Welcome, Guest. Please login or register.
March 28, 2024, 07:24:52 PM

Login with username, password and session length

Search:     Advanced search
we're back, baby
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  General Discussion  |  Serious Business  |  Topic: Court rules computers aren't Private if connected to internet. 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Court rules computers aren't Private if connected to internet.  (Read 8400 times)
Merusk
Terracotta Army
Posts: 27449

Badge Whore


on: July 01, 2016, 09:17:22 AM

Federal judge for the Eastern District of Virginia says you have no expectation of privacy if your computer is hooked into the internet.

Yet another fantastic ruling by a technology-illiterate or, more accurately, a judge who favors too-broad police powers in the hands of the government. The case favored the FBI and while I'm not advocating for the child porn guy to get off, the courts statement is dangerous, stupid, and destined to cause havoc for the entire industry unless overturned.

Quote
Other courts have found the opposite. The Ninth Circuit, for example, held in 2007 that just connecting a computer to the network does not undermine a user's "subjective expectation of privacy and an objectively reasonable expectation of privacy in his personal computer."
Yet there has been a dramatic shift in the public's reasonable expectation of privacy because people do expect to be able to defend their computers against attack, Judge Morgan argued.
"[H]acking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public's reasonable expectations of privacy," the judge wrote. "Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
The judge argued that the FBI did not even need the original warrant to use the NIT against visitors to PlayPen.

No need for the warrant? Wtf?!

As the first comment says, my door attaches to the outside world and a reasonably strong person could break it in easily. This does not negate my right to or expectation of privacy within my home.

http://www.eweek.com/security/home-computers-connected-to-the-internet-arent-private-court-rules.html

The past cannot be changed. The future is yet within your power.
schild
Administrator
Posts: 60345


WWW
Reply #1 on: July 01, 2016, 09:31:57 AM

This isn't going to get upheld. It's the exact same as saying "you don't need a warrant for wiretaps because your phone is connected to the ... phone web?" The internet is considered a utility now, everything is connected to the fucking internet.

Judge is retard. Take him out back and string him up.

Edit: I am perfectly aware of the irony in needing a warrant for a wiretap, since those are literally the easiest fucking thing to get ever. We gotta get rid of the Homeland Security Act, asap.
« Last Edit: July 01, 2016, 09:33:52 AM by schild »
HaemishM
Staff Emeritus
Posts: 42628

the Confederate flag underneath the stone in my class ring


WWW
Reply #2 on: July 01, 2016, 10:04:35 AM

... the fuck? I connect my computer to a network so EVERYBODY COME IN AND LOOK AT MY SHIT? Seriously? That may actually be the dumbest fucking thing I've ever heard someone in authority say about tech. That is LITERALLY victim-blaming someone if they get hacked. It also means that identity theft is now not a fucking crime because hey, I used my credit card in a public place, so how could I expect someone else wouldn't also use that card for purchases I didn't authorize?

I mean... the fuck?

Teleku
Terracotta Army
Posts: 10510

https://i.imgur.com/mcj5kz7.png


Reply #3 on: July 01, 2016, 10:32:14 AM

To be fair, after all I've now been through in my job, his words are right.  You should assume that several world governments, and a whole lot of criminal organizations or bored teenagers are looking through everything on your PC the second you plug it in.  Because they are and there is pretty much nothing you can do to stop it (short of investing a couple hundred thousand dollars into your own secure/shielded internet room).

"My great-grandfather did not travel across four thousand miles of the Atlantic Ocean to see this nation overrun by immigrants.  He did it because he killed a man back in Ireland. That's the rumor."
-Stephen Colbert
Engels
Terracotta Army
Posts: 9029

inflicts shingles.


Reply #4 on: July 01, 2016, 10:34:25 AM

Paging Abagadro.

I should get back to nature, too.  You know, like going to a shop for groceries instead of the computer.  Maybe a condo in the woods that doesn't even have a health club or restaurant attached.  Buy a car with only two cup holders or something. -Signe

I LIKE being bounced around by Tonkors. - Lantyssa

Babies shooting themselves in the head is the state bird of West Virginia. - schild
Yegolev
Moderator
Posts: 24440

2/10 WOULD NOT INGEST


WWW
Reply #5 on: July 01, 2016, 10:45:30 AM

My computers have never been breached due to security penetration so I'm going to say "no".  Although he at least phrases it vaguely: "it appears to be a virtual certainty".  Unless he is using "virtual" the way some people use "literally".

