Hacker News new | past | comments | ask | show | jobs | submit login
Rule 41 Proposes to Grant New Hacking Powers to the Government (eff.org)
230 points by DiabloD3 on May 1, 2016 | hide | past | web | favorite | 80 comments

The FBI has been using malware since at least 2003 [1], probably a few years before that. Today, the FBI has a dedicated team, the Remote Operations Unit, based out of Quantico, which does nothing but hack into the computers and mobile phones of targets. According to one former top FBI official, among the team's many technical capabilities, is the ability to remotely enable a webcam without the indicator light turning on [2].

Although DOJ has been using malware for nearly fifteen years, it never sought a formal expansion of legal authority from Congress. There has never been a Congressional hearing, nor do DOJ/FBI officials ever talk explicitly about this capability.

The Rule 41 proposal before this advisory committee was the first ever opportunity for civil society groups, including my employer, the ACLU, to weigh in. We, along with several other groups, submitted comments and testified in person.

Our comments can be seen here [3,4]. Incidentally, it was while doing the research for our second comment that I discovered that the FBI had impersonated the Associated Press as part of a malware operation in 2007 [5].

Ultimately, the committee voted to approve the change to the rules requested by DOJ. In doing so, the committee dismissed the criticism from the civil society groups, by saying that we misunderstood the role of the committee, that the committee was not being asked to weigh in on the legality of the use of hacking by law enforcement, and that "[m]uch of the opposition [to the proposed rule change] reflected a misunderstanding of the scope of the proposal...The proposal addresses venue; it does not itself create authority for electronic searches or alter applicable statutory or constitutional requirements."

[1] http://www.nytimes.com/2016/04/14/technology/fbi-tried-to-de...

[2] https://www.washingtonpost.com/business/technology/2013/12/0...

[3] https://www.aclu.org/sites/default/files/assets/aclu_comment...

[4] https://www.aclu.org/files/assets/aclu_comment_on_remote_acc...

[5] http://bigstory.ap.org/article/23f882720e564b918d83abb18cd5d...

Thanks for writing this comment. It's deeply informative and useful.

Two things I want to call out, one minor and one more significant. The significant one first:

Your employer, in the response you linked to, wrote approvingly of Orin Kerr's proposed alternative language, which would enable the same sort of remote "hacking" with the new precondition that it be allowed only when it's impossible for the courts to ascertain the right district.

If ACLU is OK with that narrower language, is it safe to say that you disagree with your employer? Because your arguments strongly implicate Kerr's proposed language as well. Put simply: you appear to favor broad restrictions on DOJ's ability to coercively collect electronic evidence regardless of whether courts authorize it.

The minor objection I have to your comment is the link to WaPo about the FBI being able to record video from laptop cameras without lighting the LED. That's an unsourced anonymous claim that, by my reading, can't possibly be accurate as stated, since different laptops have different mechanisms and it is vanishingly unlikely that the FBI has defeated all of them. I'm prepared to be wrong about this, but expect that I'm not, and would like to know if you can provide any more evidence backing that extraordinary WaPo claim up.

1. My employer, the ACLU, filed two comments in the Rule 41 process.

The first, before public comments were even solicited, resulted in DOJ dropping one of their proposed changes to rule 41, which would have permitted the gov to piggyback from a hacked target's computer to a cloud account (such as Dropbox or Google), rather than the gov going to the cloud provider with a warrant.

While our first comment does indeed describe and quote from some alternative language proposed by Orin Kerr, I don't think it is fair to describe that as evidence of ACLU approval of hacking of users whose location cannot be determined. For example, in that comment, we note that:

[U]nder Professor Kerr’s language, the government would still be able to obtain warrants to use malware, zero-day exploits, and other techniques that raise serious constitutional and policy questions.

2. While some public interest groups and tech policy advocates are publicly (or, in some cases, privately) embracing the idea of giving law enforcement formal, regulated hacking powers, in a desperate attempt to push back against legislative pressure for crypto backdoors, I'm thankful that the ACLU has not done so. If the organization does at some point decide to come out in favor of law enforcement hacking, I strongly doubt my name will be on that document.

