Thursday, October 30, 2014

I get it. The FBI is afraid they will not be able to keep up with the crooks if they have to follow the current rules. The new rule would allow a magistrate to issue a warrant (good anywhere) that allows them to hack into any suspect computer. Once this is on the books, what would be next?
Ed Pilkington writes:
The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world.
Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violate first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight.
The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year.
Read more on The Guardian.

(Related) Something is missing from this story. What judge would issue a warrant based on a video obtained this way?
Lawsuit alleges FBI posed as tech repairmen to obtain evidence
A lawsuit alleges that FBI agents shut off internet access to three Las Vegas villas and then posed as repairman to gain access to the houses.
The agency was investigating the residents of the houses — located at a luxury hotel — for their suspected involvement in online sports betting.
Defense attorneys for the men who were charged in the betting case said FBI agents used the tactic despite the opposition of an assistant U.S. attorney.
… Posing as technicians, they recorded video that was later used to obtain a warrant to arrest the residents.

Worth reading and thinking about.
Digital Life in 2025
The world is moving rapidly towards ubiquitous connectivity that will further change how and where people associate, gather and share information, and consume media. A canvassing of 2,558 experts and technology builders about where we will stand by the year 2025 finds striking patterns in their predictions.
… In their responses, these experts foresee an ambient information environment where accessing the Internet will be effortless and most people will tap into it so easily it will flow through their lives “like electricity.” They predict mobile, wearable, and embedded computing will be tied together in the Internet of Things, allowing people and their surroundings to tap into artificial intelligence-enhanced cloud-based information storage and sharing.

(Related) A graphic novel explaining Big Data (and the Internet of Things) for the complete novice.
Terms of Service

For my Computer Forensics students. What happens when a reporter calls your CEO asking for confirmation? You better have a plan.
Both Kelly Jackson Higgins and Brian Krebs had columns yesterday on a report by Allison Nixon of Deloitte on how to vet a data dump. The report should be required reading for journalists as the reputation harm that can occur by publishing or repeating false claims of a hack can be significant. While many will immediately think of Dropbox’s recent attempt to reassure users they had not been hacked, remember that Dropbox was also in the news earlier this year over a claimed hack that was not a hack at all.
Regular readers know that this blog and instituted policies of attempting to verify breach claims with the breached entity before publishing claims of a breach by anonymous hackers or hacktivists. It’s been a useful policy. Although it may delay publication of “news,” it reduces the risk of falsely reporting an entity has been compromised when they haven’t been. Unfortunately, not all entities respond to inquiries or requests, often leaving us with a “Go – No Go” decision to make. The techniques Nixon describes are not foolproof (see the discussion of “combolists”), but it’s a lot better than just repeating claims without investigation.
Brian has kindly uploaded a copy of the report here (pdf).

No comments: