How the FBI Hacks Around Encryption 91
Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
They *dont* get a warrant (Score:5, Informative)
"they should be able to get a warrant to try to break that encryption"
RTFA, That's his point too. The trouble is he only finds 9 examples of judges giving opinions or court orders:
"Mayer analyzed the few public examples of law enforcement hacking he was able to find, most of them from the FBI and DEA: five public court orders and four judicial opinions."
He found discussions where the FBI expressed the belief that it is legal without a warrant and alluded to previous times they'd done it warrantless.
"He also looked through declassified FBI documents and found that officials there have “theorized that the Fourth Amendment does not apply” when investigators “algorithmically constrain the information that they retrieve from a hacked device"
"Mayer said that in internal emails, federal investigators argued that targeted hacking might not constitute a search, and hinted at past times when officials may have hacked without getting a warrant first."
So if you believe the FBI has only done this 9 times then perhaps Libertarians are crackpots. On the other hand it seems likely the FBI has done this hundreds of thousands of times, and thus 9 examples of judicial opinions on cases suggests they're not telling the courts.
The FBI of course won't even reveal the total number of targets its used malware against, be it 9 or 9 million.
Most likely similar to Stingray (Score:3, Interesting)
It will another case similar to Stingray, the cell phone intercept:
http://www.yro.slashdot.org/story/12/10/27/144229/secret-stingray-warrantless-cellphone-tracking
Where the FBI claimed they could do it with a pen register (i.e. without a warrant), and used pleas bargaining and misdirection to keep the details of the intercepts from the court.
And of court every little district cop used it without a warrant, or even a legal basis for its use:
http://yro.slashdot.org/story/15/05/25/0344206/san-bernardino-sherif
Re:They *dont* get a warrant (Score:4, Interesting)
Why do they get to violate the DMCA?
If it is protected by encryption, no matter how weak, it is a federal offence to break the encryption.
Re: (Score:2)
Only applies if the encrypted data is copyright by a company with a valuation over $10 million US.
Re: (Score:2)
Why do they get to violate the DMCA?
If it is protected by encryption, no matter how weak, it is a federal offence to break the encryption.
Why do police cruisers get to break the speed limit?
Re: (Score:2)
--
JimFive
Re:Hacking 'Round Encryptions (Score:4, Insightful)
Ideally, judicial review ought to be good enough. However, in practice that's not true. The FISA court is one entity that frequently deals with cases involving electronic surveillance. While I'd like to think the court is well-intentioned, they are overwhelmed and wield great power. They've helped to expand law enforcement powers with rulings like the "special needs" doctrine. They face so many requests for surveillance that they admit they simply don't have the ability to properly review them. Essentially, the NSA is left to police itself and ensure it doesn't violate the Constitution. They're a rubber stamp. Even with other courts, requests for search warrants aren't given sufficient scrutiny and aren't refused often enough.
Re:Hacking 'Round Encryptions (Score:5, Informative)
FISA courts aren't courts. There is no defense council. It is one sided, and the government can do whatever it wants and get a warrant for anything, so long as the courts can find some ridiculous, contrived view that 'limits' the search. For example, "every email ever sent, except the one last tuesday about carl's lunch" why, that clearly narrows it down! Warrant approved!
Re: (Score:3)
BULLSHIT.
Star chamber, kangaroo "court," FISA "court"... they're all the same. Any institution that contemptible does not deserve to be called a "court" at all!
Re: (Score:1)
The moderation on posts like this is why so many people troll here. Agree or disagree with the reasoning, it's not a troll. Modding -1 troll shouldn't be used to mean -1 disagree.
If the police believe they have probable cause to search your property or monitor your communications, they have to go to a judge and present their evidence. There is no defense counsel present for this proceeding; only the police and the judge. If a search warrant is issued, it authorizes the police to search and possibly seize pr
Re: (Score:2)
Re: (Score:3, Insightful)
I'm actually a big fan of things like roads, libraries, and police departments. I don't even mind paying my taxes (I wish they were better spent/invested). Hell, I even support a strong social safety net - it stops people from stealing my stuff. I like my stuff. That's why I bought it. We need an educated citizenry that can increase their upward mobility and we need to maintain that while also ensuring that we retain our rights while establishing and maintaining protections for the commons. Most important i
Re: (Score:3)
I don't think libertarians have drifted toward neoconservativism. If you're perceiving Republicans in libertarian clothing, I think there are a couple of things going on which might give that impression but neither is driven by a philosophical shift.