[I'll note, however, that one of the great perks that come with working for the ACLU is that it's perfectly OK to disagree with some of the organizations' official policy positions. I'm not forced to tow the company line publicly on issues in which I disagree.]

3. Just so all of my cards are on the table. I'm volunteering, unpaid, as an expert for the defense in several of the Playpen FBI watering hole cases. I am strongly opposed to bulk hacking, enough so to volunteer my time to helping to fight the FBI's use of this outrageous surveillance technique.

4. The FBI being able to remotely activate webcams without the light turning on is not an "unsourced anonymous claim".

From the Washington Post story, linked to in my comment above:

The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico.

I'll ask again. Is it your belief that the claim in this article, that the FBI can defeat the LED indicator on every popular laptop camera, accurately describes reality?

I think that some webcam indicator lights are vulnerable to remote disabling. Although it is certainly possible that some are not, I and most other users have no way of knowing which lights are reliable, and which ones are vulnerable.

As such, I put a Band-Aid over my webcam.

Now if only I could figure out an equally easy way to reliably disable my laptop microphone without opening up the laptop and cutting the cable.

On most (if not all) Laptop Webcams the Light is not controlled by hardware, but by the Operating System

it is Trivial to create software to no turn on the light.

The Light is not considered by manufacturers to be a Security feature, or something to warn a user of someone other than the user is using the webcam, it is simply there to inform the user when their cam is active using normal "friendly" software, it is a convenience feature, not a security feature

Many commercial management and security software packages sold to schools, corporations, and individuals have the ability to turn on the webcam with out illuminating the light, this often billed as a "theft prevention" feature.

Several schools have gotten in trouble for using this feature to spy on students using school owned laptops

In short, they do not have to "defeat all of the laptops" they just have to right a program for windows, and get 99% of them, the capability is already in the OS, the harder part is installing it with out the user knowing, and hiding the process from the user... Disabling the LED is trivial

This statement isn't even really true of the old iSight cameras; they were attackable, but only by overwriting the firmware on the camera itself.

Is disabling the LED on a modern Macbook trivial? I'm genuinely asking. If so, can you provide a link demonstrating how? The ability to override the LED on the old iSight cameras was interesting enough that the paper demonstrating it got published at USENIX.

I was not aware that apple was the only manufactures of computers.... or Webcams.

I personally have never and will never own a Apple product, so I can not say what is true or not True in the Apple Space, I speak to the 90% of other computers running Windows Operating Systems

Do we perhaps have different definitions of "most if not all"?

By Laptops I mean PC not MAC...

MAC's are better left to the history books

Ok, can you point me to a paper describing an LED bypass attack on a Dell produced within the last 2 years?

EFF's misleading summary aside (EFF's gonna EFF), I have a question about the substantive issue here. Specifically:

How could the FRCP work otherwise? They're in effect saying: if the evidence pertinent to a crime is online, and is either (a) on Tor or some other service where we don't know precisely where it is, or (b) on a botnet or some other environment where it's spread across 100 different jurisdictions, a judge can issue a warrant to obtain that evidence.

Judges can already issue warrants to obtain electronic evidence in, I think, exactly the fashion EFF describes here. The limitation they have today is procedural: they can only issue those warrants in their own court district.

But if you don't know the right court district, or a search would effectively require you to get warrants in every district, procedural rules make it hard to get a warrant today. That seems... stupid. The fact that evidence pertinent to a criminal case is on a Tor hidden service shouldn't make it inaccessible to the courts.

This isn't just about the district where the judge is based. There is also the bigger question of whether or not judges should be authorizing bulk hacking operations.

The three Tor watering hole operations (Freedom Hosting, Torpedo and Playpen) are the only cases we know of where DOJ has obtained a warrant from a single judge which it then used to conduct searches on hundreds or thousands of computers. DOJ did not seek new powers to conduct bulk searches/hacks from Congress, they just went ahead and got an ex-parte warrant from a judge. In the case of Freedom Hosting, it looks like they also screwed up and then hacked the computers of innocent people visiting other, non contraband sites, hosted on the same server.

I think that reasonable people can disagree about whether or not it makes sense to allow a judge to sign a warrant to hack a single computer in an unknown location which is probably outside of his or her district. Bulk hacks are very, very different, and a very new thing for our legal system.

