
Obama signs executive order allowing government to seize hackers assets - rmason
https://rare.us/story/obama-just-signed-an-executive-order-that-lets-the-government-seize-suspected-hackers-money-and-stuff/
======
dang
[https://news.ycombinator.com/item?id=9310006](https://news.ycombinator.com/item?id=9310006)

------
MCRed
Asset forfeiture is one of the most heinous violations of people's rights that
has come out of the drug war.

One of the effects of this is that it denies the accused the ability to defend
themselves by making them immediately destitute and thus unable to afford good
legal advice... which results in them being more likely to take bad plea deals
etc.

Worse, it is corrosive-- many police departments seize millions of dollars a
year which they then use on toys for themselves.

Thus it provides a financial incentive for corruption, and denies due process.
Part of the corruption this creates is that if one tried to undo this law,
those who abuse it have millions to spend on propaganda claiming that it would
"Deny understaffed police agencies from millions they desperately need".

Not to mention, executive orders bypass the legislative process and I am not
aware of any authorization for them in the constitution.

~~~
anigbrowl
This is a freeze, not a forfeiture. Also, it won't affect people in terms of
legal advice, plea deals etc. because it only applies to people who launch
attacks on critical infrastructure from outside the country, and thus beyond
the reach of US police. The differences are subtle, but significant. It's
basically the same mechanism we use against other sanctioned targets such as
terrorist organizations:
[http://www.treasury.gov/ofac/downloads/t11sdn.pdf](http://www.treasury.gov/ofac/downloads/t11sdn.pdf)

This would not affect, for example, the people who engineered the Sony data
breach or any of the various cyberattacks against retail or service companies
that have been in the news in recent years.

Your worries about the constitutional basis for executive orders are
misplaced, I think. Bear in mind that the President _is_ in charge of the
executive branch; this order promulgates a policy rule for executive agencies,
ie, should the relevant event occur, DoJ is instructed to launch proceedings*
to have the assets frozen. Think of it as a statement about how the
administration will exercise its lawfully delegated powers going forward.

Edit: I said DoJ but the process starts with Treasury adding the person to the
SDN list and proceeding from there by established means, though the doJ would
get involved with that down the line, most likely. Sorry if that was
confusing.

* by applying to a court for the authority, not on its own authority or on the authority of the order itself

~~~
downandout
_This is a freeze, not a forfeiture._

Once your money is frozen and you have no money for the very high priced
lawyers necessary to get it back, this is a distinction without a difference.
The government's primary use of asset freezes is to paralyze a target's
ability to defend themselves. Well financed defendants able to exercise their
rights are a nuisance to bloodthirsty federal prosecutors, and executive
orders like this one are designed to remove that nuisance. There is a reason
that federal conviction rates are, for all intents and purposes, 100%.

~~~
anigbrowl
You know, I addressed that in the very next sentence. Maybe you could just
slow down and read the whole thing a couple of times before leaping to
disagree.

~~~
downandout
I read it, I don't see where you addressed it.

~~~
anigbrowl
I told you: in the very next sentence. Here is the second sentence of my
previous post, again:

 _Also, it won 't affect people in terms of legal advice, plea deals etc.
because it only applies to people who launch attacks on critical
infrastructure from outside the country, and thus beyond the reach of US
police._

Sorry if this doesn't clear things up for you, but how much simpler do you
expect me to make it? It is a pretty straightforward sentence, even though it
does contain a small grammar mistake (it should read '...and _are_ thus beyond
the reach...').

~~~
downandout
You're stating that because someone _is suspected of_ launching an attack from
outside the US that they are "beyond the reach of US police". This is not a
valid assumption. The US government has extradition agreements with most of
the world's developed countries, and even where it doesn't, often applies
political pressure to get what it wants.

As an aside, this order is _far_ more broad than you state here. It extends to
people that have done business with them, in any capacity. That will in many
cases extend _to US citizens_.

