Slashdot Mirror
Feds Want Access to Your Machine
PDA Buzz wrote to us with the latest privacy-invasion scheme. The Clinton Administration plans to ask Congress to give police authority to go secretely into people's computers, search for passwords and override encryption programs, "using devices, if needed".Investigators would need to have a sealed warrant to carry this out, but privacy groups are casting this as an invasion of the home. Shades of the Clipper Chip, anyone? Check this out for another report as well.
This does not require me to use a lock on my door or my car that the police can easily pick. If they want to search my house, they either have to get me to open it or break it down (and they have every right to break it down if I don't open it).
The problem with back doors is that they are prone to abuse. The search warrant is a legal technique that allows police to use powers they wouldn't otherwise have (without the warrant, searching my home is breaking and entering). If they required a technological technique, such as a lock that can be opened by anyone with a police key, the abuse could be rampant. A bad cop could just unlock my door with such a key and get whatever he wants, regardless of warrant. Without that, they have to break in, make a ruckus, make it obvious as to what he is doing, and basically give me a reasonable chance to get him arrested if he doesn't have a warrant.
Worse yet, a technological entry point like a back door can be used by non-cops. If cops can get into a back door, crackers can, too.
Note that not all cops are bad. Very few of them are. But if there are a million policemen in this country, and one half of one percent of them are "bad", that would be five thousand criminal policemen with keys to my data. Note that the above numbers are out of my hat; I don't have statistics on me.
Giving police a back door into your house, car, or computer means that you must implicitly trust, not police officers in general, but every single police officer individually. Do you? I don't.
If you have a warrant, you have my hard drive. But you are going to have to physically walk up to my house and seize the computer, or you are going to have to electronically monitor or enter it just like any cracker would. The ability of the police to obtain a warrant and search my data is a far cry from an obligation for me to make it easy for them to do so.
Also, I have an implicit right to encrypt anything. I am not required to testify against myself, again per the Constitution/Bill of Rights. Requiring me to make information available to police is potentially requiring me to testify against myself.
--The basis of all love is respect
Yes, you are legally bound to give out your keys if they have a subpoena. That is the whole point with it.
Did I mention those have to go too?
The 4th Amendment's protection against illegal search and seizure does rely upon the "difficulty of conducting a search" or the efficiency of police operations. Rather, the entire rationale of the Amendment is the use of a warrant system for such protection.
The framers assumed certain things about how the world operated and build a system of checks and balances based on these assumptions. If some of these assumptions become invalid, the checks and balances are likely to become unbalanced. Stepping for a second into the realm of science fiction, imagine that the police officers can effortlessly see what's happening at any time in any location. Wouldn't the 4th Amendment be different then?
However, we're not talking about placing cameras in every home,
Not yet. But the "slippery slope" argument is pretty convincing here. Witness all the govenrment efforts to mandate backdoors to all encryption -- this is very similar in spirit.
We're talking about the police, with a warrant, entering a home
Unless I am mistaken, we are also talking about a remote intrusion over the net, and that's a very significant part.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Opening my doors to law enforcement, however, means leaving my doors open to every law enforcement officer with certain permissions.
If the setup gives one thousand police officers the technological ability (not the legal power) to access my machine, I can be potentially screwed if the corruption rate among police officers is one tenth of one percent.
In general, I trust any police officer I meet; the one I run into is not likely to be one of the corrupt few. But a back door for police makes you an easy target specifically for the corrupt officer. That back door will not be invaded by the nine hundred ninety-nine clean cops, unless they can procure a warrant. I only worry about the minority corrupt cop, and that's enough.
Can you think of any group of one thousand people where you can trust each and every one of them? I can't.
--The basis of all love is respect
That's what the Feds basically want to install. I don't like this at all.
It seems that instead of 'spot the Fed' we'll all soon be playing 'spot the Fed sniffer on your machine'.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
They're calling this a "search warrant approved by a judge" and something close to the current sealed search warrants for wiretaps, but there are two huge differences here.
First, wiretaps don't necessarily require entering the target's premises. The taps can put into the phone company's CO, at the external junction box, or in a basement area. Having to place a wiretap in the target's bedroom or home office is rare. This helps ensure that the cops don't take advantage of the opportunity to illegally browse through the target's possessions. In contrast, this idea *requires* that the police invade the target's most personal spaces, yet the "reasonable grounds" barrier to obtain the warrant will be lower than all others since the nominal target of the warrant is so specific - all of a target's passwords should easily fit on a 3x5 index card!