I'm much less sanguine about bulk hacking than I am about targeted hacking, and so I'm sympathetic to this argument.

However, I'm compelled to point out that the courts routinely order searches on parties that turn out to be uninvolved with a case, or even to the wrong people already. The standard of accuracy here is much lower than you make it out to be.

I've researched this issue extensively, and I've not found a case before where a thousand people in the same place were searched pursuant to a single search warrant, let alone a thousand people or items located in different places around the country.

On the issue of courts authorizing the searching of wrong people, we don't know if the court in Freedom Hosting even knew that the government would deliver the malware to innocent people who were merely visiting other websites hosted from the same server as the contraband sites targeted by the warrant. We don't know this, because three years later, the freedom hosting search warrant is still sealed.

That fact should be alarming, and you should find that offensive...

If the courts are routinely signing search warrants on parties that are not involved in cases or criminal activity that highlights how much of a rubber stamp the warrant process as become, and how little "probable cause" means any more

Probable cause has become "Judge we want to search this place"

Why should I have a problem with "judge we want to search this place?"

The point of a search warrant isn't to establish guilt! It's merely to ensure that the search is connected to a legitimate investigation --- and legitimate dragnet investigations are common! --- and not as an instrument of harassment.

>>legitimate dragnet investigations are common

They should not be, that is my point

The purpose of the 4th amendment is to require the police to have a probable reason that a crime has been committed, AND to define what EXACTLY they are looking for, and where EXACTLY they are looking for it at

the fact that judges can sign warrants for all computers in the nation, or entire city blocks should be considered unconstitutional

That is a General Warrant something the Founders were very very very very much opposed to

> not as an instrument of harassment.

General Warrants, which is what is being talked about here, are infact a instrument of harassment

Rubber Stamping Warrants with out any actual probable cause is also a instrument of Harassment

If you believe having your door busted down by armed men at 3am because you tossed the loose leaf tea in the trash bin is not harassment than I shutter to thing what your definition would be

Does the bulk hacking have anything to do with these Rule 41 changes? Sounds like a judge could issue a warrant for a thousand computers under the existing rules.

The real issue seems to be what evidence you need to have probable cause to search a thousand computers. I'm willing to believe the standard being applied is too low, but the Rule 41 changes don't change that standard one way or the other.

> rules make it hard to get a warrant today

Procedural or otherwise, rules that make getting a warrant hard is a feature, not a bug. Perhaps "hard" is too strong; the 4th Amendment requirement for specific warrants is intended to add a burdeon to the warrant process. Preventing generalizations that make search and seizure easier is the very reason the 4th Amendment was written.

> require you to get warrants in every district

If a search is to be performed in many districts, they yes, that is what the constitution requires. As for Tor hidden services, I'm going to echo Susan Landau's advice to congress during the recent FBI/Apple backdoor hearings. The FBI needs to update their investigative methods. Modern technology provides many new ways to investigate. We already know that the NSA, for example, is very adept at using side channels and metadata.

Your "Tor hidden service" example assumes that giving these powers are the only way to prosecute some criminal cases. It's basically demonstrating a lack of creativity.

> inaccessible

Warrants are a permission to conduct a search and seize certain items if they find them. It is not a guarantee that the search will be successful; nor should it be. Besides, it isn't going to be inaccessible in many cases anyway. You already know the power of timing attacks and traffic analysis. That should be enough, in many cases, to figure out which jurisdiction(s) should be searched. The only reason you would need a warrant in "every" district is if nobody even bothered investigating.

As Ray says, when you say "If a search is to be performed in many districts, they yes, that is what the constitution requires.", this is just gobbledygook. Please cite any part of the constitution that says anything about this.

The constitution has nothing to say about which districts must issue a warrant. The constitution doesn't even require there be different districts. Congress could abolish all the lower federal courts tomorrow and create one giant district court for the whole country.

The old rules make it proceedurally hard to get warrant, not substantively hard. You could have a website openly selling sex slaves hidden behind TOR and you couldn't get a warrant because nobody knows where the site is located.

Meanwhile, the Feds can easily get a warrant some some innocuous stuff like selling raw milk because locating a real business is easy.

