European Police Plan to Remote-Search Hard Drives 260
Smivs points out a blandly-worded story from the BBC with scary implications, excerpting "Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs. It will also encourage better sharing of data among European police forces to track down and prosecute criminals. Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees."
All the more reason... (Score:1, Insightful)
...to roll-your-own OS. Or use one that's been built by and for the community with all the source code visible for all to see. Proprietary binaries? You don't know what's squirrelled away in there...
Bogus statistical claims. (Score:5, Insightful)
In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".
And the other half is copyright infringement?
propaganda and hysteria works both ways (Score:2, Insightful)
you frequently here discussions on slashdot about grey hat activities: going to computers hosting worms, and shutting down the worm remotely, for example. and you hear many people here supporting that
now in europe, this is exactly what they are going to do: shut down zombies, shut down spam relays, and everyone on slashdot babbles incoherently about teh ev1l gubmint invading our computers. when such european effort sprobably sprang directly from the kind of strategizing peopl ehere on slashdot frequnetly engage in enthusiastically
its like the propaganda and hysteria over the lori drew case, which carries no precedent because it is such an extreme outlier
so:
do you care about rights and freedoms?
you do?
then react to REAL and GENUINE threats to them
if you instead spastically flail out everytime someone words an article in a propagandistic manner, you are no defender of rights and freedoms, you are merely a manipulated hysterical fool. and, in fact, someone useful for the suppression of our rights, by proving to those who wish to restrict our rights that people don't even understand what their rights are
defend your rights and freedoms
against genuine threats
not smoke and mirrors... thereby demonstrating you are a spastic twit who doesn't even know what your rights and freedoms are
This can't be right (Score:5, Insightful)
how how how? (Score:2, Insightful)
how would this work? since to access my hard drive to search it, they would need.
1. me to be on the internet at the time they want to search my drive.
2. my to give them access to my machine via a remote desktop style connection, which would involve me giving them a username and password to my machine.
or
1. me to be on the internet at some point
2. mandating that EVERYONE in the EU runs an application that indexes the entire of all the hard drives connected to a machine, and transmits the index to a central location whenever an internet connection is made.
unless they are simply on about remote searching of their own networks, and their own drives... which they can already do...
Wow! (Score:5, Insightful)
You know, it's awfully hard to not be yet again reminded of Orwell here. Constant surveillance and no privacy from the government so they can monitor everything you do.
But, of course, if your machine is behind a firewall, they'll just outlaw having firewall because it impedes their ability to investigate you for crimes. At which point if you need to be insecure enough to ensure that law enforcement can get in and do this, your machine will be hosed within the hour as the actual bad people break through as well.
This will either fall apart as un-doable, or spark some absurd laws to enforce it.
Cheers
Re:All the more reason... (Score:2, Insightful)
...to roll-your-own OS. Or use one that's been built by and for the community with all the source code visible for all to see. Proprietary binaries? You don't know what's squirrelled away in there...
You don't know what's squirreled away in the Linux kernel, or any other open-source product you didn't entirely write yourself.
It's very easy to hide something nefarious in just a few lines of C (see the obfesicated C contesr for examples). If the NSA or a group of smart enough criminals wanted to hide something in a major open-source project, they almost definately could.
Go ahead (Score:5, Insightful)
as I sit here in a cafe, my laptop connected to some unsecured AP far awqay with a biquad wifi antenna, I say go right ahead, search my hard-drive, but don't forget to bring a good map and a gonio antenna to find me in case you realize I'm not the poor guy whose house you're about to raid.
This will never work, there are way too many anonymous internet connections around for this 1984 scheme to work, and people who have something to hide usually don't leave stuff hanging around unencrypted on their hard disks.
Re:All the more reason... (Score:5, Insightful)
Even visible source code isn't entirely safe:
http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
Always a fun read.
or... (Score:3, Insightful)
or
1. search your computer through backdoor built into closed-source operating system.
Disconcerting possibility: (Score:5, Insightful)
In the short term, that means some flavor of spyware. The disconcerting bit, though, is that said spyware would look and act like normal spyware; but be part of a police investigation. Generally, interfering with those is a crime. Will removing that spyware be considered obstruction of justice? Will blocking its operations or reporting be considered obstruction of justice? "Your honor, the defendant did maliciously configure his router to drop outbound justice on port 315..." In order to be effective, spyware has to be covert and subtle, so it will be damn difficult to distinguish fedware from ordinary spyware.
Worse, of course, is the medium to long term: if "remote search" is the law of the land, it will soon enough seem like a good idea to mandate a few features from hardware and software manufacturers to make it easier. Make an antivirus program? Well, you'd better be sure that it ignores the activities of any app signed by $AUTHORITY, if you want to stay out of jail. OSes could easily do similar things with process listings, priviledge escalations and the like. Even hardware could get in on the act. In principle, you could build obedience to cryptographically signed orders into all sorts of devices. This would be bad in all the ways that DRM usually is, only worse.
Unfortunately, this sort of turn doesn't seem entirely unlikely. Digital surveillance is all the rage these days, and unlikely to get any less popular, and there are few jurisdictions that have any terribly encouraging history of resisting it. Specifically, the EU has comparatively strong privacy legislation; but it is written from the basic philosophy that privacy is having the state control other's access to the data it collects, rather than privacy being having those data never collected. The US is stronger on that score(at least in theory, and as long as drugs, kiddie porn, and terrorism aren't involved); but the state of private sector privacy is absolutely miserable and there is nothing stopping the state from simply buying surveillance from said private sector(which it indeed does, on a fairly massive scale).
Re:lol (Score:5, Insightful)
That's funny. I tend to keep my highly illegal terrorism-and-kiddie-porn related files on disconnected usb drives.
