Slashdot Mirror
Supreme Court Gives FBI More Hacking Power (theintercept.com)
An anonymous reader cites an article on The Intercept (edited and condensed): The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, many of them belonging to victims of cybercrime. The changes, which will take immediate effect in December unless Congress adopts competing legislation, would allow the FBI go hunting for anyone browsing the Internet anonymously in the U.S. with a single warrant. Previously, under the federal rules on criminal procedures, a magistrate judge couldn't approve a warrant request to search a computer remotely if the investigator didn't know where the computer was -- because it might be outside his or her jurisdiction. The rule change would allow a magistrate judge to issue a warrant to search or seize an electronic device if the target is using anonymity software like Tor."Unbelievable," said Edward Snowden. "FBI sneaks radical expansion of power through courts, avoiding public debate." Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as "possibly the broadest expansion of extraterritorial surveillance power since the FBI's inception."
...because apparently most people just don't get it.
You wanted big government? THIS IS IT.
Stated another way, you can't have big government without gross violations of civil rights. It's absolutely impossible. The only way to eliminate those gross violations of civil rights is to place strict limits on the size and scope of government, which naturally rules out the notion of big government.
welcome our web browser monitoring overlords and wish them well in their endeavors at world domination.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
This seems to be the only reasonable outcome although I'm sure the conspiracy theorists will have a heyday with it. If somebody has effectively disguised the physical location of their machine, there's no way to know which jurisdiction should issue the warrant. This creates a Catch-22 situation that is untenable. The only reason to consider this problematic is if you are of the belief that those with a certain level of technical skill should be exempt from the law.
what about that suicide at apple did that person help the FBI and then apple found out they pushed him over the edge?
Better send in mulder and scully
"search or seize an electronic device if the target is using anonymity software like Tor"
They basically ruled that using the Tor Browser or any anonymity software is an admission you must be doing something wrong so therefore the warrant covers it all.
What is innocent until proven guilty?
"immediate effect in December"
Either the effect is immediate (this means NOW) or in December (which means later). What is the English language?
>> "FBI sneaks radical expansion of power through courts, avoiding public debate."
This is the same route that everyone is pursuing today. Witness the recent changes in gay marriage (court decision), our new national health care "tax" (court decision), political speech contribution limits (court decision) and more.
It's getting to the point where "public debate" leading to "legislation" or "constitutional amendments" (i.e., changes in the law) almost seems like a thing of the past. Instead, you just stack the highest court you can find with like-minded people, then shove court cases involving your favorite issues at them until they issue the ruling you want - no messy democracy needed!
"Unbelievable"
What have we done without it?
Achille Talon
Hop!
Let's be clear what the rule change actually does. It allows a judge to issue a search warrant affecting computers outside his or her jurisdiction.
The rule only allows an expansion in the geographic scope of warrants. It is NOT an order permitting the hacking of anyone using anonymity. That's a very misleading statement.
I'm actually not sure this is a bad thing, either. Instead of seeking warrants in each jurisdiction, it allows law enforcement to seek a single warrant that covers all jurisdictions. One of the biggest issues with government surveillance is that the courts just don't have the resources to properly scrutinize all the requests for warrants they get. For example, the FISA court can't properly review all the requests they get, so in some ways they rely on the NSA to police themselves. If there are fewer requests for warrants it allows, at least in principle, more thorough scrutiny of each request.
Could someone please explain to me exactly what the Supreme Court does? I didn't even know that they do this kind of thing. I thought they heard cases and made rulings on the cases.
Reading the Wikipedia article on the US Supreme Court doesn't help, either. It's all about hearing cases.
... is "the officer must make reasonable efforts to serve a copy of the warrant and receipt on the person whose property was searched or who possessed the information that was seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." So after they search your machine and identify you, they still have to let you know they did it. If it happens too often, voters might start to care. Of course, the cameras everywhere one turns don't seem to bother voters much, so perhaps that's a bit optimistic.
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
y'all are missing the point.
the fact that REMOTELY BREAKING INTO OUR MACHINES has been allowed by the courts; that's the real news, here.
everyone government seems to do it, too. I remember reading about malware that the german government uses to break into their citizen's computers.
its amazing that we have given up due process and we have fallen prey to 'ends justifies the means'. this is not, at all, what america used to stand for.
but as I said, this is not really just about the US. all authorities seem to think anything's fair game as long as they get their man. and conservative-driven countries (like the US, currently) have zero problems giving authorities any damned thing they ask for, as long as they keep us in perpetual fear and promise to keep the Bad Guys(tm) away.
--
"It is now safe to switch off your computer."
To be fair, TFA does not say that the FBI can do it without a warrant:
The Supreme Court ruling also expands the warrants to allow the FBI to hack into computers that have already been hacked, such as those infected by a botnet—a type of malware that gives criminal hackers the power to take over many innocent “zombie” computers to distribute spam or spread viruses.
As far as I can tell, the writer of the summary either misunderstood or made that particular detail up.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
They don't have an IP address. The computers are using Tor/anonymizing services, etc
What are you morons talking about? The Supreme Court approved the changes. They ARE the oversight. Christ.
When laws are unclear, multiple laws conflict, or one law (e.g. the Constitution) supersedes the other, it's up to the court to decide how to proceed. Remember your grade school civics: the Judicial Branch interprets the law.
Judicial review is built into the Constitution, and was always an intended power of the courts. Read the Federalist (and even the Anti-Federalist) Papers, it's very clear.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
It might be allowed by the courts, but that doesn't mean that a person has to allow it to happen to their own computer.... this law does not appear to forbid people from securing their own home networks against intrusion from anyone they did not authorize.
File under 'M' for 'Manic ranting'
This sounds like a direct response to the recent ruling covered here a few days ago:
https://yro.slashdot.org/story/16/04/21/1718230/in-a-first-judge-throws-out-evidence-obtained-from-fbi-malware
"Based on the foregoing analysis, the Court concludes that the NIT warrant was issued without jurisdiction and thus was void ab initio,"
And now:
"Previously, under the federal rules on criminal procedures, a magistrate judge couldn't approve a warrant request to search a computer remotely if the investigator didn't know where the computer was -- because it might be outside his or her jurisdiction."
Would be nice to hear from a lawyer if the previous ruling was taken to the supreme court and amended based on... no clue, but some legal reason.
I think remotely breaking into machines (if a warrant was issued) was already allowed before this. This only changed how the warrants are issued, not the power granted by the warrants themselves.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
time to dust off my old DECstation and see if mosaic still runs on it ;)
any zero-days that existed for ultrix are probably not even around anymore; and the company that made that computer is not even around anymore.
(half seriously, though, I do wonder if those that want the most security would tend to run the most unusual hardware and non-standard os's. send my ultrix box a windows .exe file as a trojan? good luck with that!)
--
"It is now safe to switch off your computer."
Or you could just put your regular home computers behind a properly secured hardware firewall. What self-respecting computer knowledgeable person does not already do this?
File under 'M' for 'Manic ranting'
more and more people are sick and tired of this shit.
maybe a quick (and yes, painful) struggle and change is what we need.
the slow change is killing us, as a nation. a violent revolution is not what anyone WANTS, but perhaps its what we really need right now.
people are feeling desparate and deparate people are not rational thinkers. when they feel they have nothing left to lose, all hell will break loose.
its really just a matter of time. we're on track for 'something'; what that is, no one really knows. but we are not tracking toward stability, THAT much is for sure!
--
"It is now safe to switch off your computer."
don't be an idiot.
firewalls are not very strong; when a TLA that has more money than god wants to get in.
--
"It is now safe to switch off your computer."
Please note that I did qualify the firewall as being "properly secured". This is possible to do while still having connectivity such that only physical access can bypass the security. Worst case scenario: issue "deny all" on incoming connection requests.
File under 'M' for 'Manic ranting'
A fun experiment might be to use just a dumb terminal and have all the processing out on an Amazon AWS server somewhere. I wonder if the FBI would have the guts to bust into one of their server farms and rip out some of the boxes/blades/hard drives.
yeah, that's the worst part of the post.
There are two types of people in the world: Those who crave closure
Parent is wrong.
1) power appeals to "bad people" in all amounts - sociopaths get their kicks from child abuse to middle management to serial killing.
