WingNews logo WingNews
top | item 11609085

(no title)

csoghoian | 9 years ago

1. My employer, the ACLU, filed two comments in the Rule 41 process.

The first, before public comments were even solicited, resulted in DOJ dropping one of their proposed changes to rule 41, which would have permitted the gov to piggyback from a hacked target's computer to a cloud account (such as Dropbox or Google), rather than the gov going to the cloud provider with a warrant.

While our first comment does indeed describe and quote from some alternative language proposed by Orin Kerr, I don't think it is fair to describe that as evidence of ACLU approval of hacking of users whose location cannot be determined. For example, in that comment, we note that:

[U]nder Professor Kerr’s language, the government would still be able to obtain warrants to use malware, zero-day exploits, and other techniques that raise serious constitutional and policy questions.

2. While some public interest groups and tech policy advocates are publicly (or, in some cases, privately) embracing the idea of giving law enforcement formal, regulated hacking powers, in a desperate attempt to push back against legislative pressure for crypto backdoors, I'm thankful that the ACLU has not done so. If the organization does at some point decide to come out in favor of law enforcement hacking, I strongly doubt my name will be on that document.

[I'll note, however, that one of the great perks that come with working for the ACLU is that it's perfectly OK to disagree with some of the organizations' official policy positions. I'm not forced to tow the company line publicly on issues in which I disagree.]

3. Just so all of my cards are on the table. I'm volunteering, unpaid, as an expert for the defense in several of the Playpen FBI watering hole cases. I am strongly opposed to bulk hacking, enough so to volunteer my time to helping to fight the FBI's use of this outrageous surveillance technique.

4. The FBI being able to remotely activate webcams without the light turning on is not an "unsourced anonymous claim".

From the Washington Post story, linked to in my comment above:

The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico.

discuss

order

tptacek|9 years ago

I'll ask again. Is it your belief that the claim in this article, that the FBI can defeat the LED indicator on every popular laptop camera, accurately describes reality?

csoghoian|9 years ago

I think that some webcam indicator lights are vulnerable to remote disabling. Although it is certainly possible that some are not, I and most other users have no way of knowing which lights are reliable, and which ones are vulnerable.

As such, I put a Band-Aid over my webcam.

Now if only I could figure out an equally easy way to reliably disable my laptop microphone without opening up the laptop and cutting the cable.