SoylentNews is people
SoylentNews
A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.
"Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public's reasonable expectations of privacy," the judge wrote. "Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
The judge argued that the FBI did not even need the original warrant to use the NIT [Network Investigative technique/Toolkit] against visitors to PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation.
(Score: 5, Insightful) by maxwell demon on Saturday July 02 2016, @06:51AM
In other news, a court decided that houses aren't private, as it is easy to break into a house, as the large number of burglaries demonstrates.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Saturday July 02 2016, @06:52AM
You were unaware of no-knock search warrants?
Fuckers don't even have to pay for damages.
(Score: 1, Insightful) by Anonymous Coward on Saturday July 02 2016, @07:44AM
If you can't see how this is an even bigger issue, well I've got a list of rights to sell you :)
(Score: 1, Insightful) by Anonymous Coward on Saturday July 02 2016, @07:54AM
And if you are too ignorant history, your bill of rights wouldn't have helped anyway.
Most of this legal reasoning follows from the destruction of evidence arguments that went with the war on drugs. Your right to privacy was kicked-in, literally, once the judiciary decided preserving evidence was more important than you being secure in your effects.
This is that same sensibility applied to the digital domain, with cops being able to kick-in your fire wall in order to gain evidence.
(Score: 2) by The Mighty Buzzard on Saturday July 02 2016, @10:34AM
Being able to try...
My rights don't end where your fear begins.
(Score: 4, Interesting) by butthurt on Saturday July 02 2016, @06:16PM
A lawyer for EPIC has made the argument (although AFAIK it wasn't presented in this particular case) that government-placed malware could violate the Third Amendment:
--https://web.archive.org/web/20131209153222/https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2257078 [archive.org]
an article about it:
https://web.archive.org/web/20130520032527/http://fiercegovernmentit.com/story/third-amendment-constrains-military-cyber-operation-argues-epic-lawyer/2013-05-05 [archive.org]
(Score: 4, Insightful) by davester666 on Saturday July 02 2016, @08:03AM
The judge is saying that since burglars have no problem breaking into houses, it's inevitable that your house will be broken into, therefore, the police can break into your house whenever they want, no warrant is required.
Ergo, I can't think of any place where the police would be required to get a warrant.
(Score: 1, Interesting) by Anonymous Coward on Saturday July 02 2016, @08:14AM
Um, no.
The judge is following arguments that the police can peer through your windows, and what ever is in plain sight becomes probable cause. The window is your internet connection.
It's not like he gets to make such a radical pronouncement without some prior legal standings to fall back on.
(Score: 0) by Anonymous Coward on Saturday July 02 2016, @08:17AM
Um, yes, and you're a fool. The mere fact that someone's security is bad doesn't mean you can break into someone's house, break into someone's computer, etc. If anyone other than law enforcement did this, they would probably go to prison.
If he's relying on precedent, then that precedent was made by judges who also didn't follow the constitution. They are traitors.
(Score: 1, Touché) by Anonymous Coward on Saturday July 02 2016, @08:28AM
"They" didn't break into his computer. "They" had a honeypot and monitored traffic.
But you know what? Fuck it! Declare yourself Superpatriot and get all hot and bothered instead of thinking through the line of reasoning and coming up with a reasonable counterargument.
That's so much better.
(Score: 0) by Anonymous Coward on Saturday July 02 2016, @08:38AM
My counterargument was a reasonable response to abject stupidity.
(Score: 3, Informative) by Anonymous Coward on Saturday July 02 2016, @10:05AM
In the previous story (this is a dupe) with a far more informative article:
https://www.helpnetsecurity.com/2016/06/24/fbi-doesnt-need-warrant-hack/ [helpnetsecurity.com]
The NIT also instructed Matish's and other suspects' computers to send information about the OS running on it, its name, its MAC address, and its active operating system username to the server controlled by the FBI.
Thus they did a lot more than traffic monitoring. The retarded/evil judge himself said it:
“Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy,” he opined.
Hacking is far closer to "Breaking and Entering" than peering into windows of a house.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 02 2016, @03:27PM
If I read this article, it sounds like the Network Investigation Technique (NIT) does something like this:
1) Perp Attempts to access illegal image on WWW site that is controlled by the FBI with their NIT software installed.
2) NIT sends back some javascript or perhaps tickles a browser bug and instructs the browser to do something in a certain way that reveals public IP address outside of TOR and/or collects other identifying info. I am not sure what the black magic is here, but if it can be done.....
3) IP address and other info is sent back to WWW site where the illegal image resided.
