Australian Police Given Power To Use Spyware 450
reek writes "An Australian newspaper has reported> that the contentious Surveillance Devices Act has been passed. The act will (according to the article) allow Federal Police to obtain warrants to secretly install spyware onto users computers enabling them to "monitor email, online chats, word processor and spreadsheets entries and even bank personal identification numbers and passwords.""
A Good Thing? (Score:5, Interesting)
I vaguely remember there's a country where it is illegal to obstruct surveillance by way of encryption. And you may be required to hand over all your passwords (if some are protecting legal documents like a Will) if the police decided to take a good look at you.
I can imagine a police listening to a phone conversation interrupts the suspects and requests them to speak in plain English.
Re:A Good Thing? (Score:5, Interesting)
Information obtained unlawfully never stands in court. Because the Constitution is a living document that must be updated to take into account changing technologies, however, the definition of "unlawful" must change.
In brief, "Anything not nailed down is ours. Anything we can pry loose is not nailed down!"
Meantime, the US has had this since 2001 [wired.com], so it's not like Australia's move towards normalizing law enforcement techniques to modern standards is anything new.
Modern??? (Score:3, Insightful)
That's right, down there in little Australia they still use stone tools and hunt kangaroos with spears.
How is a shortsighted unworkable piece of legislation modern?
Re:A Good Thing? (Score:2, Insightful)
I also use 448bit Blowfish encryption.
If I forget my passphrase, no matter how pissed the cops ge, it doesn't really make a difference.
Now, if their spyware had keylogged the phrase the last time I decrypted....
Re:A Good Thing? (Score:4, Funny)
I hope you can still say that when your cellmate starts referring to you as 'Shirley'.
Re:A Good Thing? (Score:4, Insightful)
There's this thing called 'contempt of court'.
Prosecutor : "Well, would you please tell us the passphrase to your files."
You: "I forgot it (grin)."
Prosecutor : "But our surveillance shows you opened that file yesterday, and 5 times last week. And yet, you forget?"
Magistrate : "Defendant, it is obvious that you know your passphrase. Please reveal your passphrase to the court."
You : "I forget (grin)."
Magistrate : "Very well. Three months in jail for contempt of court. This session will resume at a later date."
Re:A Good Thing? (Score:5, Informative)
The UK, I believe?
Where its illegal to 'possess any information which might be useful to a terrorist'
Re:A Good Thing? (Score:5, Insightful)
After all, such a map could be very useful to a terrorist intent on terrorizing some place.
I was over there a few months back, and I saw lots of street maps for sale at the airport. I wonder if those vendors have been arrested yet?
Re:A Good Thing? (Score:4, Insightful)
Re:A Good Thing? (Score:5, Interesting)
a. Would a corporation (MS) work with the feds to allow this software a backdoor to bypass security and be easily automatically installed on the system?
b. What precautions would be made to make sure this software didn't end up in the hands of others and spyware companies?
c. How are they going to get around more savvy users if firewalls are installed on the systems being monitored?
Not that I am looking to commit any crimes, but from things I've seen in the news lately, I worry about the future US government or any government abusing it's powers. On another note
Re:A Good Thing? (Score:3, Interesting)
If the Feds came to them and said, "You know, if you want to keep doing buisness, we need this from you," you can bet that they would do it. Microsoft is a corporation, and corporations exist to make money, so it's safe to assume that they would cooperate. (One side note: It's not like these sort of hooks need to be added. Internet Explorer seems to pi
Someone please tell me... (Score:5, Interesting)
Re:Someone please tell me... (Score:3, Insightful)
Re:Someone please tell me... (Score:3, Insightful)
Please keep in mind that these are the police. They are not some random script kiddy, and would focus much more strongly on your computer. It also means that they probably already got a warrent to search your house and will have physical access to your computer. And my guess is that they will be able to take control of your computer in as much time as it takes to boot (not saying how to not encourage moron kiddies). And since y
Re:Someone please tell me... (Score:4, Insightful)
There is no secret piece of cross platform software available that can give 100% systeminfo without detection and be transparent to a clued up user.
There are however 100s of Windows only programs that can get so far inside the backdoor that even goatse is jealous, and STILL not be detected by a user ("Oh it was running a bit slow" they say as you nod slowly and sip your coffee whilst waiting for Adaware to finish its scan.)
btw, im a Windows user, not Linux - I merely pointed out the usual flaw in the plan.
Re:Someone please tell me... (Score:5, Interesting)
because they're looking to get enough evidence to arrest you. all that is needed to get a warrant in most oecd countries is "probable cause". basically, the cops go to a judge and say "we have a guy who says a guy told him that person a might be a drug dealer. can we get a warrant?" and more often than not, the warrant is issued.
depending on the type of warrant, they can get a one time search and seizure, a wiretap on your phone or a passive listening device in your room. all this law in australia does is just add computer traffic to that list.
if you are concerned about your privacy and protecting it from the warrant system, you're about two hundred years late in complaining.
