[Cryptography] DOJ Wants to Expand Authority to Break Into Suspects' Computers

Jerry Leichter leichter at lrw.com
Sun Jun 1 06:14:06 EDT 2014 

On May 31, 2014, at 5:28 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> I would add to John Pescatore's comment: I can see the TLAs delivering a NSL to developers of major software requiring them to install backdoors and keep quiet about it.
It is worth pointing out that *legally* there's a world of difference between making use of a bug that's already there and forcing a 3rd party to insert a bug into code that goes to anyone other than the target.  What DOJ is asking for here *on the legal front* is more of a procedural matter than anything substantive:  They already have the ability to get a search warrant that lets them break into a particular computer; they are just currently limited by physical location (a judge can only grant a search warrant valid in his physical area of responsibility).

Whether they can force a 3rd party to cooperate is more complicated.  One case I can remember from a couple of years back:  The FBI got (I don't know if they *compelled*) GM to turn on the OnStar mike in a GM car, turning it into a listening device.  The evidence, after multiple appeals, was suppressed - but on very specialized grounds.  (Modifying the system this way disabled its normal functionality, so that if the car had been involved in an accident, it would have been unable to call for help.  That was considered unacceptable.)  The current law on all this can be found at http://www.law.cornell.edu/uscode/text/18/2518

Of course, the TLA's don't seem to much care about the legal niceties - or they claim that they have other authority under which they don't need no steenk'n search warrants, or pretty much anything at all beyond an internal decision that the case involves "terrorism".  In terms of specific effect on such activities, this change is irrelevant.  (It's more a matter of setting a tone that justifies ever broader and more intrusive measures.)

A more interesting and disturbing example of legal changes - or rather non-changes, so far - is the recent failure to change the ECPA after objections from the SEC and IRS that getting search warrants for email would be "too hard" for them and would interfere with their investigations.  Well ... yes, that kind of *is* the point.
                                                        -- Jerry

More information about the cryptography mailing list