This just deals with an issue of where you know the specific server or network of servers you want to search but can't know where they are physically located. This just enable a dragnet to go search random computers.

Why should it be made difficult to get a warrant? I don't understand.

Making it difficult for law enforcement to casually search things without oversight is a good thing. But making it harder for the courts themselves to direct searches seems like... I don't know, a bad thing?

> made difficult

> making it harder

It's not being "made difficult". Nobody is making the warrant process harder. You're trying to reframe the status quo as a new difficulty in the warrant process.

Kind of sounds like a way for law enforcement to go judge shopping where they will start taking all their computer crime cases to judges they know are sympathetic to them and get a warrant to do something the judge in the actual jurisdiction might have been skeptical of.

It might be someplace whose laws don't recognize the authority of that court---say, Beijing. And now the US FBI has put a NIT on a non-US computer. That's a problem.

It might be someplace that doesn't let governments use NITs at all.

There is another way to go: warrants for the Tor exit node, then middle node, then guard. And if you can't justify those---especially hard for the middle node---that's not just a procedural issue, but a substantive problem.

It seems like if you take proactive steps to hide what jurisdiction you are in the options are that you are effectivly in everyone's jurisdiction or no one's. The public good is IMO best served by being able to catch criminals who use tor, so we have to go with the former. The downside is that Iran can legitimately hack you if you say bad things about Mohammad from behind tor, but there isn't much of an alternative.

But that's not how it works in finance, why should it work like that for the internet?

I can do the real world equivalent of using tor by setting up a secure corporate structure and then commit for example insider trading.

Just so I understand you here, your position is that simply by dint of having used a Tor hidden service, you are entitled to having your information shielded from a warrant unless the court can deliver and execute warrants to the entire Tor infrastructure?

If, in the process of attempting to track down material covered by a warrant, law enforcement wants to obtain information from a system owned by someone not originally party to the warrant, they should be required to serve a warrant to the operator of that system, from a court with jurisdiction over the operator of that system. Doing any less would imply that the operator of that system is less entitled to due process than the alleged criminal being pursued.

I don't fundamentally have a problem with the part of the ruling that allows serving a warrant to a specific party of unknown jurisdiction, based on evidence of criminal activity; however, I do think the terms of the warrant should require that as soon as an appropriate jurisdiction is determined the warrant must be re-issued from a court with that jurisdiction before any evidence can be used. (At the very least, that would result in most such warrants going to a federal court, rather than some local court. Wouldn't help much for international cases, but it's a step in the right direction.)

I do have a problem with the idea that a blanket warrant could be issued to "all operators of Tor nodes", just as I have a problem with the idea that a warrant could be issued to "all operators of Internet routers". Mass surveillance isn't any more acceptable with a warrant than without one.

That's how these things work in the physical world, why should the internet be treated any differently?

What's the physical-world analog for a something that makes it trivial for a criminal to instantaneously conceal evidence across hundreds of jurisdictions? And how do the courts handle that thing?

Series of anonymous (anonymity can be achieved with various means, some more legal than others) shell companies used to launder money aren't exactly unheard of.

There's very little courts can do, besides issuing countless of subpoenas and search warrants, which has been the standard way of handling criminal investigations for decades now.

Here's a telephony related example: http://www.nytimes.com/2015/11/29/magazine/the-serial-swatte... ctrl+f subpoenas

Those shell companies are also bad!

Not questioning that, it just seems weird that internet specifically needs such legislation.

This isn't legislation; it's the Federal Rules of Criminal Procedure. They're the rules judges agree to follow.

As I posted on the other thread about this news, the interpretation that this gives the government "new hacking powers" is just flat-out wrong, and shame on the EFF for using it to spread FUD.

The ONLY thing changed by this proposed rule is the venue in which the government can apply for warrants, expanding it to include any jurisdiction involved in the crime under those two specific circumstances that the EFF blog post mentions.

It does NOT change any of the rules of probable cause involved in getting a warrant. It does NOT grant any kind of "new hacking powers". It does NOT criminalize Tor or allow law enforcement to get a warrant simply because someone used Tor.

There are reasons to not like this rule change based on what it actually means. Misrepresenting things that you don't agree with ultimately hurts your own side because it makes it trivial for people on the other side to dismiss your complaints as ignorant and wrong.