2) The SYSTEM eventually influences everybody; even physiology experts who design the experiments - as the science shows (ex: stanford prisoner experiment.) The greatest influence of all are the bad elements within the system itself - they do not need to be human or be planned to be corrupting to be highly potent.
3) "Good people" as well as normal people are prone to being corrupted by others; again, science shows this (ex Milgram experiment.)
4) good vs bad is for USA comics and movies. Simpleton thinking for easy manipulation of the story... and probably the consumers who are surrounded with it. What is good and bad is complex and quite subjective. A good person with the right motives can easily place lower priority values aside for the greater good, or even just for self defense. Self defense itself is a great topic for debate because it is arguably the most evil defense there is. THINK ABOUT THAT!
5) what is bad? what is evil? We don't really learn about them; we only hear examples or have simple rules. Nobody spends time trying to define them let alone studying them. Nationalism and other limited perspectives become a huge complicating factor. The nature of Evil is something that we should all spend time on; it is extremely important but we don't study it - psychology hardly does so because it's always getting stuck in niches.
capcha: crusade
Unacceptable.
What kind of idiot posts something like that on Slashdot?
One who should read this:
http://www.businessinsider.com...
600million IPs are geolocated to one farm in Kansas that's at the geographic center of the lower 48.
There are two types of people in the world: Those who crave closure
I don't think you understand how back doors work...
There are two types of people in the world: Those who crave closure
A firewall is irrelevant. Most of the malware used is not pushed remotely through a backdoor, rather by tricking the user into installing it, phishing, or through web sites that exploit holes in the machine being used. Your firewall will not do anything to stop this. Unless you are running some sort of proxy that scans for malware (assuming it is not a zero day or undisclosed and unpatched vulnerability). Most are not.
I came, I conquered, I coredumped
The article itself notes that anyone under active investigation. The summation of the /. post seems to leave that out, making it sound like anyone using TOR or similar would be a potential target of FBI hacking as it would be assumed they would be criminals. That is how I read the summation.
The article says no such thing, rather it says that for people under investigation, when a warrant would have been issued under normal circumstances, if they are using anonymity software, then the FBI can still apply for a warrant, but the jurisdiction issue would be less of an issue.
I am okay with this. However, it is a double edged sword, while the FBI as a whole probably has good intentions, it is the individuals within who tend to abuse their powers, and I see this entire process ripe for abuse.
I came, I conquered, I coredumped
And I don't think you understand what "properly secured" means if you think that a back door would still be there.
File under 'M' for 'Manic ranting'
Agreed... but unless laws exist that require the manufacturer to do this, the consumer can research different manufacturers and decide for themselves which is the most reputable and meets their security requirements
File under 'M' for 'Manic ranting'
FBI HQ is still named after that tyrant J Edgar Hoover, who gathered so much power, even Presidents feared him.
The FBI hasn't changed; they will never change.
rig things so that if the gateway/router falls over a shaped charge blows the connect "they" could have more money than the Atlantian Greek and Roman Pantheons and still not get any data.
when things like this can go through with no public debate, can we call what we have in the USA a democracy any more? Sounds very Nazi/Gestapo like indeed:Group/agency just secretly arranges expandability of it's own powers with no oversight, no limits of scope, and no accountability. Sounds more like fasicism to me. At least China and Russia are open about it. We tell the world we are a democracy, and do the stuff we condemned the Germans, Chinese and Russians for years ago. When will the US public realize they have a government (let's just say 'ruling group', 'government' sounds too much like the public actually has any say) that really has no accountability to the public. (When we allowed the Patriot Act to be passed behind closed doors with any significant opposition, we gave permission to all of this following). And with the information they collect, they can intimidate/eliminate anyone who opposes their agenda, which is likely part of the point. (just like in Russia and China).
"Imagination is more important than knowledge" - Einstein
BHAHAHAHA at you thinking you have it properly secured if *network vendor* is required to put in a backdoor.
There are two types of people in the world: Those who crave closure
What kind of people are they appointing to SCOTUS these days? It seems that this bunch of legal illiterates doesn't even understand the meaning of jurisdiction .
A judge can't authorize the search or seizure of something that is outside of their jurisdiction, because they have no authority to grant it outside of their jurisdiction. Jurisdiction means area of legal authority. The court can't give the FBI legal authority to do something in a place where the court has no legal authority itself. It can't give something that it doesn't have.
