Glaciers
Whoa, did El Reg just acknowledge climate change? I may faint.
In one month, an obscure procedural rule tweak will come into effect allowing US cops and federal agents to potentially hack any computer in the world using a single warrant issued anywhere in America. No one in Congress has voted on this legal update. It means a warrant granted somewhere within the US can be executed on the …
Congress has not debated this change and the new rules will come into effect on December 1 unless our respected legislators get it together to pass a law banning it. Despite Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introducing the Stopping Mass Hacking Act to do just this, progress has been glacial
Progress on the bill has been glacial because President Obama has indicated that he would not sign the Stopping Mass Hacking Act.
Let's not over-react here. From justice.gov:
Rule 41 Changes Ensure a Judge May Consider Warrants for Certain Remote Searches
"The amendments would apply in two narrow circumstances:"
"First, where a suspect has hidden the location of his or her computer using technological means, the changes to Rule 41 would ensure that federal agents know which judge to go to in order to apply for a warrant..."
"And second, where the crime involves criminals hacking computers located in five or more different judicial districts, the changes to Rule 41 would ensure that federal agents may identify one judge to review an application for a search warrant rather than be required to submit separate warrant applications in each district..."
"This change would not permit indiscriminate surveillance of thousands of victim computers—that is against the law now and it would continue to be prohibited if the amendment goes into effect."
Sometimes reality is markedly different from what the press is repeating.
We've added the DoJ's points to the article, thanks for reminding us of them. But they don't change the thrust of the story at all - Rule 41 allows agents to apply for one warrant to one judge to search a very wide area. And it allows the Feds to search infected computers.
Maybe you're OK with that. Fine. But some people aren't.
C.
May I also point out that the USA can write legislation every which way it wants, but it does not have the authority to override national sovereignty? I know people in DC would desperately want that, but that's not how it works - they will still have to deploy the usual blackmail and (worst case) tit-for-tat tactics.
What that does change, however, is your ability to prosecute anyone for it: as it's legal in the US, the only way you can do it is on a local, national basis, and the US is unlikely to collaborate.
Honestly, I don't know what it is over there. I think the water poisoning problem is more widespread than they think..
@diodesign no, I'm not OK with that and it is not fine with me.
Truth is I'm more pessimistic than you. Regardless of the law, our data on both sides of the Atlantic is going to be slurped and bugged by our respective spook agencies because if they can get at it, they will.
There was en El Reg article some time back about an Android app that left the microphone on all the time. Google's response to that was hey, if you're gonna do that, get the user's consent. My comment was no, it's wiretapping and they should go to jail.
If commercial companies can get away with wiretapping by putting it in the EULA, what will governments get away with?
Maybe you're OK with that. Fine. But some people aren't.
Just like diodesign says, some of us are okay with this and some aren't.
I do not do anything wrong, so one would think I am okay with this. The reason I am not okay with mass hacking and mass data collection is the government is so overwhelmed with data, that they cannot find the criminals, like they used to be able to find in years past. Adding more data is doing nothing more that adding hay to the pile in order to find the one needle. In my humble opinion, adding more hay just makes it harder to find the needle in the haystack.
My guess is that the folks that are okay with it are the criminals and they probably know that adding more data just makes them harder to find.
"The amendments would apply in two narrow circumstances:"
"First, where a suspect has hidden the location of his or her computer using technological means, the changes to Rule 41 would ensure that federal agents know which judge to go to in order to apply for a warrant..."
I rather think the author of the quote above may have a different dictionary than the one I use - at least as far as the word 'narrow' is concerned.
"where a suspect has hidden the location of his or her computer using technological means"
Would all VPN users qualify? On a first pass reading, does VPN qualify as a means of hiding your computer using 'technological means'? I'd say yes. So if that's right, all VPN users fall into this 'narrow' band. Add in all the TOR users, and the word 'narrow' seems even less applicable to me. Slide laterally, and add in https and encryption (yes, I know it's a stretch to call those 'hiding the location', but that's why lawyers get big pay checks), and 'narrow' starts to look rather more like the type of lady generally quoted as singing once it's all done and dusted.
Of course you should probably ignore me - I'm an Idiot (blush).
With that little diversion called the US Presidential Election and the inevitable post election bloodbath (aka confirmation hearings) what chance is there of this slipping through the net? Oh, about 100%.