Re:Someone please tell me... (Score:3, Interesting)
They can have all of the spyware they want, but if they can't even get the system to boot, they'll never manage to install it, and if the software also logs/displays failed or incomplete access attempts, it'll be tipping the owner off that someone was trying to tinker.
For "secure" computing, I'd be picking a laptop with a bootable en
Re:Someone please tell me... (Score:3, Insightful)
Re:Someone please tell me... (Score:2, Insightful)
Re:Someone please tell me... (Score:2)
And given that in circumstances like this, the powers-that-be like to ban things that might make it difficult for them... like, oh I don't know, Linux for example?
Re:Someone please tell me... (Score:4, Interesting)
One of the parents is correct that they're likely to just get a warrant, pull your PC/laptop apart and put some kind of wacky hardware keylogger in there instead.
Re:Someone please tell me... (Score:5, Insightful)
Well, of course it would count as a crime! Probably as simple as "tampering with evidence", but it wouldn't surprise me if they invented a special category of crime, over which we have no control, to deal with (for example) AdAware detecting and removing such software.
But... Why on Earth would you want to remove it?
Just fake it out, and you have carte blanche to commit whatever crimes you want, with the state's own "evidence" of your whereabouts to clear you at any given time...
"And how do you suppose my client committed this crime, when your own activity logs show him viewing... Um... homoerotic goat porn??? at the time of the crime?"
As an aside relating back to my first paragraph, I personally run AntiVir for precisely that reason... As a German company, they treat a US government sponsored virus (such as the FBI's Magic Lantern) the same as any other virus - Namely, they detect it, quarrantine it, and kill it. Unlike both Norton and Mcafee, which have publically stated that they will not detect any virii such as ML.
Re:Someone please tell me... (Score:2)
Removing the spyware would be "obstruction of justice.
KFG
Re:Someone please tell me... (Score:3, Insightful)
Re:Someone please tell me... (Score:3, Informative)
on a friend's pc, it found about 400 baddies. yes, that pc was full of popups/etc.
its free, they have extremely regular updates and it works.
Re:Someone please tell me... (Score:3, Insightful)
True. Possible.
However, it certainly can't hurt to start with a non-deliberately-broken AV scanner. And, although DNS spoofing may not take too much effort, AntiVir's parent company has no motivation whatsoever to cooperate by digitally signing a fake update to their program.
The biggest problem here involves trust - Once a company that we, by necessity, choose to trust to keep our computers virus-free, decides to go to the dark side and cooperate with a given g
Re:Someone please tell me... (Score:2)
what's the big deal? (Score:5, Insightful)
As long as they need to obtain a warrant first, I don't see the big deal.
Re:what's the big deal? (Score:2)
Re:what's the big deal? (Score:2)
Re:what's the big deal? (Score:2)
Nah, I don't see that being all that good an idea, if you posit that there is a purpose to having surveilance under warrant in the first place, then saying that you have known sanctuary from it in your home doesn't seem very l
Re:what's the big deal? (Score:2)
Re:what's the big deal? (Score:5, Insightful)
Re:what's the big deal? (Score:3, Insightful)
Re:what's the big deal? (Score:3, Insightful)
In the U.S. that's supposed to be We the People, all our votes and all our guns. Most people, however, have been snowed by U.S. government propaganda aimed at its own citizens. "This will protect you from terrorists." Bullshit. But most pe
Re:what's the big deal? (Score:5, Insightful)
Actual property search warrants [to my knowledge] require the alledged criminal to be issued the warrant, and present for the search. The info in the computer though [assuming no internet connection] stays in the computer. Placing a keylogger on the machine without informing the owner seems to be a special circumstance to get around age old search warrant law.
It'd be much better if it limited the spying to internet connections.
[disclaimer: I am not austrailian, and I am not a lawyer, some assumptions might be wrong, and render the arguement moot.]
Re:what's the big deal? (Score:2)
They can still get warrants to tap homes for actual sound within the home. And they don't need to tell the person being tapped - they just need the appropriate warrant.
Re:what's the big deal? (Score:2)
True. Didn't you see that episode of The Sopranos where they bugged the lamp in the basement? TV never lies. Then again, "It's not TV, it's HBO."
Re:what's the big deal? (Score:4, Informative)
Re:what's the big deal? (Score:3, Interesting)
Come back when you have info about how many were later found to have been issued improperly.
