
We Shouldn’t Wait Another 15 Years for a Conversation About Government Hacking - ex_amazon_sde
https://www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking
======
wyldfire
> We _are_ calling for a conversation around how the government uses that
> technology.

...

> If the Snowden revelations taught us anything, it’s that the government is
> in little danger of letting law hamstring its opportunistic use of
> technology. Nor is the executive branch shy about asking Congress for more
> leeway when hard-pressed. That’s how we got the Patriot Act and the FISA
> Amendments Act, not to mention the impending changes to Federal Rule of
> Criminal Procedure 41 and the endless encryption “debate.”

I'd be worried that this would be mean that the conversation would be
fruitless. The constituencies just won't hold Congress accountable because
they don't understand or they don't care. Even though these events generate
major headlines, I think most individuals think that it doesn't impact them,
or that the only villains to be found are the ones in foreign states, but not
ours. I kinda wish that Ars story about the corrupt DEA agents [1] were more
publicized. It clearly illustrates the kind of damage that corrupt law
enforcement can do. These are the same individuals who are able to summon the
power of the Stingrays and similar technology.

[1] [http://arstechnica.com/tech-policy/2016/08/stealing-
bitcoins...](http://arstechnica.com/tech-policy/2016/08/stealing-bitcoins-
with-badges-how-silk-roads-dirty-cops-got-caught/)

~~~
tedunangst
A story about DEA agents stealing from a drug dealer probably doesn't scare a
lot of people who aren't drug dealers.

~~~
lettergram
I'm not a drug dealer, yet find that horrifying...

~~~
wfunction
You're also not a lot of people...

------
paulsutter
Does anyone know what provisions CFAA has to allow government hacking?
Generally speaking, what are the laws relating to government investigative
entities' compliance with law generally?

(asking with real curiosity and not taking any position)

Found this quote in an article[1] about the FBI's hacking to identify Ross
Ulbricht, which made me curious to understand the underlying principles:

> “Even if the FBI had somehow ‘hacked’ into the [Silk Road] Server in order
> to identify its IP address, such an investigative measure would not have run
> afoul of the Fourth Amendment,” the prosecutors’ new memo reads. “Given that
> the SR Server was hosting a blatantly criminal website, it would have been
> reasonable for the FBI to ‘hack’ into it in order to search it, as any such
> ‘hack’ would simply have constituted a search of foreign property known to
> contain criminal evidence, for which a warrant was not necessary.”

[1] [https://www.wired.com/2014/10/feds-silk-road-hack-
legal/](https://www.wired.com/2014/10/feds-silk-road-hack-legal/)

~~~
tedunangst
Do breaking and entering statutes have specific exceptions for police? That's
a real question, because now that I think about it, I don't know the answer.

In any case, you'll have a hard time convincing a prosecutor to file charges.

~~~
lmm
A warrant grants the holder specific exceptions. In the case of not having a
warrant I'm not aware of any police-specific exceptions - there are general
exceptions ("lawful excuse"), and qualified immunity would also apply provided
they didn't violate clearly established law. IANAL.

------
tptacek
A better submission for discussion would be Dave Aitel's piece at Lawfare,
which is making the rounds in the industry right now, and is linked from this
EFF advocacy piece. Nobody at EFF is as close to this issue as Aitel is.

~~~
mordocai
Being close to the issue is often a disadvantage.

I don't know enough to say whether that is the case here, but I trust the
opinion of a non-profit organization established to defend my rights over an
ex-NSA security firm CTO whom I admittedly know nothing about except what I
just looked up.

~~~
tedunangst
This sounds like "I prefer feels to facts."

~~~
CaptSpify
Or the opposite. People closer to the situation tend to have more "feels"

~~~
tedunangst
Is the EFF too close? They're pretty one track minded.

Either way, there's probably more persuasive arguments that either Aitel or
the EFF are correct than "too close".

------
uola
I'm not sure there is a productive conversation to be had. Even in the very
unlikely case of the US changing their policy, there's nothing stopping anyone
else. Even in the very unlikely event that hackers can agree to how the
Internet in its implementation should protect basic humans rights, it will be
hindered by business interests. At this point we more or less have wait until
robustness rather than growth becomes a competitive advantage and with the
shift to Asia this could be many centuries.