Leaving aside the "new hacking powers" thing, I still see two problems with this:

1) the FBI can go the same friendly judge over and over again for all hacking requests. We've seen this kind of problem before like with the DEA going to the same judge tens of thousands of times for what other judges considered illegal wiretapping. So at the very least, if this passes, we'll need to somehow improve the oversight on judges much more than how it currently works.

2) it allows the FBI to hack people from outside of the country as well, even without permission from other countries to do so, which can cause all sorts of problems on its own. I believe Russia sued the FBI for doing something similar about a decade ago.

1) This is only partially accurate - it expands the venues for warrant applications, but it doesn't do it willy-nilly. The government would be allowed to "shop" for judges inside of the set of jurisdictions where illegal activity allegedly took place. Obviously if you're conspiracy-minded you could claim that the government will claim that every hacking attempt includes a target in Nowhere City, Wyoming where a judge that's particularly enthusiastic about remote searches is, but that's something that could actually be challenged at trial. I share your concern about being able to find a "lowest common denominator" judge though, even if it's not across the entire country.

2) This rule doesn't really change the legality of the FBI hacking foreign PCs, something that I don't personally support either. It makes it easier to get warrants that might result in foreign searches, but as you note, just because a warrant is legal in the US doesn't mean that another country will smile and say "Oh, it's fine". This is one of the reasons I don't like "remote searches" in general.

> that's something that could actually be challenged at trial

How so? How is a judicial order challengable because the judge is in Wyoming? Or are you saying that the defense is going to bring a mind reader to testify about the motives of the government?

When you're at trial, you claim the search warrant is invalid because the judge lacked jurisdiction, and try to get all the evidence obtained through that warrant thrown out.

It has NOTHING to do with motive - if the warrant is improperly obtained it doesn't matter what the motive of the government was.

See e.g. http://www.socalcriminallawyer.com/challenging-the-validity-...

If the US is able hack other countries computers, then they shouldn't complain when their computers get jacked, which then calls into question why this law is needed.

In all seriousness, not a stretch to believe a war might start due to somethings like this.

Re: 2, the FBI already has the authority to engage in world-wide hacking from Congress. Rule 41 applies to warrants, which are Constitutionally unnecessary for foreign targets.

What a great headline to attach to an action signed by the Chief Justice of the Supreme Court and sent to the leaders of both houses of Congress.

Recent discussion of the rule change:


A smaller one:


We've taken the distracting "little-known committee" bit out of the title.

Normally we'd treat this thread as a dupe of the first one you linked to, but this seems to be one of those stories the community wants to discuss thoroughly, and this thread is pretty good, so we'll leave it up.

The rules mention that the police must notify the owners of the computers or information, so police wouldn't be secretly hacking into your computers without telling you. That actually would be pretty bad.

The malware one seems entirely reasonable to me. If you have malware, chances are you're aiding criminals by providing them with hardware to commit their crimes with. Why shouldn't a judge issue a search warrant or have your computer seized? The computer is literally part of the crime scene. If you don't like it, don't install malware.

The first one I'm not really sure where it would be used. Is it just, say, "police are allowed to use TOR vulnerabilities to gain access to the servers serving .onion links in the course of their investigation"?

I guess their point is that the changes should've been initiated by Congress, since it's more than procedural. I can buy that, even if the changes themselves seem innocent enough.

Every US politician will side on the side of security. If they don't and some awful terrorist plot happens on US soil under their watch, their political career is over. If the argument is between fear and an abstract notion of freedom, fear will always win out.

The only way it changes is if the US does away with career politicians, or fear of the government becomes > fear of terrorists.

That;s fine, they can hack into our computers. Its not like they would plant something on your computer..

Truly the poison tree and its fruit are both dead.

Official version: "grant new hacking powers"

Reality: "Make legal what has been going on illegally for years"

Ok, land of the free.

December, huh? This being an election year we all know this won't happen.

The Judicial Conference of the United States is neither a "little-known committee" or in any way secretive or shady, unless one is totally ignorant of how the judicial system works. The EFF certainly is not.