Re:Disconcerting possibility: (Score:3, Insightful)
That's why.(among other reasons)
Re:yeah (Score:5, Insightful)
Indeed...one need only look at the last eight years in the U.S. for the proof of this statement.
Oh, wait...
Re:All the more reason... (Score:4, Insightful)
Re:Bogus statistical claims. (Score:3, Insightful)
Here's a dumb but not entirely theoretical question: how do you count copyright infringement of kiddie porn images??
After all, doesn't the porn industry claim it's the most infringed of all copyrighted material??
Re:All the more reason... (Score:4, Insightful)
Oh, the irony of this is hilarious. Linux is now more cumbersome to work with than the operating system which caused Linus to write the Linux kernel in the first place. I'm sure Tanenbaum will be proud that he's come full circle. :-P
Besides, all of the stuff one layer up from the microkernel would still need to be checked for security, so I don't really think it buys you anything. The operating system is more than just the kernel.
Cheers
Free Internet Access + EULA (Score:3, Insightful)
It's real easy for them to do.
Step 1 : Hand out free or discounted internet access. This may include higher than average datarates or fiber access making it really attractive to the end user. The caviout is that you must also run a software package on the machine or the connection is revoked. Said software includes the drive scanner and identification credentials.
Step 2 : Pass regulation that makes traditional anonymous internet access prohibitivly expensive for the individual user.
Ta da! The net is no longer anonymous and big brother is watching.
Re:Can't they just solve real crimes instead? (Score:3, Insightful)
Not stealing imaginary property, smoking in a bar, drinking outside a bar, making juvenile jokes on an airplane...
Re:Bogus statistical claims. (Score:3, Insightful)
Leaving the 419 scams, eBay fraud, phishing for financial details, and violating the MySpace TOS all lost in the noise.
Another day, another step towards Big Brother (Score:1, Insightful)
"I don't believe for a minute those rules will be enforceable and I truly think as soon as they have access to these machines and their boss aint looking they're going to start rummaging like crazy."
So now, when someone gets a virus, then this EU plan means their machine is then wide open to be scanned by police and/or their *contractor companies*. The potential for contractors (and their staff) to misuse (and even sometimes sell) what they find, is vast.
Everything from Identity Theft, all the way up to Industrial Espionage, if its a company computer with a virus back door.
Also this is before we even get into the scary idea of some countries police forces, being then able to carry out automated political descent detection, of whatever documents they find on the machine. (This EU plan is a dream come true for people working in the political area of Opposition Research. They could start building vastly more detailed profiles on people they find. (Although I suspect the ISP/Phorm style data capture, would be most likey for their purpose, then they will be able to profile everyone in the country).
http://en.wikipedia.org/wiki/Opposition_research [wikipedia.org]
Also even some police, have at times, been found to be criminals. So this kind of person, would totally abuse whatever new power, they had available to them, for their own gain.
Plus even from a practical point of view, given the amount of data on people some countries leak (e.g. UK government), then this EU plan opens up even more ways to loose data.
Plus I thought police need a search warrant, to enter and search? ... looks like that idea has been thrown away as well.
Another day, another step towards Big Brother. Turn up the heat on that boiled frog. Looks like we are on course to repeat the mistakes of the past, but this time, with vastly greater state powers, to overlook anyone who dares to question state views. But then, its all done to protect us... problem is, who is there to watch and protect us, from these ever more powerful implied protectors!
Re:All the more reason... (Score:3, Insightful)
That is an arms race which doesn't end, though -- how do you know you can trust icc, either? How did you obtain it in the first place -- did you download it and compile it with your own gcc?
Suppose you downloaded a trusted binary -- alright, how do you know you aren't rootkitted, with something which checks a predefined list of compilers, and thus modifies icc again?
Granted, it becomes unlikely. It is, however, impossible to ever truly know. Your method could prove that you are compromised, but it cannot prove that you are not compromised.
Re:Summary is confused as usual (Score:3, Insightful)
I don't believe for a minute those rules will be enforceable and I truly think as soon as they have access to these machines and their boss aint looking they're going to start rummaging like crazy.
Right. Because police tracking down criminal networks are more than willing to risk their careers to sneak a peak at some random person's emails to their grandmother, pictures of their friends, and last year's Christmas wish list.
I'm not saying that nobody will ever overstep their snooping mandate, but I think we can all loosen the tinfoil hats just a bit. If your computer is one of these zombies, I'd be more concerned about the snooping that may have been done by the people who zombified it in the first place than that of the cops.
Re:Summary is confused as usual (Score:5, Insightful)
Someone in the arts or business is permitted to think 'The chances of that happening are remote, therefore it is unlikely, therefore I will ignore it. If it should arise, I'll see it and deal with it then.'
People in a technical disciple are obligated to think 'The possibility of that happening is there, therefore it is inevitable that it will happen, therefore the whole thing is wrong until I address it.'
HALF of all net crime is child porn??? (Score:4, Insightful)
From TFA: "In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography"
What? Half of all internet crime??
Hmmm. Bullshit detector's gone off the scale on this one. I think this is the work of industry lobbyists playing the child porn card to sell snakeoil to clueless, greedy politicians.
Re:Bogus statistical claims. (Score:3, Insightful)
That might actually be a viable solution... no shit, do you see these kids signing any waivers? No?? Then they're owed royalties.
Re:Summary is confused as usual (Score:5, Insightful)
Once the technology is available, it *will* be abused, and we know this, because such abuses have always happened. I don't know of a government (or a business) that had a technology available and decided not to use it because doing so would be unethical or even illegal. How many times must the same stories repeat before we learn?
An old saying puts it best: "What the government wants to do, and has the means to do, it will do -- logic, ethics, and common sense notwithstanding."