Police want backdoor to Web users' private data

Discussion in 'The Okie Corral' started by Glock Man_G19, Feb 4, 2010.

  1. Glock Man_G19

    Glock Man_G19

    Messages:
    765
    Likes Received:
    0
    Joined:
    Jul 12, 2007
    Location:
    VA
    http://news.cnet.com/8301-13578_3-10446503-38.html

    Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

    But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

    CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network." (See one excerpt and another.)

    urvey, according to two people with knowledge of the situation, is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Other components include renewed calls for laws requiring Internet companies to store data about their users for up to five years and increased pressure on companies to respond to police inquiries in hours instead of days.

    But the most controversial element is probably the private Web interface, which raises novel security and privacy concerns, especially in the wake of a recent inspector general's report (PDF) from the Justice Department. The 289-page report detailed how the FBI obtained Americans' telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.

    Some companies already have police-only Web interfaces. Sprint Nextel operates what it calls the L-Site, also known as the "legal compliance secure Web portal." The company even has offered a course that "will teach you how to create and track legal demands through L-site. Learn to navigate and securely download requested records." Cox Communications makes its price list for complying with police requests public; a 30-day wiretap is $3,500.

    The police survey is not exactly unbiased: its author is Frank Kardasz, who is scheduled to present it at a meeting (PDF) of the Online Safety and Technology Working Group, organized by the U.S. Department of Commerce. Kardasz, a sergeant in the Phoenix police department and a project director of Arizona's Internet Crimes Against Children task force, said in an e-mail exchange on Tuesday that he is still revising the document and was unable to discuss it.

    In an incendiary October 2009 essay, however, Kardasz wrote that Internet service providers that do not keep records long enough "are the unwitting facilitators of Internet crimes against children" and called for new laws to "mandate data preservation and reporting." He predicts that those companies will begin to face civil lawsuits because of their "lethargic investigative process."

    "It sounds very dangerous," says Lee Tien, an attorney with the Electronic Frontier Foundation, referring to the police-only Web interface. "Let's assume you set this sort of thing up. What does that mean in terms of what the law enforcement officer be able to do? Would they be able to fish through transactional information for anyone? I don't understand how you create a system like this without it."

    What police see in ISPs
    Kardasz's survey, based on questionnaires completed by 100 police investigators, says that 61 percent of them had their investigations harmed "because data was not retained" and only 40 percent were satisfied with the timeliness of responses from Internet providers.

    It also says: "89 percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data."

    Some of the responses to other questions: "AT&T is very prompt." "Cox Communications seems to be the worst." "Places like Yahoo can take a month for basic subscriber info which is also a problem." "AT&T Mobility does not keep a log at all." "MySpace give (sic) me the quickest response and they have been very pro-police."

    Hemanshu (Hemu) Nigam, MySpace's chief security officer, said in an interview with CNET on Tuesday that: "You can be very supportive of law enforcement investigations and at the same time be very cognizant and supportive of the privacy rights of our users. Every time a legal process comes in, whether it's a subpoena or a search order, we do a legal review to make sure it's appropriate."

    Nigam said that MySpace accepts law enforcement requests through e-mail, fax, and postal mail, and that it has a 24-hour operations center that tries to respond to requests soon after they've been reviewed to make sure state and federal laws are being followed. MySpace does not have a police-only Web interface, he said.

    Creating a national police-only network would be problematic, Nigam said. "I wish I knew the number of local police agencies in the country, or even police officers in the country," he said. "Right there that would tell you how difficult it would be to implement, even though ideally it would be a good thing."

    Another obstacle to creating a nation-wide Web interface for cops--one wag has dubbed it "DragNet," and another "Porknet"--is that some of its thousands of users could be infected by viruses and other malware. Once an infected computer is hooked up to the national network, it could leak confidential information about ongoing investigations.

    Jim Harper, a policy analyst at the free-market Cato Institute, says that he welcomes the idea of a police-only Web interface as long as it's designed carefully. "A system like this should have strong logins, should require that the request be documented fully, and should produce statistical information so there can be strong oversight," he says. "I think that's a good thing to have."
     
  2. zoyter2

    zoyter2 Yeah, so what?

    Messages:
    4,697
    Likes Received:
    9
    Joined:
    Jun 25, 2002
    Location:
    Anniston, Alabama
    Never let a cop enter your backdoor, and for gods sake, if they do, DON'T TALK.
     

  3. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    I really don't see this as a backdoor and the author should be slapped for suggesting it.

    What they are asking for is a way to request access after they have obtained the necessary legal authority to view the data, which they do now.

    Creating a system to do it more efficiently is just an evolution of the process, not a fundamental change to it. Frankly, a police only intranet linking all of the thousands of different agencies together would be a tremendous boon to solving all kinds of communication problems between agencies.

    It's also silly to point out that people are the least secure portion of data security, hell, everyone who works in the technology field (in a technical role) knows that.

    I can design an encrypted network with no outside access and 6 levels of local authentication to get to it and some "user" will leave all of the keys written on a post-it note on the keyboard of his/her laptop and then leave that in the front seat of their unlocked rental car in the middle of Compton at 2am.

    I really don't think there's anything wrong with the concepts presented in the article, except the derision the author is trying to drum up.

    ETA: I do take exception to the idea that ISPs should be forced to store data in the event a law enforcement agency may, one day, need it.
     
  4. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    This.

    Frankly, if you're doing things online that can get you in dutch with the law and you aren't smart enough to cover your tracks you deserve to be caught.

    What's that old LE saw? "We seldom catch the smart ones."
     
  5. Fixxer

    Fixxer Got ointment?