Perhaps the latest Hillary diversion is just part of their cunning plan to get this power so that no one in the USA is safe from their prying.
Posting AC while I can. If the feds have their way I'd expect that any posting using anything but your real certified name will become illegal.
You are forgetting one little detail - the US insists on being able to extradite people to its courts, but refuses to allow extraditions of US citizens when they need to face the music. Also the FBI does not care a damn about the law, whether in the US or outside of it. The Hoover mentality to law enforcement was never really expunged.
There is a US Law that extends ALL US Law to every inch of the planet. Nowhere is outside the jurisdiction of the FBI (and the other TLA's). That's why all those 'hackers' get taken to the US and the prosecutors try to get them 999 years in jail for an offence that might get 5 years max here.
One recent murderer was sentenced to 12 consequitive life sentences without parole PLUS 99 years.
That sums us US (in)justice.
I believe they were using the murder sentence as an example of irrationality - 12 consecutive lofe sentences. Seriously?
Though it can work as an example of how the US court system is about vengeance rather than justice too. I mean what the Hell is the point of imprisoning someone for 12 life sentences? It blatantly doesn't work as a deterrent as even one life sentence (or even a few years) would act as a deterrent to any rational person. And it sure as Hell isn't about redemption or rehabilitation. Such sentences exist only as a means by which US society can express its desire for punishment. It is a country with a very strong streak of Biblical righteousness to its character. They love to see sinners punished!
> "You are forgetting one little detail..."
Please don't spread nasty misinformation, okay?
https://en.wikipedia.org/wiki/Extradition_law_in_the_United_States
FTA: "The United States has extradition treaties with more than 100 countries."
It goes on to show what a fool you are, in case you were wondering.
Some thing people often forget not all extradition treaties are equal and some require strict adherence to the law and also require that the crime must also be illegal in the country being targeted by the extradition request. Part of that also being they must have adhered to local laws and using a US search warrant would be tossed out as a joke, the evidence would be tainted and extradition would fail.
So the law is a really bad idea, as it would promote bad investigation and failed extradition attempts in many countries.
At least if you sentence someone to 12x life you can deduct a life or two for good behaviour and still not let him out
You could even give them a volume discount then, like companies get when they exposed the personal details of millions of people. If the fines were imposed properly they would be out of business, and a few of those would at least ensure the rest would start to take security seriously.
This post has been deleted by its author
"You are forgetting one little detail - the US insists on being able to extradite people to its courts, but refuses to allow extraditions of US citizens when they need to face the music."
We're holding a convention on international law enforcement in Berlin. Here are the invitations for the top tiers of the FBI administration...
"the US insists on being able to extradite people to its courts, but refuses to allow extraditions of US citizens when they need to face the music."
That is indeed the status quo. If this was bilateral we would be seeing FBI agents extradited to Romania and US citizens would lose faith in their insular world.
The US Supreme Court ruling that enables what amounts to generic, unconstitutional warrants is one of the stupidest in history. IMHO it amounts to blatant laziness on their part, demonstrating a lack of insight into the ramifications of their stupid decision. Poorly done.
I'll be one of the people gladly contributing to the legal efforts to UNdo what the US Supreme Court blunderingly pulled.
Reference:
The Fourth Amendment to the US Constitution:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
I.E. Never any generic warrants. No law school training is required to figure out that fact.
The US Constitution is assumed to protect US citizens, and maybe resident aliens, but not everyone in the world. If the FBI hacks into a Saudi's computer while he's in France, that's not a violation of the Fourth Amendment.
The French or Saudi government might have a problem with it, but it isn't a constitutional issue in the US.
IMHO it amounts to blatant laziness on their part
Oh, but that has been a general theme. If you analyse anti-terror legislation, it's mainly established because they buried themselves so deep in red tape that agility became all but a distant memory and rather than fix that root problem (which, by a happy coincidence, would have benefitted almost everyone except those to need red tape to hide incompetence) they used the terror situation to force through laws that anyone with a clear mind would have rejected off hand.
demonstrating a lack of insight into the ramifications of their stupid decision
Ah, you have that wrong. They have known damn well what they have been doing - it's a consistent, slowly grinding strategy to erode any remaining rights of the poorer side of the US population (a growing volume). Remember, resistance is only possible through a process the average person can no longer afford: getting a lawyer. As robo-signing and civil asset forfeiture demonstrate, it doesn't even matter if you're NOT a criminal and mistakes are made, only you can put things right because the system sure as hell will no longer even contemplate being wrong.