If lack of jurisdiction were no barrier then the judges of North Korea or Iran would be able to authorize whatever they liked within the territory of the United States. Is SCOTUS OK with that?
You've answered your own question: The Supreme Court of North Korea (or whatever) can authorize all it wants to; it has no jurisdiction here.
What this ruling does is basically say that a judge doesn't need to *pre-determine* that it has jurisdiction for an anonymous warrant where the location is unknown. This solves a painful chicken-and-egg problem when you're trying to go after someone with a search warrant.
If it turns out they were outside the US, the warrant is unenforceable. If they were in the US but the court for some other reason doesn't have jurisdiction, the warrant is null and void (and search results can't be used as evidence in a criminal case).
In other words, this is a lot of huff and puff about not much of anything.
Hire a Linux system administrator, systems engineer,
Is TOR not anonymous anymore? How they be found and investigated if they are using TOR and could be anywhere in the world?
Afaik, the network vendor is *NOT* required to put in a back door... That's my whole point... that this proposal does not prevent someone from securing their own network against intrusion.
File under 'M' for 'Manic ranting'
Do you have a better one? Can you point out some specific flaws in the methodology of that study? I note that a few other widely cited studies used the ICRG corruption index, what are your thoughts on that one?
I'd appreciate your thoughts on the subject, if you have any.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Okay... so they are idiots. My point is that even though this proposal might empower law enforcement to have the authority to try and hack into other people's computers in the interests of a criminal investigation, as long as no law exists *requiring* that hardware vendors deliberately compromise their systems so that such intrusion is relatively easy, a competent computer knowledgeable person can harden their network against absolutely any attempts to hack into it from outside, regardless of who is trying to do so.
File under 'M' for 'Manic ranting'
"Tricking" the user plays on a user's gullibility... a trait that is not generally widely held among people who are actually competent with computers and networks.
My point is that if a person is smart enough to have defenses against this, then they are probably also not dumb enough to be tricked by phishing attempts, and any browser they run will be in an isolated enough sandbox that any vulnerabilities which might exist in it will have very limited effects outside of itself, if any.
File under 'M' for 'Manic ranting'
you are forgetting the other half of the vector attack direction.
from within.
silly firewalls are USELESS for this. when you trick a user (happens every few minutes. THERE, one just got tricked now, I bet!) into taking a payload and they gladly click on the dancing pigs, the .exe file (etc etc) is now inside their network.
tell me, mr. firewall wiz, how does the fw protect against user stupidity in clicking on dancing pigs?
see my point?
there are MANY ways to poison your system. firewalls stop a tiny fraction of the attack directions and sources.
--
"It is now safe to switch off your computer."
I don't know why this post was modded "Troll", when it was clearly meant to be Funny!
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
"From within" requires physical access... tricking a user requires that they are gullible. This proposal doesn't entitle law enforcement to the former, and people who are competent network managers are not prone to the latter. My point is that this proposal does not prohibit someone from securing their own networks, and any difficulty that law enforcement might have trying to hack in, however lawfully they are permitted to attempt to do so, may be entirely fruitless. The end user still possesses entirely legally valid absolute veto power here against this proposal as long as no laws are passed that require that backdoors exist in all systems connected to a public network... all that is required at most is education.
File under 'M' for 'Manic ranting'
Yes but I'm not sure what that has to do with what I've said.
File under 'M' for 'Manic ranting'
C'mon fellow freedom lovers! FIGHT BACK!!! Get our lives OUT of the hands of paranoid government incompetents! I DEMAND FREEDOM! Freedom from any prying. Fix the REAL societal ills rather than chase them with patches. It is the CORPORATE manipulators that needs exposure - and full prosecution for their offenses. This crap cannot continue the way it is without a radical revolution to ensure our protection from a way of life that we do NOT want!
Self-importance and self-indulgence is the root of ALL evil.
'Future Shock' is here -- WAY too many "monkeys with machine guns"! How did this happen? How about CORPORATIONS focusing on that ever-almighty bottom line? Sell Sell Sell - EVERYONE, whether they need it or want it or not.
Self-importance and self-indulgence is the root of ALL evil.
I know their there to interpret the law, but the articles states they changed it and it was not because it was unclear.