------
legutierr
I think that people participating in this thread might have a substantial
misunderstanding of this executive order. This does not seem to create a
policy whereby law enforcement can arbitrarily seize property owned by accused
hackers. Asset forfeiture as a drug war tool is extremely problematic, and
deserving of debate, but this is not that.

Instead, this allows "the Secretary of the Treasury, in consultation with the
Attorney General and the Secretary of State" to add a list of foreign hackers
"located, in whole or in substantial part, outside the United States" to the
"Specially Designated Nationals" list that Treasury maintains (at the Office
of Foreign Asset Control). All US businesses, but especially financial
institutions, who have an affirmative requirement to know their customers,
have an obligation to not do business with entities listed on the SDN list.

I am not a lawyer, but I have in the past written software intended to detect
transactions by people on the SDN list. It is of finite length, it is publicly
available for review, and individuals and businesses can only be added to it
if an explicit decision is made at the cabinet level (as per my recollection).

In general, I would think that HN would see this executive order as a good
thing, because it will create a tool for the US to penalize criminal hackers
that otherwise would be hiding in Russia, Iran or China. It is profoundly
unlikely that these powers would be directed at any US persons, unless they
were found to be dealing directly with the people enumerated on this public
list.

~~~
iwwr
Why is this list specially made for hackers and not all criminals hiding
outside the US?

~~~
legutierr
To be placed on the list, a person (or vessel) would need to belong to a
category specifically enumerated in an executive order such as this. Similar
executive orders were crafted after 9-11 and during the drug war.

~~~
iwwr
I remember one such list was also created for people related to running poker
and gambing sites outside the US.

------
nickysielicki
Obama's presidency makes me feel so swindled.

I __voted __for this man. I debated friends and did my best to persuade them
to do the same. I genuinely believed in his 'Change I can Believe In' shit. I
trusted that he was an honest politician who believed what he said. Not as
much as Paul (my primary vote went to him), but at election time I knew that
he had no chance and I felt that Obama was at least better than Romney. I'm
not so sure that's honestly even true.

I feel as if the interests of young people are systemically downplayed as
presidents are generally 50+ years old. I genuinely believe Obama is a good
guy. I actually think George W. is also a good guy at his core as well. I just
think they're incapable of truly understanding what the internet is about
because they're not digital natives like we are. So they push these laws, and
they push mass surveillance, because they fear what they do not understand.

The unfortunate thing is that it looks like the internet of my childhood and
adolescence will be dead by the time any digital native could have found
herself in office. Gone are the days of the wild wild west. The average 12
year old online spends his time on a locked-down tablet watching youtube
poops, watching YouTube channels with professional production, and interacts
with his friends on Facebook. Its not necessary to learn about the computer to
use the computer, and its not necessary to explore the internet to consume the
internet.

Its just profoundly sad. I might be pessimistic here but as someone who had
their own computer in their room since I was six, (thanks to my father who was
an EE) I know that the wild internet shaped the core of who I am; I feel
persecuted by the masses of people who aren't curious enough about the
computer systems they rely on.

~~~
iwwr
Somehow, I don't think John McCain or Mitt Romney would have made any better
paragons of civil rights or of a restrained executive (though it was hard to
believe Obama would be worse than Bush in that regard). It's a political
system created by the bipartisan 'one party with two wings'.