It's a crying shame seeing so much potential wasted. Elections are in that respect revealing: we have never had so many idiots on the ballot that in earlier days would not have even been considered. I fully expect Kim Cardashian or Harold Shipman to appear on UK's next election, even though the latter has been dead for over a decade.
"The right of the people"
You are mistaking US constitution and let's say UN or Eu conventions on Human Rights.
US constitution postulates rights only for American citizens. These are the only "People". Unless explicitly specified in an specific act of Conress and an international treaty for which there is a grand count of ONE precedent (yes one - and only for a specific narrow range of cases related to data protection), everyone else has no rights. They are scum, can and should be treated as vermin.
This is different from UN and Eu which postulate that the human rights including the equivalent right to privacy and protection from unreasonable searches are UNIVERSAL.
Rule 41 main thrust is against foreign subjects - the vermin. So it is not likely it will be challenged in the USA constitutional court any time soon.
Hold on, the US does have treaties with the UN and various countries all around the world for respecting various human rights. Whether this "global license to hack" would be covered or not I have no idea, but since hacking has only become a concern recently compared to the life of many such treaties there may be a gap.
I was only objecting to the citation of the US Constitution as a reason why it would be prohibited in the US, and pointing out that the Constitution does not protect everyone on Earth. Nor should it. Most other countries' constitutions don't protect me, either. Don't act as if "everyone else has no rights" as far as the US is concerned if they're not covered by the Constitution, because that's categorically untrue and furthermore it is ridiculous anyone could be so stupid as to believe such a thing!
Is the U.S. at war? Sorry, that's classified.
Rosa Brooks, a former Pentagon staffer and author of "How Everything Became War and the Military Became Everything: Tales From the Pentagon," argues that U.S. citizens and lawmakers should shake off fears of appearing unpatriotic to challenge the U.S.'s unchecked, unilateral and covert military activities abroad. If that doesn't happen soon, the United States may have to pay for the dangerous example it's setting for powers like Russia and China.
If it is against my countries laws to hack my computer.....then it is not allowed,
As long as a country sticks to human rights, then I consider them to be able to make such a law and enforce it.
If you are going to do this stuff (they all do it) do it in the dark world of the the secret agent....and do not try and arrest a teenager for doing something stupid, save it for the real stuff like killing people and wars!
Clinton is pretty bad, but look at the other candidates. Johnson (the best of the bad) ignorant as the day is long. Stein, ick, really, really ick. Watch John Oliver's segment on them . Trump, far, far bigger crook than Clinton, a narcissist sociopath (at best) and a far worse history than Clinton, "admires" Putin, talks (and even sounds) like the Penguin in the second Batman movie, hated in Scotland, Mexico and wherever he decides he wants your land for his purposes. I hate to say it but for years now it has seemed like the US elections were a race to see just how egregious a candidate could get elected. I suspect given some of the parallels with classical Athens that it may be an endemic flaw in aging democracies. Jefferson plainly suspected it.
Steven Tyler and Joe Perry from Aerosmith snagged a photo-op with Obama. Joe later referred to him as Commander-in-Chief and leader of the free world.
That's what taking too many drugs does to you. You end up thinking there's a free world..
http://ijr.com/2016/10/724753-aerosmith-frontmen-post-pic-with-obama-that-sparks-drama-within-the-band/
The US system is dysfunctional and has been for decades. Nominal party memberships of both houses barely pay lip service to their sides stated goals.
It's time the American people capped this huge portion of fail with a leader worthy of such people.
5 years of him should give the survivors of his presidency a little more respect for the consequences of their actions.
"The change, approved by the Supreme Court, is in Rule 41 of the Federal Rules of Criminal Procedure. Right now, if law enforcement wants to hack a PC, they have to ask a judge for a warrant in the jurisdiction where it is located. With the rule change, they could do this to any computer anywhere in the US or the world."
Well there's a slight problem I think, laws in the US mean absolutely nothing over here.
"This change would not permit indiscriminate surveillance of thousands of victim computers—that is against the law now and it would continue to be prohibited if the amendment goes into effect"
That is against the law but most people will say it happens anyway.