Second, the burden on the police in obtaining a wiretap warrant is already pretty low, precisely because it's relatively non-invasive. This is especially true for the warrants that "only" record numbers dialed (and oops, up to 90 seconds of the conversation). The justification for this warrant is that *it's used as a prelude to a subsequent wiretap* (according to the Washington Post). In other words, this ancillary warrant would actually have more sweeping powers than the warrant it nominally supports!
Hopefully this trial balloon will go down in flames immediately, but if not I hope the adminstration and Congress realizes that these warrants may result in some enlightened judges holding the police to higher standards of proving that their evidence is "clean" when they have early access to the suspect's premises. They could easily win the battle (collecting evidence) but lose the war (no conviction since evidence is thrown out).
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
You're implying that protections against police abuse rely upon the irretrievable hiding of information from the police.
Yes, they do. That's not the only protection, and probably, not even a highly important one, but my capability to hide information from police puts a limit to police's power and so indirectly protects from the abuse of this power.
I don't trust the police to do all the right things all the time. I do want some capability to personally control which information can be found without necessarily depending upon the wisdom of some judge. You are telling me to trust the system -- I don't want to trust the system.
The illogic of this scenario is that a warranted search that turned up papers with the above information would in no way violate your rights
I don't see anything illogical here. If a cop searches your house without a warrant and finds some cocaine, he violated your rights. If you go to a cop and hand him the same cocaine, your rights weren't violated. So what?
Again, the 4th Amendment relies upon the court system, not individuals, to control police abuses.
Yes, but to repeat myself,
(1) Some assumptions on which the 4th was based have changed or are changing
(2) Regardless of what the 4th relies on, I do want some personal protection against police abuses.
Furthermore, you can argue 5th Amendment protections, regardless.
What do you mean? If the cops have my data and my encryption key, they don't have to ask me anything, the 5th just never comes up.
As I've said before, the potential for abuse of power (i.e. ignoring the need for a warrant) is another issue, entirely.
No, not at all. If there were no potential for abuse, there would be no need for all the checks and balances, and for the 4th in general. It is exactly the balance of power between the individuals and the government, and the distrust of the government, that brought to life the Bill of Rights.
Besides, I disagree with your examples. If I have encrypted data on my hard drive, it's currently very hard to get it. A single person is not likely to have the needed resources (TEMPEST surveillance, hardware keyboard sniffers, etc.) even if he resorts to illegal methods, and a small-scale corrupt system isn't likely to do much better, either.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Atlanta has them on the metro interstates. When they were installed, they were "Only going to be used to monitor traffic flow and spot accidents" (yeah, right).
Sure enough, they're now spotting traffic violations. Since they can obviously read tag numbers, guess what they will be used for next?
The difference is in checks and balances. If everyone searched knows they have been searched, the public has a way to judge if the searches are warranted (and Warranted). If the searches are covert, there's no checks and balances.
It's the difference between KNOWING you haven't been searched, and the creepy feeling that the feds MIGHT have been in your house because your best friend's second cousin's ex-wife's sister's boyfriend's mother's uncle's son might know the guy who posted a picture of Janet Reno in an SS uniform. (After all, they 'have reason to believe' you might have communicated with him).
Of course, that means that your private key floppy will be on your person when they present you the search warrant for it - no chance to 'lose' it.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
The technology exists to spy on anyone anytime: churning the technological arms race won't help us. Any lock can be broken by a determined attacker. We need to practice social engineering and forge societies where spying is impossible. Look for solutions that lead to fewer secrets rather than more secrets and remove the necessity for complicated technological locks.
For example: Openly install monitoring tools on all police hardware with a 3 month delay before it goes public. So maybe they will be spying on us, but at least we can find out exactly what abuses they are doing. (The three month delay is to give them some time to prosecute their cases.) -ccm
This still requires a warrant. As other posters have pointed out, "fishing expeditions" are just as illegal with this law as they were before the law. So no one can legally install a hardware sniffer on your machine without the same sort of warrant necessary to wiretap your phone, for example. This isn't really a big change.
What the authorities are trying to prevent is the sort of situation that occurred with Kevin Mitnick. (I'm not an authority on Mr. Mitnick; I'm sure someone here will correct me if I get the facts a little wrong.) My understanding is that he had encrypted files on his machines which could have been used as evidence against him. However, he refused to surrender the password/keys necessary to get at the files (I can't argue with that, from a 5th Amendment point of view). This new law allows the government to install a hardware monitor on your machine hopefully before you encrypt all of your data. After that, even though you think you are encrypting all of your files, that may no longer be the case. Or perhaps your files are encrypted, but the password and/or keys are stored by the monitoring device, so that there's no wasted time getting information out of the suspect in order to decrypt their files.