But what was disappointing was the primarily Democratic Party 'peace movement'
which rallied so hard against Bush's wars and then dissolved away as soon as
Obama got elected. People will go along with the worst kinds of abuse if their
political favorite is doing it.

~~~
nickysielicki
I agree. By far the worst thing Obama has done is his continuing of wars, his
drone strikes, and the additional military action hes done in the middle east.

Romney probably wouldn't have been better. Its hard to imagine he would have
been worse though.

But with regards to McCain, you should go look up some of what he had to say
before he was Candidate McCain. I think he's one of the better members in the
GOP.

He hates citizens united.[1]

He understands why young people like Snowden.[2]

He understands that our torturing is unacceptable (given he was a POW, this
makes sense).[3]

So yeah, I like him more than _most_ of the back-asswards GOP.

[1]: [http://www.huffingtonpost.com/2012/10/12/john-mccain-
citizen...](http://www.huffingtonpost.com/2012/10/12/john-mccain-citizens-
united_n_1960996.html)

[2]: [http://www.washingtontimes.com/news/2013/aug/11/mccain-
young...](http://www.washingtontimes.com/news/2013/aug/11/mccain-young-
americans-admire-snowden-see-him-some/)

[3]:
[https://www.youtube.com/watch?v=wR7qsQDWVPU&feature=share](https://www.youtube.com/watch?v=wR7qsQDWVPU&feature=share)

------
imroot
If you think that this won't be abused, you're foolish.

Paul Timmins gave a speech at NotACon in 2008 (or maybe 2009) about his
experiences with getting arrested for the Lowe's breach in 2005. In the agents
vigor to seize equipment for a search warrant, they tried taking his cable TV
boxes, amongst everything else with a cord.

It's my fear that if anything ever happens and they come beating down my door
for any reason -- right or wrong -- and see my desk with three computers and
four monitors on it, that they'll find a way to think that I'm "hacking" and
then I'll be screwed -- no way to work equals no money for a criminal defense
(and no money to make bail and leave jail) in most cases.

The seizure laws need to be reduced, not expanded...

------
pmorici
I was watching a Revolutionary War area TV series the other night and one of
the plot lines involves the British loyalists issuing Bills of attainder
against suspected patriots effectively stealing all their property. It was one
of the things that Americans were really ticked off about in those times, so
much so that bills of attainder were banned when the constitution was written.
How is this asset forfeiture w/o due process any different than a bill of
attainder except for the fact that it takes place in the executive branch.

[http://en.wikipedia.org/wiki/Bill_of_attainder](http://en.wikipedia.org/wiki/Bill_of_attainder)

~~~
anigbrowl
A bill of attainder is a legislative act targeted against a particular
individual, eg 'Now be it decided that pmorici's property is forfeit by this
act, which shall be known as the 'Mess with Pmorici Act'.

This executive order details particular _behaviors_ computer attacks on
critical national infrastructure from outside the US - that would get someone
put on the OFAC list maintained by the treasury.

C'mon man, I just checked the Wikipedia link and it says the exact same thing
in the very first sentence. I get the impression that you linked it without
actually having read it, instead relying on the impression you formed from
watching the TV show. Don't try to figure out the law (or much of anything
else) from a TV show. As a screenwriter myself I assure you that anything
designed to go on a screen is dumbed down to the point of being wildly
inaccurate. We write to engage your emotions, not your intellect.

~~~
pmorici
I'm aware of what it is. I'm pointing out that, despite procedural
differences, the effect, curtailment of due process, is the same.

------
youngButEager
People need to accept and be willing to act on the fact that words on a piece
of paper -- even if it's the U.S. Constitution -- mean nothing unless citizens
are willing to stand up and insist they be followed.

The challenge we all face is that we're too cowardly, generally, to stand up
to tyrannical acts like this.

The Patriot Act; mass spying on all U.S. citizens by the NSA and others; our
military and taxes being wasted overseas in armed conflicts most of us would
never agree to.

Many complain. And do nothing. So, the words in the Constitution are
selectively ignored. "We the People" are afraid to insist that document be
adhered to.

Stealing citizens' possessions, as this president just empowered, despite
"presumed innocent", is just another failure on our leadership's part to
enforce the Constitution. The only way to stop this kind of stuff is to insist
these overreaches are set aside.

Many of us have bookmarked the websites of the Washington D.C. offices of our
2 senators (there are 2 senators per state) and Congressmen. When something
like this goes down we can quickly get the phone number/email addresses from
the bookmarked pages of our Reps and call them, email them.

Do that as a habit, it's easy, and you've let it be known that the government
isn't allowed these arbitrary violations of our rights.

Senator Feinstein:
[http://www.feinstein.senate.gov/public/index.cfm/washington-...](http://www.feinstein.senate.gov/public/index.cfm/washington-
dc)

Senator Boxer:
[http://www.boxer.senate.gov/contact/offices/](http://www.boxer.senate.gov/contact/offices/)

~~~
maratd
> Do that as a habit, it's easy, and you've let it be known that the
> government isn't allowed these arbitrary violations of our rights.

