Slashdot Mirror
How the FBI Hacks Around Encryption
Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.
Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
"they should be able to get a warrant to try to break that encryption"
RTFA, That's his point too. The trouble is he only finds 9 examples of judges giving opinions or court orders:
"Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions."
He found discussions where the FBI expressed the belief that it is legal without a warrant and alluded to previous times they'd done it warrantless.
"He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device"
"Mayer said that in internal emails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first."
So if you believe the FBI has only done this 9 times then perhaps Libertarians are crackpots. On the other hand it seems likely the FBI has done this hundreds of thousands of times, and thus 9 examples of judicial opinions on cases suggests they're not telling the courts.
The FBI of course won't even reveal the total number of targets its used malware against, be it 9 or 9 million.
FISA courts aren't courts. There is no defense council. It is one sided, and the government can do whatever it wants and get a warrant for anything, so long as the courts can find some ridiculous, contrived view that 'limits' the search. For example, "every email ever sent, except the one last tuesday about carl's lunch" why, that clearly narrows it down! Warrant approved!