, much as refusing to permit a search of your person or your vehicle raises the interest of law enforcement. And sadly, most encryption does not protect against illegal or legal hacking of a determined attacker. The re-use of common keys or passphrases, relatively easily stolen from less secure systems, the frequency of back doors in business and personal systems, and the poor security of far too many encrypted systems make their protection often rather incomplete.

Re:Not quite the same thing

[rholtzjr]

In my opinion the idea behind encryption is to provide us with the privacy that is needed in an environment that is open as the internet of today.
In order for expediency, would it not be easier to repeal the Fourth Amendment and get rid of the right which our ancestors fought for to protect us from warrant-less search and seizure. Shall we re-institute the "writ of assistance" and allow the controlling party to do anything they want just to see if they can find a violation of a law?
FBI, NSA, CIA, etc...., this is what you are asking "we thee people" for every time you ask for weak standards, back doors, and outright ban on encryption use.

Re:Not quite the same thing

[AHuxley]

re "Encryption can still prevent becoming a suspect in the first place."
The US has a way of 'updating' your standard cells telco network day to day function over the network.
"Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?" (2015-09-29)
https://theintercept.com/2015/...
"...the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants" ... " secretly activate the lawful intercept’s tapping function while at the same time hiding the fact that it had been turned on"
So the nation/mil or state backed entity can just keep tracking without anyone/telco/courts ever having a log or understanding of what/who is working telco network wide.
Under "Collect it all" all users on any cell network is suspect and has been for years as designed. The keys and who gets to activate the functions is the only question.

Re:Not quite the same thing

Or the mark has custom DIY hand compiled software routers that simply drop packets that are not within the whitelist that is also monitoring response times. Better still if timing carries the message and not the payload. If they tried to log extended accurate timestamps, sloppy admin, like having servers out by 3-4 minutes let alone seconds will annoy them. Other than foreign embassies and pizza deliveries - they have everything they need.

Re:Not quite the same thing

[silas_moeckel]

I find it hard that anything but a corner case would require hacking to get to records held by third parties. I have decades of working in the hosting and ISP industries, requests for data come in daily get reviewed by council and generally processed, we get paid rather well to do the work. Hacking should require that you have a good reason to think that the third party is actually in collusion with the suspect. If they have a clue about security we dont have much to give them just encrypted data and logs of what connected when. That said a VM is always less secure than a physical and keep your keys separate from your data.

Re:Not quite the same thing

[gizmo2199]

You'll just become unindicted co-conspirator #3

Re:Not quite the same thing

[JasterBobaMereel]

To be a suspect you must have links to terrorism, or links to people who have links to terrorism, or links to people who have links to people who have links to terrorism....

This will eventuall include everyone but a small number of isolationist Amish ....

Re: Not quite the same thing

history is cyclic. please refer to magna charta. or sparta.

man likes to indulge in glass bead worshipping (they call the beads android pr iphone these days) and authoritarian shit.

the wheel keeps dipping into shit on a regular basis.

Re: Not quite the same thing

amish are peace terrorists, dont cha know?

wicked evil ones without electricity to power sparta's listening devices...

Re:Not quite the same thing

[Antique+Geekmeister]

> I find it hard that anything but a corner case would require hacking to get to records held by third parties.

Then I urge you to look at the history of the "PRISM" program, I'd count that as wholesale cracking, precisely to avoid the need for telling anyone what they elect to monitor or to compelled to justify subpoenas. The NSA has traditionally, I'm sorry to say, engaged in wholesale monitoring of both domestic and international communications.

Re:Not quite the same thing

>> For NSA, you ARE a suspect.

> FTFY

Well done, but I'd have written "everyone is suspect".