The whole "TEA Party" thing for example is a rejection of the big government neocons of the Bush era. It has a few libertarian leanings, but unfortunately maintains much of the Republican baggage. These neocon/libertarian hybrids have evolved in the opposite
Re: (Score:3)
Then, you're also seeing the Rand Paul type folks who are willing to jump through the Republican hoops in order to bring a few libertarian ideas to the mainstream. Let's face it. In order to win the Republican presidential nomination, you need to have at least some appeal to the "family values" and "strong defense" contingents in the Republican base. The strategy of compromising principles for political appeal is a huge bone of contention among liberty activists. People willing to go down that road might also appear to be "pseudo-libertarians", but their drift toward the Republican orthodoxy is a matter of practical necessity, not political philosophy.
It certainly seemed like a necessity based on the past outcomes of elections and primaries. But it's not working at all for Rand Paul and other libertarian-leaning candidates that are trying to appear more "mainstream". Instead, the electorate these days is bent on rejecting anything that looks like a mainstream politician. Even the Democrats are leaning that way, with Bernie Sanders polling way higher than any of the political pundits predicted. That says less about Sanders than it does Hillary Clinton
Re: (Score:1)
The saddest part is that Sanders is closer to my ideals than Paul. I don't like Sander's route, I don't think. But, yeah... Rand's an idiot from what I can see and I agree that he's pandering to the Republicans.
Re: (Score:1)
The Democrats hate him, the Republicans despise him. He won't get much done. A government amusing itself with itself might be a good thing for the citizens. There's that.
Re: (Score:1)
So long as it is a lawful and just warrant then I've no problem with this. I used to be able to say that most libertarians aren't crackpots. Such is no longer true. Today, they're mostly Ayn Rand worshiping Republicans who are too ashamed to admit they're neoconservatives and have opted to co-opt the moniker in hopes that nobody notices. It's our fault for not speaking up against them.
I think you should be able to encrypt all you want and that they should be able to get a warrant to try to break that encryption but that you needn't help them to do so. They can have my mangled and unreadable data if they want it. With enough time and money they're allowed to decrypt it too. I can't wait until they do and find out that it's all just a bunch of saved pictures of lolcats and the occasional lolrus.
pleaz to no decrypt my bukkit! my encypted bukkit!!! nooo!!!
No, really. No lolcats but I do have a few lolrus pics saved. For some reason he amuses the hell out of me.
Wuzza "Lolrus"; "googookatchoo". Same as "I am the Lolcat; yakyakachat" ? No?
Re: (Score:1)
I don't usually enjoy most memes but I do like the Lolrus. Here's a good start.
http://knowyourmeme.com/memes/... [knowyourmeme.com]
Well, but... (Score:2, Informative)
It does not give the FBI bulk surveillance capabilities unless they work with bulk tools, namely botnets and worms trying to infect everything they can get. And that looks pretty bad when discovered.
So widespread use of end-to-end encryption would mean that the FBI would be mostly restricted to operating within the confines of the Constitution. We can't really have that.
Re: (Score:1)
Not quite the same thing (Score:5, Insightful)
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.
Re:Not quite the same thing (Score:5, Insightful)
For NSA, if you use encryption, you ARE a suspect.
Re:Not quite the same thing (Score:5, Insightful)
FTFY
Re:Not quite the same thing (Score:5, Informative)
For that, they must first have a suspect.
. . . So the FBI just declares everyone in the US to be suspects . . . so they can spy on everyone . . . that's more or less how it works these days.
Re: (Score:1)
In order for expediency, would it not be easier to repeal the Fourth Amendment and get rid of the right which our ancestors fought for to protect us from warrant-less search and seizure. Shall we re-institute the "writ of assistance" and allow the controlling party to do anything they want just to see if they can find a violation of a law?
FBI, NSA, CIA, etc...
Re: (Score:2)
You'll just become unindicted co-conspirator #3
Re: (Score:3)
To be a suspect you must have links to terrorism, or links to people who have links to terrorism, or links to people who have links to people who have links to terrorism....
This will eventuall include everyone but a small number of isolationist Amish ....
Re: (Score:1)
According to them, encryption would still prevent people becoming suspects anyway, as I understand it. I believe they claim that they'd only ever use the back door* to access encrypted data of people who are already suspects, not to conduct fishing expeditions.
*Erm, I mean the "front doo
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
The metaphor the FBI uses to describe encryption is a locked door. There should be no reason to open the locked door unless someone is already a suspect. I'd say it's generally a good thing if encryption prevents people from becoming suspects. In detective work, often when someone is suspected of a crime, the police look for evidence to support their hypothesis while disregarding evidence to the contrary. It's not necessarily malicious, but rather how the human mind works. While this may prevent a few guilt
Re: (Score:2)
I guess it depends how indiscriminate their malware and delivery systems are. Brute forcing a WPA key is one thing, but we know from the leaked NSA catalogues that at least some government agencies use malware too.