Why am I homeless?  Why do all you motherfuckers need homes is the real question.
They called it The Prayer, its answer was law
Mommy come back 'cause the water's all gone
Nebu
Terracotta Army
Posts: 17613


Reply #6 on: July 01, 2016, 11:07:37 AM

Paging Abagadro.

If he's smart, he'll run for his life.

"Always do what is right. It will gratify half of mankind and astound the other."

-  Mark Twain
HaemishM
Staff Emeritus
Posts: 42628

the Confederate flag underneath the stone in my class ring


WWW
Reply #7 on: July 01, 2016, 11:47:24 AM

To be fair, after all I've now been through in my job, his words are right.  You should assume that several world governments, and a whole lot of criminal organizations or bored teenagers are looking through everything on your PC the second you plug it in.  Because they are and there is pretty much nothing you can do to stop it (short of investing a couple hundred thousand dollars into your own secure/shielded internet room).

Just because it may be possible and relatively easy these days does not mean it should be enshrined as a goddamn legal precedent to allow governments free reign to all your fucking files without even the necessity for the most basic, rubber-goddamn-stamped procedure for the collection of fucking evidence.

This is "the Internet is a series of tubes" level of idiotic, willful ignorance.

Sky
Terracotta Army
Posts: 32117

I love my TV an' hug my TV an' call it 'George'.


Reply #8 on: July 01, 2016, 12:08:10 PM

I knew one day they'd find that car I downloaded.
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #9 on: July 01, 2016, 12:16:58 PM


"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #10 on: July 01, 2016, 12:39:21 PM

Well, it's a good idea not to trust media's encapsulation of legal stuff in general as they usually mess it up.

You can read the decision here: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf

Relevant stuff begins at p.42 (I'd advise skipping the factual stuff about the site the FBI took over unless you want to throw up).

The crux of it is that you can't expect your IP address to be private when you access a website, even if you try to hide it. Also, the type of info they gathered using the system they deployed was just location, which they got from the IP.  To actually get at the information on the computer, they went and got a specific warrant to do that.

"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Teleku
Terracotta Army
Posts: 10510

https://i.imgur.com/mcj5kz7.png


Reply #11 on: July 01, 2016, 01:09:48 PM

To be fair, after all I've now been through in my job, his words are right.  You should assume that several world governments, and a whole lot of criminal organizations or bored teenagers are looking through everything on your PC the second you plug it in.  Because they are and there is pretty much nothing you can do to stop it (short of investing a couple hundred thousand dollars into your own secure/shielded internet room).

Just because it may be possible and relatively easy these days does not mean it should be enshrined as a goddamn legal precedent to allow governments free reign to all your fucking files without even the necessity for the most basic, rubber-goddamn-stamped procedure for the collection of fucking evidence.

This is "the Internet is a series of tubes" level of idiotic, willful ignorance.
Oh, I'm not advocating for that being an excuse for the government to legally hack your shit without repercussion.  I'm just saying, everybody is already hacking your shit and digging through your email regardless, and you should assume so.   awesome, for real

"My great-grandfather did not travel across four thousand miles of the Atlantic Ocean to see this nation overrun by immigrants.  He did it because he killed a man back in Ireland. That's the rumor."
-Stephen Colbert
Goumindong
Terracotta Army
Posts: 4297


Reply #12 on: July 01, 2016, 01:18:50 PM

Well, it's a good idea not to trust media's encapsulation of legal stuff in general as they usually mess it up.

You can read the decision here: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf

Relevant stuff begins at p.42 (I'd advise skipping the factual stuff about the site the FBI took over unless you want to throw up).

The crux of it is that you can't expect your IP address to be private when you access a website, even if you try to hide it. Also, the type of info they gathered using the system they deployed was just location, which they got from the IP.  To actually get at the information on the computer, they went and got a specific warrant to do that.

In the next section it actually goes beyond IP address and into the stated complaints. Unfortunately the brief doesn't explain what the other pieces of information that were taken were so its hard to say whether or not its reasonable like the IP address collection is(without reading the stuff in the first 42 pages). I am not sure why the judge felt the need to say that there wasn't an expectation of privacy near at all, due to hackers, when he goes on to say the warrant is valid because no misleading went on(which makes sense to me. The warrant appears to be to search computers which accessed the site by deploying the NIT, which would imply all the stuff the NIT collected, on probable cause of "you got it by going here")
« Last Edit: July 01, 2016, 01:22:11 PM by Goumindong »
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #13 on: July 01, 2016, 01:24:10 PM

It details them earlier in the opinion (p. 6-7). The Court states that info (which is mostly just identifier info and whether the NIT is already on there) is derivative of the location information with the secondary warrant needed to actually get to the files on the computer.