Re:Not quite the same thing

[silas_moeckel]

It's exactly the opposite PRISM used fisa warrants, NSL etc to badger companies into sending them the requested data. This was not tapping is or hacking rather having data requested sent to them via various means. The slides Snoden released were pretty clear PRISM was with the aid of companies FAIRVIEW and BLARNEY seem to be tapping cables accessing intermediary routers etc. As an ISP there are pretty well defined methods for that sort of thing to give them real time access to traffic.

Re:Not quite the same thing

[Antique+Geekmeister]

> It's exactly the opposite PRISM used fisa warrants,

Except, I'm afraid, when they didn't bother with warrants or simply ignore the limitations of warrants or subpoenasTake a look at the rebuke by exactly the kind of judge who issues such warrents, at http://www.nytimes.com/2013/08....

The ongoing decryption efforts are tied to prism, and constitute hacking or "cracking" of the most basic nature. Examples include: the doucumented spying on embassies of allies, to quote from The Guardian.

            One of the bugging methods mentioned is codenamed Dropmire, which, according to a 2007 document, is "implanted on the Cryptofax at the EU embassy, DC" – an apparent reference to a bug placed in a commercially available encrypted fax machine used at the mission. The NSA documents note the machine is used to send cables back to foreign affairs ministries in European capitals.

Re:Not quite the same thing

[silas_moeckel]

Read the paper, PRISM has nothing to do with the data they gathered via intercepts that is a different program. From the article 90% of the data was coming from PRISM that is data they got via fisa warrants, they were overly broad and the NSA pushed for a broader scope than what they told the courts.

Of course the NSA spies on other nation states and foreign nationals that is their job as the primary spy agency for the US. But they dont need to bother with the clandestine bits when they get a rubber stamped warrant from fisa and hand it over to a company to get whatever data matches their overly broad query. Same goes for tapping fiber and routers they can avoid that hard work via the same fisa court. This is all far easier than doing it the hard way.

We know they do this the hard was as well, Snoden released papers with them tampering with networking kit while in transit that whole Tailored Access Operations bit for one.

Re:Not quite the same thing

[Big+Hairy+Ian]

Wow moded down because in America no one can understand your irony

why we imagine we have secrets...

guilt.. as for the motive for needing to watch us every second,, that's valid fear based that their behaviours will become more known about... cease fir stand down there's moms & babys in this town... new pontess candidate gay mom from jersey already having 'wardrobe' challenges.. never ends, hopefully

they want her to dress like an alter(ed) boy..

for her audition....? in every quirky way imaginable truth+mercy=justice uncontested universal spiritual axioms... thanks again moms

They *dont* get a warrant

"they should be able to get a warrant to try to break that encryption"

RTFA, That's his point too. The trouble is he only finds 9 examples of judges giving opinions or court orders:

"Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions."

He found discussions where the FBI expressed the belief that it is legal without a warrant and alluded to previous times they'd done it warrantless.

"He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device"

"Mayer said that in internal emails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first."

So if you believe the FBI has only done this 9 times then perhaps Libertarians are crackpots. On the other hand it seems likely the FBI has done this hundreds of thousands of times, and thus 9 examples of judicial opinions on cases suggests they're not telling the courts.

The FBI of course won't even reveal the total number of targets its used malware against, be it 9 or 9 million.

Re:They *dont* get a warrant

[Technician]

Why do they get to violate the DMCA?

If it is protected by encryption, no matter how weak, it is a federal offence to break the encryption.

Re:They *dont* get a warrant

[davester666]

Only applies if the encrypted data is copyright by a company with a valuation over $10 million US.

Re:They *dont* get a warrant

I've hear this argument used before. It clearly demonstrates the a failure to understand the difference between sovereignty rights citizen rights. Even in areas where it is illegal to carry a firearm law enforcement has that right. With a warrant a law enforcement officers can search your house. I can never legally search your house. Breaking encryption, especially if there is a warrant allowing for the search is perfectly legal.

Re:They *dont* get a warrant

[ourlovecanlastforeve]

Why do they get to violate the DMCA?

If it is protected by encryption, no matter how weak, it is a federal offence to break the encryption.