Re:what's the big deal? (Score:3, Insightful)
2 How often will they FIRST tap you, THEN if they find anything they'll get a warrant so they can use the evidence?
Nice (Score:2)
Re:Nice (Score:4, Interesting)
Re:Nice (Score:2)
Re:Nice (Score:5, Informative)
Great... (Score:2, Insightful)
Re:Great... (Score:5, Funny)
Your Honor.... (Score:2, Funny)
Of course... (Score:2)
Linux switch... (Score:4, Funny)
One cannot trust a closed-source anti-government_spyware program working an a closed-source O/S, but the same perogram implemented as open source running on an open-source O/S? Yeah, much better.
Possible scenarios (Score:2)
Your honor... we obtained the warrant to install it. But we don't freaking know how to do it!
(His honor: ) Argh! Damn Linux!
Scenario 2:
OPEN THE DOOR! POLICE!
(hacker deletes everything from his computer using a three-finger hotkey)
Yes, officer? How can I help you?
We're here to install some spyware on your machine. We have a warrant.
Oh sure, come in.
(half an hour later...)
(hacker unplugs his PC. Runs anti-spyware, and reboots)
*whistles*
Re:Possible scenarios (Score:2)
Scenario 2:
OPEN THE DOOR! POLICE!
We're here to install some spyware on your machine. We have a warrant.
Oh sure, come in.
(half an hour later...)
A half hour? I would think it takes a couple days to get all the dependencies right. Some will be an easy rpm install, but two or three will have to be compiled using an outdated set of dependencies that're impossible to find anywhere and which recursively rely on other impossible to find dependencies. Eventually, the cops give up in frustration and d
Better yet: Run Windows like Linux: Not as Root (Score:3, Insightful)
Get Win2K or XP and do your daily work as a limited user. Stick with apps that work as a limited user (Yes, this means dumping Quickbooks for Simply Accounting). Ditch or fix the games that need Admin to run and tell your vendors to clean up their act. Take charge of your PC already and stop blaming Microsoft.
Re:Better yet: Run Windows like Linux: Not as Root (Score:4, Insightful)
Answer: It doesn't.
Thoughts On Law Spyware (Score:2)
I also, wonder what kind of stance the Australian Law Enforcement will take towards these companies. Will they provide them with information to avoid their spyware (I doubt it)?
I'm a
Can you say "circumvention device?" (Score:2)
The real target of making it illegal to remove federal spyware would be the makers of spyware removal programs, who have a lot more to lose than someone already under heavy surveil
Couldn't this be used to prosecute? (Score:2)
Or even spyware for that matter.
Like wiretapping without a court order?
Whatever (Score:5, Interesting)
Yea, OK. Because as the software companies have learned from their massively successful bout with game pirates (assuming you use "successful" to mean "it wasn't warezed before it even hit the bloody store shelf") you can effectively use a person's PC against them.
Whatever. Looks to me like the computer geek is just going to become a staple of the successful organized crime family in Kangaroo-land, that's all. You cannot put a skilled person in front of a computer and not have them figure out how to break your stupid protections and spyware and whatever else you want to try and pull over on them. If it's on my computer, and I have a reason to go looking for it, I'll find it, and I'll break it. Guaranteed. You cannot hide things from someone on their own computer.
Yet another technology that will have absolutely no effect on the big time criminals and will waste money catching the little guys that weren't really capable of getting away in the first place. In fact, I'm now taking bets on how long until someone figures out how to sniff out the signature and disable it.
Re:Whatever (Score:2)
On the plus side there are now a lot of extra interesting and challenging jobs available for any unemployed slashdotters and organised crime is one thing that's totally safe from outsourcing!
Re:Whatever (Score:5, Interesting)
I disagree. Bad intrusion software is easy to detect. Good intrusion software is difficult to detect. Top notch intrusion software can exist for years under the nose of skilled people who are looking for it.
Also, what makes you think that the good stuff will be software? Ever wonder what all of that firmware on your video card does? If it just detected certain kinds trigger conditions (perhaps on the bus from certain kinds of ethernet packets being latched off of the network card) and responded by taking a screenshot and saving it into some unused header space in outgoing HTTP requests (hard to grab and re-write from the bus, but I'll bet you could do it)... how would you know? No disk activity. No increase in network usage. No software running on the main CPU...
Better yet, just put it in the network card... that market is totally cut-throat, so I'll bet that anyone who offered a network card manufacturer a large sale or two in exchange for some extra firmware... well...
"Yet another technology that will have absolutely no effect on the big time criminals and will waste money catching the little guys that weren't really capable of getting away in the first place."
Well, it will enforce a kind of evolution, right? The guys who manage (however they do it) to survive this kind of attack will win. That might not be the biggest fish.
Re:Whatever (Score:2)
I would fully disagree with the phrase *ABSOLUTELY* because that phrase is almost *ALWAYS* wrong.
Fact is big time criminals use either off the shelf or easily obtained software for ill-will. That software is easier to be moni
Just getting this now? (Score:2, Informative)
http://news.zdnet.com/2100-9595_22-524798.html?le
Re:Just getting this now? (Score:2)
for that reason though Carnivore is more effective. It hard to detech a sniffer if placed on a point in the network your don't control. Spyware being directly on the client side machine is relatively easy to find.
