[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Cryptography] DOJ Wants to Expand Authority to Break Into Suspects' Computers

On Mon, Jun 2, 2014 at 7:48 AM, ianG <iang@xxxxxxxx> wrote:
> On 31/05/2014 22:28 pm, Bill Frantz wrote:
>> From SANS NewsBites Vol. 16 Num. 038
>> (May 9, 2014)
>> The US Justice Department (DOJ) has issued a request to the US Judicial
>> Conference standing committee to expand its authority to gain remote
>> access to computers during investigations. DOJ maintains it needs the
>> authority to access computers outside the jurisdiction of an
>> investigation because criminal schemes are increasingly crossing
>> jurisdictions.
> Please help!  The way I read this, it means a warrant would allow them
> to hack across borders.  So, tit-for-tat:  when the PLA decides to hack
> DoJ's computers, or Target's computers, or IBM's computers, or Lockheed
> Martin's computers, it can simply get a warrant from the People's Court
> #1 of Beijing and cite that to the DoJ.
> This seems to give them an asymmetric result far out of Doj's favour,
> why would they pursue this?
> Anyone?  What do I not get here?
>> The proposal has raised concerns among civil rights
>> groups, which say that allowing this activity could pose a threat to
>> Internet security and Fourth Amendment protections. The remote access
>> would be achieved through vulnerabilities known to DOJ but kept secret
>> from the public, thus posing a security threat.
> Secret vulnerabilities?  NSA whispers, or their own zero-day collection?
>  Oh my?!
> The way I read this, they have now de facto authorised every other
> justice department to start collecting zero-days and use them against
> USA corporations.  So next we see the gang of 5 PLA generals in Chinese
> court to collect their warrant.
> I can see an advantage here that this might defer the tit-for-tat arrest
> in 5 NSA generals in their next vacation to visit the great sights of
> China ... but other than that, it again seems again like a net loss to DoJ.
>> The US court system
>> currently allows magistrate judges to issue search warrants for property
>> outside their districts only in limited cases. The DOJ request will be
>> considered at the meeting of the US courts' Committee on Rules of
>> Practice and Procedure later this month.
>> http://www.darkreading.com/government/fbi-seeks-license-to-hack-bot-infected-pcs/d/d-id/1252655?
>> http://www.bloomberg.com/news/2014-05-09/federal-agents-seek-to-loosen-rules-on-hacking-computers.html
>> http://www.computerworld.com/s/article/9248242/DOJ_seeks_new_authority_to_hack_and_search_remote_computers?taxonomyId=17
>> http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499
>> [Editor's Note (Pescatore): The remote access part is worrisome, opens
>> up huge potential for cyber-damage to innocent bystanders in many ways.
>> It is pretty straightforward to turn off a wiretap or remove a tracking
>> device from a suspect's vehicle. I don't think it removing a remote
>> access Trojan is quite as simple, let alone giving law enforcement the
>> authority to keep vulnerabilities secret from the public.  I don't want
>> to be too hyberbolic, but to me this has the potential for backfire as
>> the "Fast and Furious" ATF project to smuggle guns *into* Mexico to see
>> who buys them. ]
>> I would add to John Pescatore's comment: I can see the TLAs delivering a
>> NSL to developers of major software requiring them to install backdoors
>> and keep quiet about it. Do Apple and Microsoft have a canary? How about
>> Firefox, Opera, Crome etc?
> And, when the execs of those countries are fronted before court in
> another country, what is the defence?
> Is the next thing we are going to see arrests of employees (American and
> Chinese) in China for hacking.

>> http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499
>> http://www.law.cornell.edu/uscode/text/18/1030


They're asserting right to:

a) remotely hack computers whose location "is not known because of
the use of technology such as anonymizing software", and to search,
seize and copy information therein.

This new assumption of default jurisdiction should be of major interest
to list members and users worldwide.

b) do the same to you if you've been hacked, regardless of whichever
known US district you're in.

This is a bit different because the criminal is effectively sharing
your house, whether or not you are aware of it (and if aware, whether
or not you choose to report their crime upon you and/or others.
[Presumably for LE to know to hack you they already know of the
criminals crime upon whoever.]). Since they know the location they
should go knock and get the systems as usual, no need for remote
access and non-traditional notice giving.

Forget the talk of zero-days affecting internet security, the jurisdiction
and cross-border issues are what's really at stake here.

c) "The amendment does not address constitutional questions"

Related to source code reviews before commit...
specific case law is nice, but the idea that laws can pass and affect
people before even general review is a flaw that happens all too often.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to