Why do police cruisers get to break the speed limit?

Re:They *dont* get a warrant

Or the Computer Fraud and Abuse Act.

Re:They *dont* get a warrant

[JimFive]

Because that's what a warrant is. Legal permission to break a law.
--
JimFive

If FBI can crack it ...

[140Mandak262Jamuna]

... so can everybody. Chinese, Russians, Bulgarians, Ukranians, Germans....

Re:If FBI can crack it ...

[AHuxley]

Thats why weak junk encryption per US backed standard networks/software over decades is so problematic.
If the mil has keys, so do federal taskforces, all nations staff that worked with the US, ex staff, former staff... nations, groups that can gain insights into the methods.
eg SISMI-Telecom scandal, Italy 2006
https://en.wikipedia.org/wiki/...

Re:If FBI can crack it ...

[Vitriol+Angst]

...and?

It's amazing the Nigerians even have to trick you to give them your bank account number. I suppose it's nice the Russian mob shows restraint and doesn't just rip EVERYONE off.

Re:If FBI can crack it ...

To be fair, a smart criminal knows that you never push it too far. Going overboard tends to bring an extreme response when you step on the wrong toes.

provided they have a warrant

This one is funny!

And if they haven't a warrant? It's illegal then, but who cares?

Relevant XKCD

http://xkcd.com/538/

HACKING!

[Meneth]

https://www.youtube.com/watch?v=OUzzAlorT7Q

Most likely similar to Stingray

It will another case similar to Stingray, the cell phone intercept:
http://www.yro.slashdot.org/story/12/10/27/144229/secret-stingray-warrantless-cellphone-tracking

Where the FBI claimed they could do it with a pen register (i.e. without a warrant), and used pleas bargaining and misdirection to keep the details of the intercepts from the court.

And of court every little district cop used it without a warrant, or even a legal basis for its use:
http://yro.slashdot.org/story/15/05/25/0344206/san-bernardino-sheriff-has-used-stingray-over-300-times-with-no-warrant

Eventually the courts find outs its a blanket sweep of data and then required a warrant for this use:
http://www.wctv.tv/home/headlines/TPD-Stingray-Use-Raises-Privacy-Questions-262047771.html

IMHO, it will be similar. Some hypothetical specious theory that lets them hack without a warrant, and they're keeping the details from the court so as to not face any scrutiny. Similar to Stingray.

keyloggin

this is about keyloggin, ya know what windows ten does...

so they hack you thinking you have it turned off , put a process hider in or change the app with ms help and you are boned for encryption cause your keys are 100% compromised

this is why YOU SHOULD NOT USE WINDOWS 10 or WINDOWS at all if you can help it

Re:keyloggin

CITATION NEEDED

A real one, not some fabricated and unreproducible nonsense posted by a Czech blogging idiot.

FBI and going dark

[Lennie]

Of course the FBI isn't happy about people going dark.

It's easier without having to deal with the encryption.

More and more endpoints are also getting full disk encryption.

Thinking long term, the FBI doesn't want to be in an arms race with the software developers of browsers, operating systems and the like.

Will they still be able to hack to software running on the endpoints ?

Maybe someday they won't find a way around it. Even though they have a court order they might not be able to do what they are asked to do. That is what scares them.

Re:FBI and going dark

In the real world, the FBI doesn't catch criminals as much as create them only to bust them and hold press conferences about all the alleged good they're doing.

Re: FBI and going dark

yeah, how horrible when they cannot socialize my intellectual property. Not.

Translation

... strong encryption stops law enforcement dead ...

Translation: We don't want to search for criminals.

How long until general warrants appear in the USA? There must be a hive of criminal activity in towns outside those 'no rights when the US border is less than 100 miles distant' zones.

"It’s fascinating – there are four excuses that keep coming back for every single dismantling of democracy. It’s terrorism, child porn, file sharing, and organized crime.", Rick Falk Vinge

Re:Translation

[mrchaotica]

How long until general warrants appear in the USA?