Fundamentally this ruling says your identity (and actions taken thereunder) are not private when you are using that identity to do stuff out in the internet, which is a bit different than the headline.
« Last Edit: July 01, 2016, 01:26:44 PM by Abagadro »

"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Goumindong
Terracotta Army
Posts: 4297


Reply #14 on: July 01, 2016, 01:28:05 PM

It details them earlier in the opinion (p. 6-7). The Court states that info (which is mostly just identifier info and whether the NIT is already on there) is derivative of the location information with the secondary warrant needed to actually get to the files on the computer.

Fundamentally this ruling says your identity (and actions taken thereunder) are not private when you are using that identity to do stuff out in the internet, which is a bit different than the headline.

Which is very common for these types of complaints

Ed: I mean that the govt isnt actually doing the terrible thing that the headline or article claims
HaemishM
Staff Emeritus
Posts: 42628

the Confederate flag underneath the stone in my class ring


WWW
Reply #15 on: July 01, 2016, 01:42:46 PM

Fundamentally this ruling says your identity (and actions taken thereunder) are not private when you are using that identity to do stuff out in the internet, which is a bit different than the headline.

Yeah, that and the IP identifier is a goddamn ocean's worth of difference reality and that headline. The IP thing is absolutely true. So the idiots appear to the reporters moreso than the judge.

Torinak
Terracotta Army
Posts: 847


Reply #16 on: July 01, 2016, 03:39:58 PM

To be fair, after all I've now been through in my job, his words are right.  You should assume that several world governments, and a whole lot of criminal organizations or bored teenagers are looking through everything on your PC the second you plug it in.  Because they are and there is pretty much nothing you can do to stop it (short of investing a couple hundred thousand dollars into your own secure/shielded internet room).

This sounds a lot like the argument that murders happen even though they're illegal, so we shouldn't bother trying to stop them. Or that mail gets stolen so you should expect that every letter in your mailbox has already been read and can be used against you.
Torinak
Terracotta Army
Posts: 847


Reply #17 on: July 01, 2016, 03:49:53 PM

Well, it's a good idea not to trust media's encapsulation of legal stuff in general as they usually mess it up.

You can read the decision here: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf

Relevant stuff begins at p.42 (I'd advise skipping the factual stuff about the site the FBI took over unless you want to throw up).

The crux of it is that you can't expect your IP address to be private when you access a website, even if you try to hide it. Also, the type of info they gathered using the system they deployed was just location, which they got from the IP.  To actually get at the information on the computer, they went and got a specific warrant to do that.

The list at the top of page 7 states that they gathered a lot more than IP address--they also grabbed operating system, hostname, username, MAC address, and a "unique identifier" that the FBI's malware generated in an unspecified way. The list does not state that it's comprehensive. Based on what I've seen from people posting Minecraft crash reports, a heck of a lot of people have their actual name as their username and/or computer name.

And don't get me started on how unreliable it is to get location from an IP address...unless you can join IP address with other information obtained from an ISP or from the computer. Based on state-of-the-art IP geolocation databases, the computer on my desk moves around within a 10+ mile radius in a major metropolitan area.
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #18 on: July 01, 2016, 04:02:30 PM

They used the IP along with the other info and went to the ISP to lock down who they were dealing with apparently. I'm not a computer guy, so didn't/don't understand a lot of the mechanics of it.


"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Torinak
Terracotta Army
Posts: 847


Reply #19 on: July 01, 2016, 05:15:04 PM

They used the IP along with the other info and went to the ISP to lock down who they were dealing with apparently. I'm not a computer guy, so didn't/don't understand a lot of the mechanics of it.



The ISP has to be able to determine that a given computer is authorized to use their services. The ISP's privileged position in the network lets them gather a whole ton of information that may not be available to sites to which the user connects. When a computer connects to a website, the website knows the IP address used when making the connection--it has to, so it knows where to send back the response to the request. However, the IP address the website sees is not necessarily the "real" IP address of the computer. When using "anonymizing" software, typically the website only gets an IP address for some "anonymous" proxy of some kind--instead of going from your computer directly to the website, the connection goes from your computer to somewhere else and then from the somewhere else to the website. The website only gets the "somewhere else" IP address, and in theory that information is not really useful to identify a user.