You're kidding, right? The only thing that will happen if you send them an
email or call, is that you'll get on their list and then they'll SPAM the shit
out of you when it comes time for re-election.

Consider yourself lucky if there's an unsubscribe link.

> The challenge we all face is that we're too cowardly, generally, to stand up
> to tyrannical acts like this.

This has nothing to do with cowardice. The options for voicing our displeasure
are quite limited and the few options there are happen to be ineffectual.

Sending them email, calling, protesting, etc. isn't going to do squat.

The only way to get them to behave is to make it look like a scandal. They
don't like scandals. Scandals put their careers at risk.

E-Mail the New York Times instead. If the story starts playing in a negative
light on every media outlet and doesn't die down after a few days, they'll
start to get nervous and sweat a little.

~~~
enupten
Hmm, this reminds me of,
[https://www.youtube.com/watch?v=gmOvEwtDycs](https://www.youtube.com/watch?v=gmOvEwtDycs)

------
j42
Legitimate question, because I don't see any reality in which overzealous DA's
will not abuse this to exert pressure without due process.

I pay my taxes. I am a law abiding citizen. If I want to store the majority of
my assets outside of this country (in a fiat currency), preferably in a
location that doesn't automatically cave to US economic pressure and/or with
limited diplomatic channels, what are my options?

 __Hypothetically, what would give you semi-reasonable freedom to transfer and
spend that money, while still keeping it insulated from a government that
wantonly steals from its citizens without discretion? __

\-----

I always used to think in the "worst case" scenario the EFF would be the safe-
haven of reason, able to exert equal and opposite pressure to any intimidation
tactics, but I think that balance has forever shifted.

I no longer feel safe or represented within this country, and while I still
value my citizenship (a debate for another time), I think we all must
recognize that personal insurances and safeguards are now requisite when
dealing with the federal government. I'd rather be prepared.

~~~
delbel
Perth mint certificates is one option I can think of.
[http://en.m.wikipedia.org/wiki/Perth_Mint_Certificate_Progra...](http://en.m.wikipedia.org/wiki/Perth_Mint_Certificate_Program)

~~~
j42
That sounds like exactly what I'm looking for, thought the general reactivity
of the Australian government makes me question its insulation...

Catch-22 I guess. Not sure how to get the AAA-rating and liquidity it provides
without being entirely within the sphere of US economic dominance; perfectly
safe, right until they decide a little political/economic pressure is
warranted.

------
emptybits
You do not even need to be accused of a cyber crime to have assets seized
under this order. If you make any contribution to or provide any services to
someone accused of criminal hacking, you may have assets seized.

Aside from innocent individuals falling victim to unjust asset forfeiture, it
seems to me that organizations like GitHub, Amazon, or Dropbox are exposed if
they end up providing services to the accused.

------
remarkEon
From the medium post[0] by POTUS:

"These sanctions are meant to protect our national security, personal privacy
and civil liberties. As such, sanctions will in no way target the unwitting
victims of cyberattacks, like people whose computers are hijacked by botnets.
_Nor does this executive order target the legitimate cybersecurity research
community or professionals who help companies improve their cybersecurity. And
unlike some other countries, we will never try to silence free expression
online or curb Internet freedom._ " (emphasis added)

How will they know? Doesn't just the _existence_ of an executive order like
this curb internet freedom, even if they aren't explicitly trying to do so?

[0] [https://medium.com/@PresidentObama/a-new-tool-against-
cyber-...](https://medium.com/@PresidentObama/a-new-tool-against-cyber-
threats-1a30c188bc4)

------
UnoriginalGuy
With all the recent progress on asset forfeiture, this seems like a huge leap
backwards. Essentially any foreigner can be accused of a crime, have their
assets within US institutions stolen, and then has to prove they're innocent
to get them returned (assuming they can).

Plus "cyber attacks" is such a broad brush. One that has been used against
people who access unsecured URLs which aren't meant to be known (essentially
security through obscurity).

It may also make security research abroad against US-based organisations
impossible. Most of the bug bounty programs are now extremely high risk.

