[Cryptography] DOJ Wants to Expand Authority to Break Into Suspects' Computers
Bill Frantz
frantz at pwpconsult.com
Sat May 31 17:28:27 EDT 2014
From SANS NewsBites Vol. 16 Num. 038
(May 9, 2014)
The US Justice Department (DOJ) has issued a request to the US Judicial
Conference standing committee to expand its authority to gain remote
access to computers during investigations. DOJ maintains it
needs the
authority to access computers outside the jurisdiction of an
investigation because criminal schemes are increasingly crossing
jurisdictions. The proposal has raised concerns among civil rights
groups, which say that allowing this activity could pose a
threat to
Internet security and Fourth Amendment protections. The remote access
would be achieved through vulnerabilities known to DOJ but kept secret
from the public, thus posing a security threat. The US court system
currently allows magistrate judges to issue search warrants for property
outside their districts only in limited cases. The DOJ request
will be
considered at the meeting of the US courts' Committee on Rules of
Practice and Procedure later this month.
http://www.darkreading.com/government/fbi-seeks-license-to-hack-bot-infected-pcs/d/d-id/1252655?
http://www.bloomberg.com/news/2014-05-09/federal-agents-seek-to-loosen-rules-on-hacking-computers.html
http://www.computerworld.com/s/article/9248242/DOJ_seeks_new_authority_to_hack_and_search_remote_computers?taxonomyId=17
http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499
[Editor's Note (Pescatore): The remote access part is worrisome, opens
up huge potential for cyber-damage to innocent bystanders in
many ways.
It is pretty straightforward to turn off a wiretap or remove a tracking
device from a suspect's vehicle. I don't think it removing a remote
access Trojan is quite as simple, let alone giving law
enforcement the
authority to keep vulnerabilities secret from the public. I
don't want
to be too hyberbolic, but to me this has the potential for
backfire as
the "Fast and Furious" ATF project to smuggle guns *into* Mexico
to see
who buys them. ]
I would add to John Pescatore's comment: I can see the TLAs
delivering a NSL to developers of major software requiring them
to install backdoors and keep quiet about it. Do Apple and
Microsoft have a canary? How about Firefox, Opera, Crome etc?
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Security is like Government | Periwinkle
(408)356-8506 | services. The market doesn't | 16345
Englewood Ave
www.pwpconsult.com | want to pay for them. | Los Gatos,
CA 95032
More information about the cryptography
mailing list