Either way, no more messy 5th Amendment issues to cause headaches for law enforcement.
Your right to not believe: Americans United for Separation of Church and
Now, however, I can download my OS from, say, (where else) Finland, check out the source and compile it myself.
Of course, it occurs to me now they could build this sort of thing into the hardware and restrict the sale of other hardware in the US. At that point, I think I'd like to move to Cuba or Iran, or some other country where they make no pretense at loving libery and where despotism can be taken in its pure form.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I will admit that the "central" idiology of the libertarians would appear to be against this, but what I've seen of some particular "libertarian" private lives (i.e., the way they were running companies) doesn't encourage me to believe that this is an automatic cure.
The fundamental flaw of Libertarianism is that you can do what you want with your own property, including restrict the activities of those who are on it or impose obligations on them for remaining there. So, if you think of the U.S. as one big Home Owner's Association, and the Constitution as the rules of that HOA, we live in a perfectly Libertarian society. Don't like the rules of the U.S.? You're perfectly welcome to go elsewhere and live by the rules of the current owner. There's nowhere on earth with the rules you want? Not my problem.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Well, first of all you seem to be mightily confused about what is a society and what is a government. You are arguing that societies are a good thing and without a society around us life would suck. Sure, no problem. But then you make a interesting jump and tell me that the government is the society. Er... Consider for a moment an interesting place like North Korea. Are you willing to tell me that the government there is doing nothing but serving the North Korean society, looking out for every member of it, etc. etc? Are you going to tell me that every law passed is a good law and should be obeyed because THEY know better and are really doing this in your best interest?
Go back and read some basic history/sociology/political science/anthropology/philosophy -- hell, almost anything that deals with humans. There are such things as clues lying around there. Try to find at least one.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Why is this any different than the Feds coming in and pulling apart your house with a warrant?
This is not taking your house apart to search for something. This is like installing hidden microphones and videocameras all around your house to see if you are doing anything illegal. Sure, you still need a warrant, but
(a) there are a lot of tame judges that go along with pretty much everything a DA asks for;
(b) fishing expeditions become much more alluring;
(c) the DOJ might decide to install a keyboard sniffer on your machine over the net, a remote intrusion attack. If it'll work (whether this will work depends, as usual, on the cluefulness of the target computer's owner), the temptation to install sniffers all over the place will be irresistible. And think of the justification: there is no invasion of privacy because just installing a sniffer by itself does not provide any of your info to the cops. Only later, if it turns out that the cops do need info from your hard drive (say, they are bored and want to check out your pr0n), then they can use the handy captured passwords to read all your safely encrypted stuff.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
This matter is more important from a philisophical standpoint than a practical one -- do we really want our government to have this sort of intrusive control over our lives and our information? I certainly don't.
"Free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, while the once free nation slowly restricting its grip of free discourse has begun its rapid slide into despotism.
Beware he who would deny you access to information, for in his heart he dreams himself your master"
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Say goodbye to your personal liberties.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I want my fscking lawyer the *second* the government starts snooping around. Without some kind of legal protection, it's too easy to strip away my rights (why do you think the cops never ever want anyone to call a lawyer?).
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
a warrant is grounds to enter and search
How about break in and watch?
The problem is that conventional enter-and-search is very manpower-intensive. The budgets and staff limitations of law-enforcement agencies ensures that they don't do too many searches. Now, if they'll be able to pull off a remote intrusion attack and install a keyboard sniffer / trojaned encryption on your system -- possible, given sufficient cluelessness of the target computer's owner -- then the process becomes very quick, painless and cheap.
Your local police department cannot do 1000 searches a day. But it can install 1000 sniffers in a day (given the warrants, etc.) and will be tempted very much to do so. Somebody's selling marijuana in a neighborhood? Find a tame judge, install sniffers on everybody's machines and catch your guy! This ain't gonna work this way, but that's the way the police departments will think. And if they bad a couple of tax evaders along the way, so much the better.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
When the government starts coercing operating system companies into putting law enforcement back doors into their distributions, I'll be glad I'm running an open source OS. ;)
Geeky modern art T-shirts
If the police get a warrant, they can burst into your home and search for kiddie porn in your closet, under your bed or on top of the laundry hamper in your bathroom. They can also override any security procedures you have installed to prevent this - like a door lock. Heavens! We have to do something to stop this invasion of privacy.