If that is the way it went down, then I have no problem with what the FBI did. You really shouldn't have an expectation of privacy with respect to a WWW server if you are initiating connections to it. That is what privacy policies are all about....in theory any WWW site can put up a privacy policy that says "we will collect and use anything we can if you connect us".
Reading the TFA it doesn't sound like the computer was just sitting there minding its own business when the FBI came breaking in....
You wanna maintain your privacy, don't connect to WWW sites....just because you use TOR doesn't guarantee you a right of privacy.
(Score: 1, Touché) by Anonymous Coward on Saturday July 02 2016, @04:26PM
No, but I would have thought that a person who specifically uses the Tor browser might have an expectation of privacy.
(Score: 1) by kurenai.tsubasa on Saturday July 02 2016, @05:38PM
instructs the browser to do something in a certain way that reveals public IP address outside of TOR
This part is concerning. From a technical standpoint, how are they inspecting the computer's network interfaces, and how should I patch my browser so that it isn't affected? The article mentioned MAC address, which I understand may be used when generating a UUID [wikipedia.org]. I haven't dug into any UUID generation libraries—fairly certain version 1 isn't used widely—, but version 3 and 5 both mention using a DN which may contain the username that article says was retrieved. Version 5 uses SHA-1, which could be brute forced if I'm not mistaken. (Version 3 is MD5 so all bets are off.)
I'm pretty such just about every library hands out version 4 UUIDs. Those wouldn't disclose either MAC address or username/DN.
Here's a discussion about generating version 4 UUIDs in JavaScript. [stackoverflow.com] I'm trying to remember if Flash ActionScript had UUID generation (ugh, can't believe I still have a project written in Flex, made it just a couple years before HTML5 was ready). Looks like mx.utils.UIDUtil [adobe.com] would be the suspect. It generates version 4 UUIDs, but I'm wondering if UIDUtil.getUID(someObject) might return a vulnerable version. Meh, no way I'm bothering with setting up a Flex environment on the home computer to give it a test, will need to wait until Tuesday to see on the work machine.
Anyway, I'd have trouble finding a problem with firing off nmap -A. I would hate to think that this constitutes “hacking.” On the other hand, if Flash is the vulnerability, I guess ¯\_(ツ)_/¯. I still wouldn't tend to think it's hacking unless it's exploiting a browser bug. Wonder if we'll ever know for sure?
(Score: 2) by quintessence on Saturday July 02 2016, @05:48PM
The difficulty here is that the FBI were in control of and distributing child pornography. Big no-no as it wasn't a part of the original operation, as well as questions as to when/why the FBI gets to break the law.
The other part, if i recall correctly, is that the FBI have not revealed how they obtained the IP addresses, so there are questions as to the veracity of the evidence and even who actually accessed the site (see story here [soylentnews.org]with another court ruling that an IP address isn't enough to establish guilt).
Charges have already been dropped in several of the arrests since the FBI didn't attempt to obtain a warrant, so this seems like hail marry to see if the charges will stick.
And after all that, you can have the philosophical argument of police monitoring even though you are in a public space without just cause. It seems the police get very irate when the cameras are turned back on them, even though they are in a public space too.
I doubt the judge would take kindly to people peering into the windows of his house.
(Score: 2) by davester666 on Saturday July 02 2016, @08:32PM
Having to "hack" the destination computer means it's not just looking in. It is more like carefully bumping the lock, or cutting out the window so the owner can't readily tell you opened the door/window to see something you couldn't without doing it.
"looking through a window" would be analogous to what your browser sends without hacking or even if you have file sharing turned on, and your computer is directly attached to the internet and the fbi could log onto your computer WITHOUT needing a user name/password.
(Score: 4, Insightful) by Bot on Saturday July 02 2016, @07:59AM
Yes, if you did not want your house to be broken into, you should have not made it reachable from the street, duh.
Account abandoned.
(Score: 2) by Nerdfest on Saturday July 02 2016, @02:55PM
So much for "stealing military or state secrets" then.
(Score: 2) by digitalaudiorock on Saturday July 02 2016, @01:38PM
Exactly, because after all you can "see" the front door right? I saw this story a while ago:
https://www.helpnetsecurity.com/2016/06/24/fbi-doesnt-need-warrant-hack/ [helpnetsecurity.com]
I was talking to lawyer friend about this one. He thinks there's almost no question at all this insane ruling will be appealed and reversed by a circuit count. So in the long run it will just set a precedent preventing such idiocy from the affected districts.
(Score: 4, Insightful) by Anonymous Coward on Saturday July 02 2016, @03:46PM
And yet DRM, no matter how ineffective or trivial, is enough to kick in all sorts of legal protections for corporations...