In places like Ferguson and Baltimore, one could argue that it's already happened (unofficially, of course).

Missing the point

[Jon.Burgin]

The point is not whether that can decrypt a selected target, rather it is that encryption causes a problem with surveillance from both a practical and legal standpoint. First by encrypting your communications, you clearly establish an assumption of privacy, which isn't as obvious with clear text (IANAL, but I assume that creates a hurdle in the courtroom). Second, applications that take in massive data of warrentlessly available data streams don't have the facilities to hack each one and still provide timely indicators of malfeasance. This kinda relies on the first point, because if someone didn't encrypt their communications, one MIGHT argue that the communicatee didn't mean for it to be private.

Re: Missing the point

wrong.
  nsa engages in automated mass hacking to obtain ssh and other keymaterial.

they employ aces like larry wall, mind you.

total information awareness is their wet dream and they have gone long ways to reach that objective.

hmm

[sociocapitalist]

I'm curious if off the shelf protection programs detect the FBI malware, or they've been compromised at the money layer.

And why wouldn't they identify the cases they're s

And let all criminals know the encryption products that stump them since criminals using encryption are keenly aware that civilian cases are all public, so if the FBI walks into court and says we can't break this encryption on product A. Suddenly every criminal, and terrorist in the world knows their capabilities. Not a smart move. I'm no fan of how the government works, but this is one of the smarter moves its made despite the toll it has on public opinion. Public opinion, like on most issues, needs to learn to follow cause and effect chains, where the effect becomes a cause, what effect will it have? Like raise taxes on the wealthy. The wealthy own businesses, the wealthy don't want to lose money. The wealthy demand a higher salary to offset the higher taxes. The company obliges. The company doesn't want to see it's bottom line hit, lest the shareholders get pissed. It raises its prices to compensate for the owners higher salary. Price increase works out to be a tax on the middle class and poor. Good job. The essence of cause and effect chain analysis? Shit rolls down hill. You can try and pass the shit up the hill, but it will just roll back down. Corollary is there's no such thing as a free lunch. Same is all true in the case of encryption. They cannot tell you which cases they can't bust. They'd love to offer proof for public opinion, but the shit will roll back down to criminals and terrorists. Better to just sit in the shit of uninformed, unthinking public opinion.

By their methods, you shall recognize them

[gweihir]

The criminal mind-set is obviously strong with the FBI. No surprise there.

So Many Experts

I had no idea /. had so many legal experts! And, my, look at all these people here who seem to have inside information on the FBI, NSA, and Homeland. My goodness! Why would we need spies when you already know it all!

This is Slashdot, you can use the word "decrypted"

It's okay, don't be shy. No need to resort to profanities such as "unencrypted".
(Though it is acceptable as a noun.)

FBI does this and that

[fustakrakich]

Elections are coming up. Is it an issue worth bringing up? Since it's given that neither democrats or republicans are going to reign them in, what's the plan? There are other choices. Or is everybody just going to treat it like the weather and complain because they can't work an umbrella?

They catch your machine ON and decrypted

If they can't remotely exploit your machine and exfiltrate what they want...they'll just show up when you are gone and use a hotplug kit to keep your machine on long enough to hack it and make copies of the storage devices.

As we all know, if you have physical access...

Warrant? What's that?

The FBI trojan horsed tor browsers on a mass scale which was revealed in the pirate bay case. Last I checked there are no warrants or probable cause covering random users of tor.

Hack-proof RaspberryPi encryption!

https://freedomgeek.quora.com/Secure-communication-Use-a-Raspberry-Pi

Encryption is of limited use

https://xkcd.com/538/

Much easier to take a hammer to somebodies kneecaps until they give you the decryption key.

Re:Encryption is of limited use

[GodGell]

Amen.
(Useless post to undo accidental bad mod.)