~~~
anigbrowl
Are there bug bounty programs for critical national infrastructure components?

------
tptacek
The authority the President is exercising here was provided to him by
Congress, in 50 U.S.C. 1702, and pertains specifically and exclusively to
foreign transactions --- not because the Executive Order says so, but because
the law it's based on does.

------
olefoo
On a related note Ian Griggs just posted an excellent blog post (
[http://financialcryptography.com/mt/archives/001554.html](http://financialcryptography.com/mt/archives/001554.html)
) about the corruption inherent in allowing agencies to seize funds for their
own use. It's written mostly in the context of anti-money-laundering
regulations and focuses on the Silk Road investigators who ripped off hundreds
of criminals and extorted the subjects of their investigation.

It points out that anytime a law enforcement agency is allowed to seize funds
that flow to it's own budget, corruption inevitably follows.

------
tsotha
I used to play a lot of relatively high-stakes poker. Some of the people I
played against had a fair amount of cash (tens of thousands) on them on any
given Friday or Saturday. It was pretty well known if you got robbed it would
most likely be the cops who rob you.

So this isn't a new thing, it's just a little growth of an exceedingly
poisonous tree.

------
venomsnake
I may be breaking HN guidelines but I do want to express my Gratuitous
Negativity towards that order.

Too broad, too vague and gives way too much discretion to parts of the USG
that are already known for abuse of power ...

------
dataker
In high school, some teachers called security for 'suspecting me to be
hacking'. I had just started programming and, because of a terminal(black
background and green font), they seized my laptop and gave it to their
analyst. Back in the day, I had no idea what my rights were, but I remember to
feel violated and insecure.

As a programmer, I fear ignorant law enforcers will actually undermine the
hacking community, which elementary has nothing to do with crime.

------
motbob
Nothing can override a constitutional right to due process. That's what it
means for the Constitution to be the "supreme law of the land."

~~~
UnoriginalGuy
The constitution only applies to American citizens and to a lesser extent
others living physically within the US and its territories.

There is a bunch of material on this topic (both on illegals in the US and US
territories) but as a start:

[http://en.wikipedia.org/wiki/Insular_Cases](http://en.wikipedia.org/wiki/Insular_Cases)
[http://en.wikipedia.org/wiki/Downes_v._Bidwell](http://en.wikipedia.org/wiki/Downes_v._Bidwell)

Essentially even if you're in a US territory the US constitution only barely
applies, and it doesn't apply at all to everyone not in either a US state or
its territories.

~~~
bdcravens
The issue is that this EO can directly affect citizens (if you transact with a
cyber-criminal, you're at risk of seizure)

------
tsotha
... and allows the government to decide who qualifies as a "hacker". Don't see
any due process problems here. Nope.

------
GabrielF00
I've now received "your personal information has been breached, here's some
free credit monitoring" letters three times. Once from a major health insurer,
once from a major retailer, and once from a large regional hospital. I've also
been a member of several large websites that have had their systems breached.
Given the sheer number of breaches, and the variety of organizations that have
been breached, I suspect that most Americans have had their information
compromised by hackers at least once.

We're also regularly seeing breaches of major companies for the purposes of
economic espionage, and disruption of service as a political or economic
tactic. We regularly hear about breaches of government systems, including
sensitive systems.