    Messages:
    3,788
    Likes Received:
    2,569
    Joined:
    Dec 10, 2004
    Location:
    Minnesota
    Gee- it seems to me that they didn't need this to catch the SEC supervisor who was watching porn 100 times every day, on the taxpayer's dime.

    He is/was a cop too, right? This was a theft, right? Why do I think that this guy won't go to jail for his crime?

    Police in general need to get over themselves- the world survived for millions of years before the police state.

    They answer an ad for a police job, and then act like this is some sort of a mandate to throw everybody's rights out the window, and the world cannot function without their supercop presence.

    The self-aggrandizing attitude displayed by some cops is irritating, to say the least.

    If a cop doesn't like his/her job for any reason (including not being able to gain unfettered access to people's private information), THEY SHOULD QUIT.

    WTH has happened to good old-fashioned police work?

    I respect the job a lot of cops do, but this is BS, now matter how you frame it.

    Flame away.
     
  6. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    What does your cute little internet Rambo rant have to do with the story that was posted? If you'd care to have civil conversation about this topic, by all means, input your thoughts.

    If you want to get all angsty and butt-hurt about police officers, in general, I suggest you go find a cop bar and scream your screed there, in person.
     
  7. CZ guy

    CZ guy

    Messages:
    179
    Likes Received:
    0
    Joined:
    Jan 18, 2010
    I get the impression you didn't read the article at all.

    Expediency and efficiency make all the difference in the world. If an authority can simply log into a website, and start searching across multiple ISPs via backdoors (and that's exactly what it is..) through the ISPs email systems, that's a serious breech of privacy.

    Where is the "due process" in that, exactly? Just want to ignore the 14th Amendment, falling prey to the "think of the children" battle cry?

    It's analogous to the Bush-era National Security Letters (NSL) which the FBI abused profusely throughout the years. It became a tool of expediency to side-step due process just as this proposed access would, also.

    If anybody here thinks our authorities are somehow above abusing their ever expanding powers of surveillance, you're naive or haven't been paying attention to the UK.
     
  8. Fixxer

    Fixxer Got ointment?

    Messages:
    3,788
    Likes Received:
    2,569
    Joined:
    Dec 10, 2004
    Location:
    Minnesota
    Maybe you should petition for a law in which every human being is born into incarceration, because they might commit a crime someday. After they prove to your satisfaction they will remain law-abiding, they may be released.

    Then you won't need to have this privacy-invading 'back door' implemented.
     
  9. Fixxer

    Fixxer Got ointment?

    Messages:
    3,788
    Likes Received:
    2,569
    Joined:
    Dec 10, 2004
    Location:
    Minnesota
    Why? Would I be arrested for disagreeing?
     
  10. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    No, I read the article, can you show me where it says that once the police only intranet is implemented that due process will no longer be employed in its use? Please?
     
  11. CZ guy

    CZ guy

    Messages:
    179
    Likes Received:
    0
    Joined:
    Jan 18, 2010
    Can you tell me how due process was met once NSLs were implemented?
     
  12. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas

    Umm, again, what in the hell are you talking about? The statement you quoted has nothing, whatsoever, to do with your diatribe.

    Did you actually have any original thoughts on the actual article that was posted? Is it simply that you are content to just randomly post inflammatory statements hoping someone will sit down and fight with you about nothing?
     
  13. CZ guy

    CZ guy

    Messages:
    179
    Likes Received:
    0
    Joined:
    Jan 18, 2010
    That is one, almost insignificant part of the bigger picture. There are still logs on the ISP servers of every email sent, so you would still know who and where, but not necessarily what was said. That would certainly slow things down, but is not a "solution" so to speak.
     
  14. Fixxer

    Fixxer Got ointment?

    Messages:
    3,788
    Likes Received:
    2,569
    Joined:
    Dec 10, 2004
    Location:
    Minnesota
    You stated that I should go to a cop bar and "scream my screed", which implies one of two things- either I would be arrested, or tuned up.

    For disagreeing.

    That is but one of many reasons that I don't think that such a system should be implemented.
     
    Last edited: Feb 4, 2010
  15. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    Considering the only thing keeping congress from restricting NSLs and their far-reaching creep is the votes in the House and Senate, I'd say there just isn't enough outcry to keep the Fed from using them all willy-nilly.

    To point to the creep and (supposed) wrongful use of one type mechanism as an opposition to all other mechanisms is a bit, well, ludicrous.

    If we follow that logic no government entity should ever be allowed to function on any level since corruption and malfeasance exists, at some point, on all of them.
     
  16. CZ guy

    CZ guy

    Messages:
    179
    Likes Received:
    0
    Joined:
    Jan 18, 2010
    Google still works, last time I checked.
     
  17. HKUSP45Css

    HKUSP45Css

    Messages:
    3,969
    Likes Received:
    8
    Joined:
    Apr 4, 2007
    Location:
    Houston, by God, Texas
    Actually, you weren't disagreeing, you were making grossly general inflammatory statements about an entir occupational sector. That's not discourse.
     
  18. Fixxer

    Fixxer Got ointment?

    Messages:
    3,788
    Likes Received:
    2,569
    Joined:
    Dec 10, 2004
    Location:
    Minnesota
    No, I wrote that if any individual doesn't like their job for any reason, that they should quit.
     
  19. Sundog

    Sundog Thread Killer

    Messages:
    309
    Likes Received:
    2
    Joined:
    May 22, 2002
    Location:
    Western Gate to the Sunshine State
    Looks like all they want to do is speed up the the service of and response to subpoenas and NSLs. This will not make approval process any easier than it already is.