--Shoeboy.
I submitted this as a story, but it probably won't be posted now. Here is the original Washington Post article all the other news sources are quoting...
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
Why would you even care that the feds can crack into your machine? ... And even if they did go to every machine, if you haven't done anything illegal, who cares?
Ah, another of those happy people...
I guess, then, that you wouldn't mind a device in your car that recorded every time you went over the speed limit, would you? You probably also wouldn't mind wearing another device that calls the cops when you cross the street on a red light, or throw a piece of paper on the sidewalk, would you? And, of course, the cops are never ever going to use any of this information for other purposes (like reading erotic email for fun).
[sigh]
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
The spooks like hardware...
How about a keyboard cable that looks exactly like the one you have now, but just happens to have certain additional capabilities?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
It sounds like you want to have a chance to hide stuff that looks bad. I can understand that. But with a non-sealed warrant, you can't see it coming, either. The only difference is that you can see them rummaging around your house.
No, you don't understand the difference. Let's say I have collected a large body of information on home-growing of pot and stored it on my hard drive. Suspecting that other people might not think that my motives are pure, I encrypt all this stuff, and, maybe use steganography, as well. Now if the cops come with a warrant, they have to deal with the encryption. They need a court order for me to surrender the key, I can claim Fifth Amendment, etc., etc. It becomes a prolonged legal battle, expensive for the cops to wage.
However, in the case we are discussing now, the cops have installed a keyboard sniffer on my machine and so don't need a court order for my encryption key: they already have it. Major time- and effort-saving for cops happened, and I am screwed in worse way than with a 'normal' warrant.
Again, as I posted elsewhere, I don't believe (as a lot of posters around here) that the main issue is with the warrant being sealed. That was done before, and while unpleasant it is understandable and perfectly legal. I think that the main problem is making the search-and-seizure so easy, fast and cheap, that the balance of power shifts and the protections we have look much more inadequate.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
You're not addressing this particular action; rather, you seem to have a problem with how search warrants are granted in general.
Not exactly. I have another post which describes the main problem with this idea, but basically the physical enter-and-search is quite manpower-intensive. Your local cops physically cannot do 1000 searches every day. Electronically they can, and they will be tempted very much to do so. This is not a problem with the granting of warrants (that problem exists, but it is different), but rather a problem with the fact that one of the existing limitations on search-and-seizures starts to disappear and that upsets the balance of need-to-know vs. privacy.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
>>What next? Random inspections of everyone's machine to see if there's anything illegal!?
Yes. The government is slowly taking away our rights, one-by-one. I used to drive a truck (18-wheeler). The law requires that trucking companies randomly drug test drivers on a draconian random basis. A friend has been test 3 times in the last 6 months. No warrants. No suspicion. Everyone gets tested. The rules require that the 'target' not be notified. He comes in to work and is told to go directly to a drug testing center. The justification is to make the roads safer since such a large number of trucker are drug addicts. And it has made things safer, too. Don't all of you remember the daily reports of drug crazed truck drivers either barreling through playgrounds full of beautiful young pregnant mothers and their sweet innocent children playing, or running church buses off the road killing all aboard? When is the last time you heard such a report? The politicians had to do something to protect all this goodness.
Now, everyone knows that nearly everyone who uses the internet spends a considerable amount of time searching for and exchanging pictures of these same sweet mothers and children being raped and sodimized. In order to protect all this goodness the politicians will have to implement some sort of constant, yet random, monitoring of the populace. I ask you. What's the difference?
Rights? Privacy? If you're not doing anything wrong, you won't mind the secret police secretly reading everything you type.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Probably, they really do want to protect us from terrorists. But this is too much. I have nothing to hide. If they want to take a look at my computer, I'll gladly cooperate. All they have to do is show up at my door and with a warrant that they will show me, and I'll gladly let them look at whatever they want. But until they get that warrant, I'll do everything I can to keep my stuff private. I'd been putting off using encryption, simply because too few of my friends know how to use it. But I'll be starting now.
How about keeping your old keyboard? ;)
Ah, that's a free upgrade program courtesy of the Federal government. Why, they'll come in and upgrade your keyboard cable all for free, you needn't worry your pretty little head about it. They may forget to mention it to you, too, but you know how paperworks gets lost...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.