The conference is composed of: "the Chief Justice of the United States, the chief judge of each court of appeals federal regional circuit, a district court judge from various federal judicial districts, and the chief judge of the United States Court of International Trade." [0]

You can disagree with their decisions, but don't try and imply that they are duplicitous. I expect better of the EFF.

[0] https://en.wikipedia.org/wiki/Judicial_Conference_of_the_Uni...

I consider myself well read and politically savvy but I had never heard of this body. When was the last time they made news outside of maybe the narrow interests of federal trial lawyers?

Java isn't something a guy on the street would recognize, but if you were writing to a lay audience, would you describe the Oracle v. Google as involving a "little known programming language?

That wouldn't be good journalism. It would give the reader an inaccurate depiction of what the lawsuit is really about. It would be good lawyering, depending on which side you are on. A classic lawyering tactic is to use the most favorable (to your side) characterization of something you can justify.

> It would give the reader an inaccurate depiction of what the lawsuit is really about

Yeah. Part of the EFF's job is educating us. When they add such slant they lose credibility in my book. They're still great at keeping tabs on government actions that impact tech.

EFF is an advocacy organization. They're like Sierra Club or PETA.[1] They're not in the business of neutral analysis; they're in the business of pursuasion. Their job is not to provide the most reasonable take; it's to give up no ground to their opponents.

[1] Both of which are organizations I hold in high esteem, so that's not a negative comparison.

> Their job is not to provide the most reasonable take; it's to give up no ground to their opponents.

That sounds like a lawyer's perspective. You could say that about anyone working towards any particular goal. Please pardon my disagreement.

One of the EFF's jobs is to educate technologists. When they use slanted language, they lose some readers/"students".

The EFF has many roles, including educating and lobbying the government. Totally fine if you want to call it advocacy too. I often find myself digging for extra facts after reading their slanted positions. I wish they'd do full reporting of both sides more often. C'est la vie.

> Java isn't something a guy on the street would recognize but if you were writing to a lay audience, would you describe the Oracle v. Google as involving a "little known programming language?

If it barely entered the public consciousness, sure.

In the case of Java though, I think it's actually more recognizable than this committee, which personally I'd never heard of. Between the Oracle vs. Google lawsuit, the browser plugin vulnerabilities, and Java just being such a popular computer language... I'd assume a lot of laypeople have heard of it. Though many might not realize JavaScript is a different language.

I could cite you 20 instances where Java made news beyond the narrow interst of programmers.

Anybody who's heard of lots of programming languages has heard of Java. I've heard of lots of committees, but not this one.

> I consider myself well read and politically savvy

> I had never heard of this body

I think you may want to reconsider your self-image.

My point is that the EFF (and whoever was drafting this press release) certainly knows what the Judicial Conference is, and are (is) willfully misrepresenting them through careful word choice.

The only misrepresentation going on is this nonsense that a headline's language should be based on the knowledge of the author instead of the intended audience.

Little known implies that if you ask 100 randomly selected people if they know if it exists, what it is and what it does, a small number, say less than 10 or so (little) will know.

Did you take your educated guess at that fraction?

Most concepts posted about on HN, and for that matter, discussed by the EFF, are "little-known." The inclusion of that description in the headline is obviously intended to make the reader believe that the committee is up to no good in secret, not that most people simply don't know of it.

Why are you pretending that the EFF is writing headlines for HN? We are not the (only) intended audience.

I find it very unlikely that you don't understand this.

Oh well -- the EFF knows that if they write for themselves, there'll be lower-brow comment-threads full of 'lol wtf bbq' and no one will take them seriously because they won't understand. Write accessibly, and well-read nitpickers of a HN-like brow alignment will pick apart their clickbait headlines. Damned if you do, damned if you don't.

Agreed. Many things in news are little known. That's often what makes it news.

I don't think that's what it means in this context.

I bet if you ask 100 random people, not 10 would know what Stripe is. Not 10 would know what Angular is. But would you ever describe either of those as "little known"?

I think in this situation it implies that even if you're in the domain you aren't aware... and on this it's not really the case right?

and the top of this thread is now a stupid meaningless argument about a word in the title instead of talking about the issue. Well done. Can you guys take that rubbish to reddit or voat or somewhere crappy? I like reading HN, please don't make it a waste of my time.

and since I'm here now I'll throw out my opinion on the meat of the story.

