Slashdot Mirror
How the FBI Hacks Around Encryption
Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.
Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
"they should be able to get a warrant to try to break that encryption"
RTFA, That's his point too. The trouble is he only finds 9 examples of judges giving opinions or court orders:
"Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions."
He found discussions where the FBI expressed the belief that it is legal without a warrant and alluded to previous times they'd done it warrantless.
"He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device"
"Mayer said that in internal emails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first."
So if you believe the FBI has only done this 9 times then perhaps Libertarians are crackpots. On the other hand it seems likely the FBI has done this hundreds of thousands of times, and thus 9 examples of judicial opinions on cases suggests they're not telling the courts.
The FBI of course won't even reveal the total number of targets its used malware against, be it 9 or 9 million.
... so can everybody. Chinese, Russians, Bulgarians, Ukranians, Germans....
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Ideally, judicial review ought to be good enough. However, in practice that's not true. The FISA court is one entity that frequently deals with cases involving electronic surveillance. While I'd like to think the court is well-intentioned, they are overwhelmed and wield great power. They've helped to expand law enforcement powers with rulings like the "special needs" doctrine. They face so many requests for surveillance that they admit they simply don't have the ability to properly review them. Essentially, the NSA is left to police itself and ensure it doesn't violate the Constitution. They're a rubber stamp. Even with other courts, requests for search warrants aren't given sufficient scrutiny and aren't refused often enough.
It will another case similar to Stingray, the cell phone intercept:
http://www.yro.slashdot.org/story/12/10/27/144229/secret-stingray-warrantless-cellphone-tracking
Where the FBI claimed they could do it with a pen register (i.e. without a warrant), and used pleas bargaining and misdirection to keep the details of the intercepts from the court.
And of court every little district cop used it without a warrant, or even a legal basis for its use:
http://yro.slashdot.org/story/15/05/25/0344206/san-bernardino-sheriff-has-used-stingray-over-300-times-with-no-warrant
Eventually the courts find outs its a blanket sweep of data and then required a warrant for this use:
http://www.wctv.tv/home/headlines/TPD-Stingray-Use-Raises-Privacy-Questions-262047771.html
IMHO, it will be similar. Some hypothetical specious theory that lets them hack without a warrant, and they're keeping the details from the court so as to not face any scrutiny. Similar to Stingray.
FISA courts aren't courts. There is no defense council. It is one sided, and the government can do whatever it wants and get a warrant for anything, so long as the courts can find some ridiculous, contrived view that 'limits' the search. For example, "every email ever sent, except the one last tuesday about carl's lunch" why, that clearly narrows it down! Warrant approved!
I'm actually a big fan of things like roads, libraries, and police departments. I don't even mind paying my taxes (I wish they were better spent/invested). Hell, I even support a strong social safety net - it stops people from stealing my stuff. I like my stuff. That's why I bought it. We need an educated citizenry that can increase their upward mobility and we need to maintain that while also ensuring that we retain our rights while establishing and maintaining protections for the commons. Most important is the rights of the individual (not the businesses and sure as shit not the government).
"So long and thanks for all the fish."