Re: (Score:1)
Except that using encryption at all makes you a suspect automatically.
Re: (Score:2)
> To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.
Not at all. Hacking can include unauthorized access to online records, to email, to phone records or audio recording on devices of people who've been in contact or may hold records of the targtet, etc. Search warrants and subpoenas are theoretically to balance the privacy of individua
Re: (Score:2)
I find it hard that anything but a corner case would require hacking to get to records held by third parties. I have decades of working in the hosting and ISP industries, requests for data come in daily get reviewed by council and generally processed, we get paid rather well to do the work. Hacking should require that you have a good reason to think that the third party is actually in collusion with the suspect. If they have a clue about security we dont have much to give them just encrypted data and lo
Re: (Score:2)
> I find it hard that anything but a corner case would require hacking to get to records held by third parties.
Then I urge you to look at the history of the "PRISM" program, I'd count that as wholesale cracking, precisely to avoid the need for telling anyone what they elect to monitor or to compelled to justify subpoenas. The NSA has traditionally, I'm sorry to say, engaged in wholesale monitoring of both domestic and international communications.
Re: (Score:2)
It's exactly the opposite PRISM used fisa warrants, NSL etc to badger companies into sending them the requested data. This was not tapping is or hacking rather having data requested sent to them via various means. The slides Snoden released were pretty clear PRISM was with the aid of companies FAIRVIEW and BLARNEY seem to be tapping cables accessing intermediary routers etc. As an ISP there are pretty well defined methods for that sort of thing to give them real time access to traffic.
Re: (Score:2)
> It's exactly the opposite PRISM used fisa warrants,
Except, I'm afraid, when they didn't bother with warrants or simply ignore the limitations of warrants or subpoenasTake a look at the rebuke by exactly the kind of judge who issues such warrents, at http://www.nytimes.com/2013/08... [nytimes.com].
The ongoing decryption efforts are tied to prism, and constitute hacking or "cracking" of the most basic nature. Examples include: the doucumented spying on embassies of allies, to quote from The Guardian.
Re: (Score:2)
Read the paper, PRISM has nothing to do with the data they gathered via intercepts that is a different program. From the article 90% of the data was coming from PRISM that is data they got via fisa warrants, they were overly broad and the NSA pushed for a broader scope than what they told the courts.
Of course the NSA spies on other nation states and foreign nationals that is their job as the primary spy agency for the US. But they dont need to bother with the clandestine bits when they get a rubber stampe
Re: (Score:2)
The US has a way of 'updating' your standard cells telco network day to day function over the network.
"Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?" (2015-09-29)
https://theintercept.com/2015/... [theintercept.com]
"...the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants"
If FBI can crack it ... (Score:5, Informative)
Re: (Score:2)
If the mil has keys, so do federal taskforces, all nations staff that worked with the US, ex staff, former staff... nations, groups that can gain insights into the methods.
eg SISMI-Telecom scandal, Italy 2006
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
...and?
It's amazing the Nigerians even have to trick you to give them your bank account number. I suppose it's nice the Russian mob shows restraint and doesn't just rip EVERYONE off.
HACKING! (Score:2)
FBI and going dark (Score:2)
Of course the FBI isn't happy about people going dark.
It's easier without having to deal with the encryption.
More and more endpoints are also getting full disk encryption.
Thinking long term, the FBI doesn't want to be in an arms race with the software developers of browsers, operating systems and the like.
Will they still be able to hack to software running on the endpoints ?
Maybe someday they won't find a way around it. Even though they have a court order they might not be able to do what they are asked to
Re: (Score:2)
In places like Ferguson and Baltimore, one could argue that it's already happened (unofficially, of course).
Missing the point (Score:1)
hmm (Score:2)
I'm curious if off the shelf protection programs detect the FBI malware, or they've been compromised at the money layer.
By their methods, you shall recognize them (Score:2)
The criminal mind-set is obviously strong with the FBI. No surprise there.
FBI does this and that (Score:1)
Elections are coming up. Is it an issue worth bringing up? Since it's given that neither democrats or republicans are going to reign them in, what's the plan? There are other choices. Or is everybody just going to treat it like the weather and complain because they can't work an umbrella?
Re: (Score:2)
Amen.
(Useless post to undo accidental bad mod.)