I use Tor a lot and am not based in the US and am nor american. If America gives itself the legal ability to hack anyone, anywhere regardless of what they are doing then all american networks/nodes/people are open to hacking and posting publicly. That includes all private people, public people, everything from correspondence to baby monitor cameras. It calls for an open season against those countries whereby we air every single persons dirty laundry in as public a way as possible.

It is similar to europeans like UK, where certain people there think they can hack all people everywhere, legally, with complete immunity.

Excuse my parlance but fuck everything about that. That is a system balanced way too far in one direction.

but hey, that guy said 'little-known' about the Judicial Conference of the United States. That's what is important to americans...

Posted without Tor because I still live in a free country and am not afraid of speak up.

If the EFF was able to write posts that weren't full of gross hyperbole and flat out untruths then every comment thread about an EFF statement wouldn't require discussion about how the EFF is misleading people.

They know perfectly well what they are doing. They know it leads to people talking about the stuff they exaggerated rather than the actual issue. They know that it turns away reasonable people. They are gambling that they can whip up an ignorant mob as with SOPA. The difference there was that a bunch of high profile corporations and capitalists had a financial interest in that fight and were happy to fuel the outrage machine to get their way.

What are the untruths and what is misleading people? Keep in mind that not everybody who watxhes EFF is american, I never heard of that group before and I read most of the big tech sites daily since the late 90's.

Why would the EFF want to turn away reasonable people?

Here's the rub (for me). If what you say is correct then to my mind the EFF is doing you a favor. If people don't get at least a little riled up about this then it will go through like all the other rubbish being passed around the world and you will be left with the consequences.

The arrogance is absolutely astounding, on a level with 16th century britain. To think that you can do what you want, to whomever you want, wherever you want in a completely legal manner is disgustingly arrogant and will lead to the same problems as it always has throughout western history.

We have been here before. Technology changes but people (unfortunately) do not. The people pushing this kind of legislation will suffer the least, ordinary americans will take the brunt for them. That is your choice - is this move representative of you and if not - will you do anything to stop it?

edit: excuse my ignorance but this si actually about warrants through proper court mechanisms? I'm okay with proper warrant procedures through proper (ie. not FISA) court systems. I don't hold US courts highly compared to others but every country needs proper procedured.

I agree with most of the goals of the EFF, but their blog is basically one misleading description after another for these things. A comment like yours ends up being the top comment for any links to the blog.

Someone might comment that the gov't does the same thing, but that's no excuse for such intellectual dishonesty.

Agreed, as much as I support the ideals of the EFF, this kind of misleading scare tactic really rubs me the wrong way. It feels like they're compromising the moral high ground in order to elicit a larger response--which I understand might be the straightest path to accomplishing their goals, but it feels dirty.

> The Judicial Conference of the United States is neither a "little-known committee" or in any way secretive or shady, unless one is totally ignorant of how the judicial system works.

The Judicial Conference is currently the subject of a lawsuit for being secretive, shady and duplicitous. (A serious lawsuit on a serious issue, with a serious chance of success.) So I think this statement is a bit subjective.

Sorry, I missed where the meeting notes where posted online.

Or maybe it's that you mean secrets, when legally kept, are not secrets.

Please explain.

Honestly, sounds like you might have a conflict of interest in the matter, or haven't done your research. Only 36 percent of Americans can actually name the three branches of government the Constitution created.

That lack of interest is what makes the EFF framing so ridiculous. There's nothing mysterious about the committee, it's just an implementation detail of the justice system. Calling it little known implies that people who don't even know what to call the judicial branch should for some reason know about the committee.

Ok, ok. Let's get honest here.

Bloggers exaggerate. And commenters like to point that out. Sometimes I hear that commenters even like to overreact to things.

Got it.

Now, I've been following this issue. I did not know about this committee. I daresay I could pull 100 hackers from a room and most of them wouldn't know of it either.

So for purposes of "legal people", yes, you are correct. What a overstatement! But that's not the audience here, and the headline works -- and it is not an exaggeration.

If you're a lawyer, this committee is probably common knowledge.

I'd bet 99 out of 100 non-lawyers wouldn't have a clue about this group of people.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact