Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The government is working on getting broader powers for remote data access. If the Department of Justice (DOJ) approves it, federal agents can extract data from any computer, anywhere. This poses Fourth Amendment and jurisdictional concerns. A problem could also arise from the extraordinary powers given to agents. VPN anonymity gives Internet users the ability to protect the data that they transmit online. Data encryption allows them to protect the data that they store on their hard drives.
The federal government has been working on stretching their powers to access computer data remotely. It was explained as gaining the ability to hack criminal computers. But the ability extends to accessing entire networks of computers. Federal agents want to be able to access any computer or network remotely, regardless of jurisdictional limits. The matter could be decided by the DOJ in a few weeks.
This will not be the first time that federal agents have hacked computers and executed remote searches. In 2012, the use of malware too infiltrate a suspect’s email was approved. Some cases were turned down because the search and seizure was considered unreasonable. The federal government now wants the DOJ to approve changes to their powers. These changes would make unreasonable searches and seizures legal. And it would allow federal agents to conduct them anytime, anywhere.
The DOJ defends the plan by saying that existing laws already authorize their activities. They are only trying to change where they can conduct the searches and remote access. But they are not saying anything about what they are really capable of doing, or what exploits they are using.
The federal government has approached the DOJ for approval on their remote access plan. The ACLU responded with a lengthy memorandum full of comments and suggestions. The ACLU’s main point is that the plan would be an overextension of jurisdictional powers. The ACLU also feels that the federal government needs to be asking Congress for approval. Federal agents are asking for a great deal of authority. This degree of authority can be very dangerous to private citizens.
The DOJ has not disclosed what types of attacks federal agents are and will be using. Chris Soghoian of the ACLU suspects that they are using zero-day exploits. The use of these attacks is an existing and unresolved rights issue. Zero-day exploits are debated as wrong under the Fourth Amendment. They are invasive and dangerous. The ACLU memorandum likens these attacks to a few procedures regarded as unlawful under the Fourth. Specifically, it mentions using overly forceful measures for gaining entry into property, such as a battering ram or a destructive flashbang device. Another analogy is the unreasonable surgical removal of evidence from a suspect’s body.
He says that expanding federal powers to use dangerous attacks cannot be decided without public debate. He stresses that hacking powers need to go through a vote by legislative officials and not be decided by the DOJ alone.
Federal agents can conduct remote searches on terror suspects. Now they want to do the same with other criminal suspects. But terror investigations do not happen very often. The ACLU is concerned about how often searches on computers will be conducted. They are also worried that too much power will be given under a single warrant for mass remote data searches.
For instance, federal agents will not know which service a suspect is using. A remote search will therefore easily include access to every cloud storage service that the suspect’s computer has connected to. This is too extensive according to the ACLU memorandum, which analogizes it to physical search limits. In a physical search, a single property can be searched. During the search, other properties may be identified and keys found to get into them. But these other properties cannot legally be searched under the same warrant. The federal government is asking for remote access powers that allow them to do this digitally. The decision to allow this is too big to be quickly passed by the DOJ.
VPN Anonymity and Encryption
DOJ spokesperson Peter Carr said that they want to be able to better fight criminals. He mentioned that criminals use Tor, an anonymizing tool. This means that one main purpose of the remote access plan is overcoming these tools. Greater access powers therefore also means that VPN anonymity would no longer protect Internet users. The government has long been working on breaking encryption systems as well.
Tor and data encryption and VPN anonymity are not only used by criminals. These are legitimate tools used by average Internet users to secure privacy. Online privacy may not be a cut and dry rule. But privacy is a basic right. And online privacy has been declared a universal right by the United Nations. Giving federal agents the power to tear down VPN anonymity and encryption is a violation of this right.