Couldn't this be accomplished... (Score:2, Funny)
heh (Score:2)
where are they? (Score:2)
What's the best way to sandbox these programs to study them later?
Anyone have any links to these sites?
Buy Alcoa stock now! (Score:2, Funny)
I wonder how those "Crocodile Dundee"-style hats would look when covered with tinfoil....
Well now, (Score:2)
Re:Well now, (Score:4, Insightful)
I am willing to bet that less than 1% of those that are surveyed will even be aware of it.
I am willing to bet, that less that
This Raises Legal Questions (Score:2)
1. Normally, when your government takes or uses your property in a way that prevents you from enjoying it, you get paid. If my government is installing software on my machine, that effectively occupies a portion of my hard drive and prevents me from storing data there. Thus, property is taken, should I get paid? If so when?
2. If I remove the software, am I destroying government property?
3. If the United States were to try t
Re:This Raises Legal Questions (Score:2)
2. No
3. Under the Authority of the provision. As had been exercised in previous wiretap/patriot act/rico/conspiracy laws/
4. If they still have jurisdiction, probably yes. Undoubtably they will still use itl.
Ok, here's a question... (Score:3, Insightful)
If you're an alert user, and you find this task running on your machine, and you remove it...
Are you guilty of the Australian version of Obstruction of Justice?
If so, you could commit a serious crime by simply running a spyware scanner.
Re:Ok, here's a question... (Score:2)
It is extremely unlikely you would find this as a "task" running on your machine.
Re:Ok, here's a question... (Score:2)
Seriously, if they can't snoop Linux too, they have a problem and the authorities just love making their problem *your* problem.
A license to phish... (Score:2)
Easy fix, sort of. (Score:2, Interesting)
Re:Easy fix, sort of. (Score:2)
Ghost (Score:2)
It might not keep the spyware out, but it will at least make it a pain in the ass for them to keep it on.
The link (Score:2)
Maybe that's the Kangaroo Kops trying to install an M$ bug in everyone's browser...
the scary thing is... (Score:2)
Big deal... (Score:2)
Of
Is anybody else seeing an easy go-around? (Score:2, Insightful)
Coming to a Court Room near you... (Score:4, Funny)
"That's enough for me! I sentence you to life!"
What's wrong with the UK and Australia? (Score:5, Insightful)
Re:What's wrong with the UK and Australia? (Score:3, Funny)
Ceremonial swords I don't understand, but toy guns I agree with completly. They are horrible things and I for one would be glad to see a lot less of them.
ban guns, make it easier for criminals. (Score:3, Insightful)
Gee, do you think that could have anything to do with the assload of money that administration directed toward hiring new police officers? The timing cannot be mre coincidence: at the very time the Clinton administration's new measures were going into effect in 94/95 (Billions directed toward hiring thousands more police officers, a castrated assault
cat and mouse (Score:3, Insightful)
Crooks use things like radio scanners to look for wireless bugs. They can use tools to search for such spyware, essentially tools like Adaware or virus scanners or sum | diff.
Once crooks find out how their systems are compromised, spyware removal tools can do their work, and crooks can take evasive measures. For example, installing many sets of OS binaries, DLL directories, registries, etc, on each machine. In different directories, different file systems, different disks, whatever.
You could play all sorts of cat and mouse games. Sounds sorta like fun, except, guilty or not, it's probably not fun having the heat on your tail.
yet another reason to carry a Knoppix disc (Score:3, Insightful)
but I got antivirius (Score:3, Insightful)
Re:So the have to get a warrant (Score:2)
Re:So the have to get a warrant (Score:3, Insightful)
(snort)
you can't be serious, can you? They never take responsibility. It's your own darn fault for looking suspicious in the first place.
Re:Another useless law (Score:2)
Second, it goes with the computer. Packet sniffers are network dependent, "spyware, or monitorware" is computer dependent
Re:How Will This Work? (Score:2)
Re:How Will This Work? (Score:2)
Besides, if they really want what's on your box they'll get a regular warrant and take your drives. Or, if allowed in America Jr., do a "sneek and peek", boot your system from a live CD, copy all your files to another drive, and add a special kernel module.
Re:Just when (Score:2, Informative)
Re:I can just see it now. (Score:2)
Re:Only in ... (Score:2, Funny)
Aussies! Run as a Limited User to avoid your cops! (Score:2)
Then I'd like to see the first judge that orders you to run your computer as Admin so they can install spyware behind your back.
Re:What bothers me... (Score:2)
The beauty of laws is that there's always loopholes.
Re:Simple way to work around this (Score:4, Funny)
And thus, Microsoft will conquer the world.