As I understand it, what the FBI did was to distribute malware from their site so that they could gather the "real" IP address of the computer, even though their site did not get that information due to the defendant's attempted use of "anonymizing" software. When they have the "real" IP address in hand, they could subpoena the ISP that owns that IP address to determine the user's identity. The judge's ruling is, as I understand it, is that the FBI was justified in distributing malware to obtain the "real" IP address because there's a lot of other malware out there that could also in theory disclose one's "real" IP address, therefore one's "real" IP address can't be considered private information.

"Anonymizing" is in quotes because in practice modern browsers and HTML5 contain enough cruftadvanced functionality that it's quite easy to de-anonymize what would otherwise be an anonymous connection. Lots of ads already abuse this functionality to bypass ad blockers, for example. Similar techniques were used to take down the Silk Road.

Exploiting vulnerabilities in "anonymizing" software in order to obtain a user's local IP address is something they've done before and is dangerous for all Internet users--they're not the only people who can and do exploit vulnerabilities. Actively deploying malware on a user's computer in order to do that information is much worse--it's active and aggressive tampering with private property to circumvent the fourth amendment, much like if they'd replaced your mailbox with a guy who opens all of your mail, reads it aloud to them, and then hands it to you.
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #20 on: July 01, 2016, 08:00:29 PM

That's a bad analogy.  More like you went out to rob a bank with a mask on. This particular bank has a technology that, unbeknownst to you (but you probably should know about it because it is fairly known that this sort of thing exists), replaces your mask with a clear plastic bag.  The cameras then take your photo and the cops get a search warrant to look for the money in your house.

"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Khaldun
Terracotta Army
Posts: 15157


Reply #21 on: July 02, 2016, 05:07:37 AM

Right--and the court is arguing in this opinion that you have no right to insist that your mask not be replaced with a clear plastic bag because "privacy".
Goumindong
Terracotta Army
Posts: 4297


Reply #22 on: July 02, 2016, 10:50:30 AM

Right--and the court is arguing in this opinion that you have no right to insist that your mask not be replaced with a clear plastic bag because "privacy".


I think a better analogy would be a tracker in the money. Anyone who robs a bank should know that they have to by physically present to demand and pick up the bills. Such the police or agent of the police can follow such a suspect so that they can unmask them later. A tracker is simply a tech that lets the police follow easily and so can't really be an invasion in and of itself.
KallDrexx
Terracotta Army
Posts: 3510


Reply #23 on: July 02, 2016, 01:34:59 PM

The list at the top of page 7 states that they gathered a lot more than IP address--they also grabbed operating system, hostname, username, MAC address, and a "unique identifier" that the FBI's malware generated in an unspecified way. The list does not state that it's comprehensive. Based on what I've seen from people posting Minecraft crash reports, a heck of a lot of people have their actual name as their username and/or computer name.

I'm pretty sure that once you have a computer's IP and a network route to that computer, that stuff is trivial to determine without having internal access to the machine.  All it takes is pinging selective services and analyzing their responses to determine that information (and the unique identifier would be derived from those responses).

So as long as they didn't do any real hacking to get past their router (probably something in TOR) then I don't see the issue.  If your computer isn't locked down and is leaking information that sucks (because it's hard to do) but at the end of the day it's still analogous to me knocking on your walls with my hand to figure out what it's made out of. 
Torinak
Terracotta Army
Posts: 847


Reply #24 on: July 02, 2016, 03:25:08 PM

That's a bad analogy.  More like you went out to rob a bank with a mask on. This particular bank has a technology that, unbeknownst to you (but you probably should know about it because it is fairly known that this sort of thing exists), replaces your mask with a clear plastic bag.  The cameras then take your photo and the cops get a search warrant to look for the money in your house.

Infecting systems with malware is illegal, so that analogy only works if the mask-replacement technology is also illegal.
Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #25 on: July 02, 2016, 03:47:44 PM

That's like arguing that the feds can't wiretap someone because "wiretapping is illegal."  Ya, if you do it. If the government gets a warrant to do it, it's not illegal.

"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Torinak
Terracotta Army
Posts: 847


Reply #26 on: July 02, 2016, 03:54:17 PM

The list at the top of page 7 states that they gathered a lot more than IP address--they also grabbed operating system, hostname, username, MAC address, and a "unique identifier" that the FBI's malware generated in an unspecified way. The list does not state that it's comprehensive. Based on what I've seen from people posting Minecraft crash reports, a heck of a lot of people have their actual name as their username and/or computer name.

I'm pretty sure that once you have a computer's IP and a network route to that computer, that stuff is trivial to determine without having internal access to the machine.  All it takes is pinging selective services and analyzing their responses to determine that information (and the unique identifier would be derived from those responses).

So as long as they didn't do any real hacking to get past their router (probably something in TOR) then I don't see the issue.  If your computer isn't locked down and is leaking information that sucks (because it's hard to do) but at the end of the day it's still analogous to me knocking on your walls with my hand to figure out what it's made out of. 

As I understand it, they didn't have the computer's local IP address. They decided to infect the systems with malware in order to get it.

You can't get the username of a computer's user with just its local IP address, and on many systems the hostname isn't broadcast (or is only sent to non-routable IP addresses on one's LAN, for some kinds of Windows services). OS has to be inferred based on what service(s) are exposed, and that can be faked. I don't think MAC is supposed to be exposed to other systems outside a subnet, and the MAC returned may not match the actual MAC address even if the system isn't configured to not expose it. The malware presumably extracted the hardware-level information directly from the infected system.

Oh, and it's probably illegal to probe a system in the way you described. I'd not recommend trying any of those types of connections to an FBI-owned computer!

A better analogy: Suppose I'd like to know what color you painted your bedroom. Maybe I could just peep through your curtains if you didn't close them enough, or look through your trash for any old paint cans or tarps (peeping through "improperly secured" curtains isn't an illegal search according to Justice Breyer, and sorting through trash doesn't require a warrant). But instead, I decide to drill a hole through your wall to get a sample.
Torinak
Terracotta Army
Posts: 847


Reply #27 on: July 02, 2016, 04:10:47 PM

That's like arguing that the feds can't wiretap someone because "wiretapping is illegal."  Ya, if you do it. If the government gets a warrant to do it, it's not illegal.


It's more like arguing that after deploying a wiretap without a warrant, they didn't actually need a warrant because the information they obtained from their warrantless wiretap didn't have an expectation of privacy around it.

I understand and agree that there are actions which are normally illegal that can be performed legally by the government, as long as there's appropriate oversight and process. The judge's argument is that they didn't need a warrant to deploy the malware because there's no expectation of privacy for the information they obtained (specifically, local IP address).

I admit that I'm definitely not a lawyer. If I'm totally missing the issues which have the EFF so riled up, and that motivated them to file their amicus brief, I'd appreciate clarification.
Trippy
Administrator
Posts: 23612


Reply #28 on: July 02, 2016, 04:11:59 PM

As Abagadro implied the FBI can not be accused of doing anything illegal if they were authorized by a judge to deploy the malware (aka "network investigative technique" or "NIT").


Abagadro
Terracotta Army
Posts: 12227

Possibly the only user with more posts in the Den than PC/Console Gaming.


Reply #29 on: July 02, 2016, 04:28:12 PM

Well, what I quibbled with is the notion that illegality is the determining factor. The government can actually do a lot of things that are considered criminal if Joe Person does it.

In this case, the Court did in fact go further and stated that a warrant wasn't necessary because there was no reasonable expectation of privacy in your IP address even after it upheld the warrant. That seems unnecessary and would likely be considered dicta that doesn't set precedent. Also, this is just a district court case so doesn't hold a lot of weight from a precedential point of view anywyas.   I can see why the EFF is worked up about it because of that fact, but it still doesn't justify the implication that just because your computer is hooked up to the internet the government can just access whats on it. That is a wild over-interpretation of the decision.

"As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

-H.L. Mencken
Engels
Terracotta Army
Posts: 9029

inflicts shingles.


Reply #30 on: July 02, 2016, 04:44:11 PM

Thank you Aba I knew you would come through. You may now resume running away screaming.

I should get back to nature, too.  You know, like going to a shop for groceries instead of the computer.  Maybe a condo in the woods that doesn't even have a health club or restaurant attached.  Buy a car with only two cup holders or something. -Signe

I LIKE being bounced around by Tonkors. - Lantyssa

Babies shooting themselves in the head is the state bird of West Virginia. - schild
Zetor
Terracotta Army
Posts: 3269


WWW
Reply #31 on: July 02, 2016, 10:28:31 PM

It's my understanding that governments have been purchasing and exploiting zero-day vulnerabilities (the latter of which is definitely illegal when done by mere mortals) for purposes of spying / intelligence for quite some time now... look up VUPEN (now Zerodium). I'm not sure where that falls on the white-blackhat scale, but the RGB values are probably not very high.  awesome, for real
« Last Edit: July 02, 2016, 10:31:27 PM by Zetor »

Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  General Discussion  |  Serious Business  |  Topic: Court rules computers aren't Private if connected to internet.  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC