Following on from our recent victory against unlawful surveillance by the British intelligence services, Privacy International is taking the British Government to court again. Why? Because it is using ‘general warrants’ to hack the electronic devices (computers, phones, tablets, and the increasing number of things that ‘connect’ to the internet) of sweeping groups of unidentified people at home and abroad. General warrants permit the government to target wide categories of people, places or property (e.g. all mobile phones in London) without any individualised suspicion of wrongdoing.
The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, including those belonging to victims of cybercrime. The changes will take effect in December, unless Congress adopts competing legislation.
In February, a Los Angeles hospital paid a bitcoin ransom equivalent to about $17,000 to retrieve its medical records after hackers attacked its network.While the records were soon restored, the attack raises the spectre of cyber criminals causing harm to consumers if a healthcare provider is, for example, unable to find out about a patient’s drug allergies in an emergency.
The State of the Union address President Obama delivers tonight will include a slate of cyber proposals crafted to sound like timely government protections in an era beset by villainous hackers.
They would in theory help the government and private sector share hack data more effectively; increase penalties for the most troubling forms of hacking; and require better notification of people when their personal data has been stolen.
But if you cut through the spin, it turns out that the steps Obama is proposing would likely erode, rather than strengthen, information security for citizens and computer experts trying to protect them. Consider:
There’s plenty of sharing of data on cyber threats already and no reason to think that the Sony Pictures hack or any of the other major recent cyber attacks could have been averted with more. What Obama is proposing would, by contrast, give companies that have terrible security practices a pass in the form of liability protection from regulatory or civil action based on the information they disclose, while potentially allowing widespread distribution of personal data that should be private.
The increased penalties for hacking Obama is proposing could punish people who have only briefly rubbed shoulders with hackers as full-fledged members of a criminal enterprise, and criminalize “white-hat” hacking.
And Obama’s federal standards for when companies have to report that customers’ data has been stolen would actually overturn tougher standards in many states.
“There’s nothing that he would propose that would do anything to actually improve cybersecurity,” says Chris Soghoian, the principal technologist at the American Civil Liberties Union. “That’s a problem.”
Describing yourself as a “hacker” – in the sense of someone who messes around with computer code – could lead to your computer being seized without warning.
A US government contractor, Battelle Energy Alliance, has used the fear of criminal hackers to obtain a court order to seize the computer of an open-source developer, Corey Thuen, who worked for it, despite him not being present in court.
The company used an argument of copyright infringement and the reputed ability of hackers to cover their tracks online to obtain a court order against Thuen. It argued that he was likely to destroy evidence on his hard drive.
As well as being an open-source developer for Southfork Security, Thuen is a cybersecurity professional who previously worked for the FBI among other US government agencies.
The official documents specifically state that “the court finds it significant that defendants are self-described hackers”.
“This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case. The tipping point for the court comes from evidence that the defendants – in their own words – are hackers,” the court documents continue.