Given that very sophisticated companies and government agencies are regularly
suffering from breaches, I think we have to conclude that we are really
struggling to build systems that provide adequate protection for our personal
data.

All of the comments in this thread have addressed the risks of government
overreach, but none of them have looked at the costs of these breaches. At
what point do we conclude that our technological tools are inadequate, and we
also need additional legal tools to deter potential hackers who are overseas
and out of reach of the US legal system?

~~~
c22
Somewhat agreed, but couldn't our legal tools instead/also be focused on the
organizations that take responsibility for storing our data? Fines for
allowing user data to be breached may stimulate development of tools and
methodologies better able to protect private data and rules that limit sharing
of user data can protect us from even the well-financed malevolent actors.

Focusing on this side of the coin may allow us to realize systems that
actually do protect our data from being compromised as opposed to spending our
resources tracking down individuals and attempting to apply legal tools which
the most successful criminals will soon adapt to evade anyway.

~~~
GabrielF00
I think the problem with this thinking is that even without explicit fines,
the costs of a data breach are already incredibly high for companies. There's
the potential loss of sales for a customer-facing business, as well as costs
of class action lawsuits, system cleanup, etc. Sony Pictures was crippled by a
cyberattack. Target's CEO was forced to resign. So, maybe fines would make
this situation better, but CEO's should already be up at night worrying about
cybersecurity.

My inclination would be to pursue better security, but also to go after the
really sophisticated cybercriminals that are currently outside the reach of
our legal system.

------
DigitalSea
What constitutes a hacker? Has the US government learned nothing of what
happened to Andrew "Weev" Auernheimer what he did landed him jail time and
under this executive order he would have been considered a hacker and had all
of his assets seized. We all remember what tragically happened to Aaron Swartz
when he took his life due to excessive overreach from the Government after he
took those PACER documents and made them freely available for everyone. I am
seriously shocked, not surprised, but legitimately shocked what Obama has been
doing of late in regards to cyber crime and so called hackers.

------
elmar
US Presidential Order Allows the State to Confiscate Crypto Holdings ‘Without
Prior Notice’

[https://news.ycombinator.com/item?id=9309612](https://news.ycombinator.com/item?id=9309612)

“Now the USA can simply confiscate all crypto without any need for time
consuming paperwork. This I believe puts USA in the lead (by a big margin)
over China and Russia as far as dictatorial level usurpation of financial
rights,”

------
IkmoIkmo
I don't get the extrajudicial stuff. Why not go to court, have someone found
guilty, then put them on a list (e.g. for assets to be frozen)? If the
evidence is so clear that the cabinet or white house or gov can add someone to
a list, why can this not be done by an independent judge? Why the political
aspect?

------
stephenboyd
I'm not usually the pedantic type, but I think the Hacker (as in clever
tinkerer) News front page is a bad place for headlines using the word hackers
as 'computer criminals'.

------
Potando
Sounds like if you pay Cryptolocker to recover your files then you can have
you money frozen too. Perhaps this is a good incentive to stop people paying
extortionists.

------
feld
So what is the definition of "hacker"?

------
tux
Can same law be used against "security researchers" or anyone running
"security related" website ?

------
FrankenPC
What could possibly go wrong?

~~~
DougN7
Change we can believe in!

~~~
serf
no one thought to parse that as "Believe that there will definitely be
change." during election time.

------
larrymcp
* hackers' assets

------
other_herbert
Just wow....

------
paulhauggis
...so when will the US media admit that the current administration isn't
enacting laws that are in the best interest of the US citizens?

~~~
notdonspaulding
Relatedly, when will people realize that the executive branch should not be
enacting laws _at all_?

~~~
tsotha
As soon as a Republican is elected. The media will remember that Constitution
thingee then.

------
enupten
Man, what's with Obama ?

He vetoes the insignificant Keystone, but allows Arctic drilling (competing
with Russia now, are we ?).

Now this ?

(Okay the Iran deal is promising).

